"
Hi,
I'm a little confused after setting up the ACME plugin on my opnsense firewalls and I just want to check if I am not missing something.
I run my own PKI environment with a functional ACME front end.
When I install the ACME plugin on my firewall and set up the HTTP-01 challenge, I kind of expected it to run its own temporary HTTP responder using socat like it does when running 'acme.sh --issue --standalone --server <someserver> -d <some domain>' (this works fine in the CLI). It however does not appear to do this, but instead I am required to set up the nginx plugin and have a permanent webserver running pointing to the .well-known location where it places the tokens. Now this solution works, but I really don't want to run a permanent webserver on my firewall just for a few certificate renewals every now and then.
Is this how the plugin is expected to function, or is there perhaps something broken in the ACME plugin when running an own ACME/PKI environment?
Cheers,
I'm a little confused after setting up the ACME plugin on my opnsense firewalls and I just want to check if I am not missing something.
I run my own PKI environment with a functional ACME front end.
When I install the ACME plugin on my firewall and set up the HTTP-01 challenge, I kind of expected it to run its own temporary HTTP responder using socat like it does when running 'acme.sh --issue --standalone --server <someserver> -d <some domain>' (this works fine in the CLI). It however does not appear to do this, but instead I am required to set up the nginx plugin and have a permanent webserver running pointing to the .well-known location where it places the tokens. Now this solution works, but I really don't want to run a permanent webserver on my firewall just for a few certificate renewals every now and then.
Is this how the plugin is expected to function, or is there perhaps something broken in the ACME plugin when running an own ACME/PKI environment?
Cheers,
