Messages

/usr/local/md/domains was not enough, i deleted all folders with sub.domain.tld under /usr/local/md/*, after that a new certificate was there.

Nobody with an hint for this?

Hello,

one of our certificate will not renew. It just take the "old" not valid certificate. Is it okay to hard delete the certificate from store? In GUI i can not delete it. Funny is, that all other certificates renewal are working. I already tried to recreate the complete virtual server.

Code Select Expand

<174>1 2026-02-15T16:48:16+01:00 opnsense.network.local httpd 67053 - [meta sequenceId="39454"] [ssl:info] [pid 38425:tid 56393967149056] AH01914: Configuring server sub.domain.tld:443 for SSL protocol
<174>1 2026-02-15T16:48:16+01:00 opnsense.network.local httpd 67053 - [meta sequenceId="39455"] [md:debug] [pid 38425:tid 56393967149056] mod_md.c(1136): AH10113: get_certificates called for vhost sub.domain.tld.
<174>1 2026-02-15T16:48:16+01:00 opnsense.network.local httpd 67053 - [meta sequenceId="39456"] [md:debug] [pid 38425:tid 56393967149056] mod_md.c(1230): AH10077: sub.domain.tld[state=0]: providing certificates for server sub.domain.tld
<174>1 2026-02-15T16:48:16+01:00 opnsense.network.local httpd 67053 - [meta sequenceId="39459"] [ssl:debug] [pid 38425:tid 56393967149056] ssl_util_ssl.c(451): AH02412: [sub.domain.tld:443] Cert matches for name 'sub.domain.tld' [subject: CN=sub.domain.tld / issuer: CN=R12,O=Let's Encrypt,C=US / serial: xxx / notbefore: Nov 17 14:02:36 2025 GMT / notafter: Feb 15 14:02:35 2026 GMT]
<174>1 2026-02-15T16:48:16+01:00 opnsense.network.local httpd 67053 - [meta sequenceId="39460"] [ssl:info] [pid 38425:tid 56393967149056] AH02568: Certificate and private key sub.domain.tld:443:0 configured from /usr/local/md/domains/sub.domain.tld/pubcert.pem and /usr/local/md/domains/sub.domain.tld/privkey.pem

Hello,
we use two DEC4280 as HA with CARP. I just found out, that all three checkboxes to disable hardware offload are set by default on this factory image. Do you know why?
For the Forum search the full texts:

• Disable hardware checksum offload (i) Checking this option will disable hardware checksum offloading. Checksum offloading is broken in some hardware, particularly some Realtek cards. Rarely, drivers may have problems with checksum offloading and some specific NICs.
• Disable hardware TCP segmentation offload (i) Checking this option will disable hardware TCP segmentation offloading (TSO, TSO4, TSO6). This offloading is broken in some hardware drivers, and may impact performance with some specific NICs.
• Disable hardware large receive offload (i) Checking this option will disable hardware large receive offloading (LRO). This offloading is broken in some hardware drivers, and may impact performance with some specific NICs.

Help site: https://docs.opnsense.org/manual/interfaces_settings.html

okay thank you, that would be okay.
https://github.com/opnsense/plugins/issues/4955

Hi,
we use the OPNsense Bussiness Editon with the Web Application Firewall based on Apache. Our apps need some special headers to work (because of that the setting " Header Security" is set to off).
Is it possible to manual set some headers to increase security?
Strict-Transport-Security, X-Frame-Options, Content-Security-Policy, Referrer-Policy
Thank You!