Show Posts
1
General Discussion / Can I use Let's Encrypt without making my GUI available publicly?
« on: September 23, 2020, 10:02:09 pm »
Hey all,
I've been looking into setting up a signed cert for my OPNsense webGUI and I see that i'll require an FQDN. I have subdomain created with google domains but I don't want to open up the webGUI to the public internet permanently.
here is the info in the lets encrypt > validation section for IP address
does this mean that when i configure my subdomain to point to my router public IP, that a firewall rule will be created temporarily and then be removed?
im confused about the NOTE as well - where do the official IP addresses need to be configured locally?
I've been looking into setting up a signed cert for my OPNsense webGUI and I see that i'll require an FQDN. I have subdomain created with google domains but I don't want to open up the webGUI to the public internet permanently.
here is the info in the lets encrypt > validation section for IP address
Code: [Select]
The FQDN's used in your certificate must currently point to one or more official IP addresses. Enter the all of these IP addresses here. OPNsense will automatically create a temporary port forward to allow the Let's Encrypt validation to succeed. This will lead to a short downtime of the service that is normally used with these IP addresses.
NOTE:This will ONLY work if the official IP addresses are LOCALLY configured on your OPNsense firewall.does this mean that when i configure my subdomain to point to my router public IP, that a firewall rule will be created temporarily and then be removed?
im confused about the NOTE as well - where do the official IP addresses need to be configured locally?