Show Posts
1
20.7 Legacy Series / Let's encrypt renewal only working with manual acme IP in /etc/hosts of Firewall
« on: January 12, 2021, 09:18:55 pm »
Hi Guys,
I'm searching now for days, but obviously on the wrong places....
I was able to setup the acme let's encrypt plugin and create a new cert. But i was never able to renew the cert before i found out how to get around the errors (see acme_log_not_working.log).
If i add acme-v02.api.letsencrypt.org and its IP-adress to /etc/hosts of the firewall itself (with ssh and user root), it works !! But since /etc/hosts is automatically reset after a while, it's not a solution.
I did that now for three renewal periods, but i think it should work without.
Any idea what i'm doing wrong ?
My Setup:
OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
OpenSSL 1.1.1i 8 Dec 2020
os-acme-client (installed) 2.2
WAN interface gets it ip/dns stuff via DHCP from my provider.
LAN interface for local devices
WLAN interface for wireless devices
DMZ interface not used
I'm searching now for days, but obviously on the wrong places....
I was able to setup the acme let's encrypt plugin and create a new cert. But i was never able to renew the cert before i found out how to get around the errors (see acme_log_not_working.log).
If i add acme-v02.api.letsencrypt.org and its IP-adress to /etc/hosts of the firewall itself (with ssh and user root), it works !! But since /etc/hosts is automatically reset after a while, it's not a solution.
I did that now for three renewal periods, but i think it should work without.
Any idea what i'm doing wrong ?
My Setup:
OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
OpenSSL 1.1.1i 8 Dec 2020
os-acme-client (installed) 2.2
WAN interface gets it ip/dns stuff via DHCP from my provider.
LAN interface for local devices
WLAN interface for wireless devices
DMZ interface not used