"
Hello! Just wanted to chime in here because I also ran into this exact issue. I run a local step-ca certificate authority which issues certificates with a lifetime of 24 hours, but opnsense will not allow me to renew in that time period
I also found this related GitHub issue concerning short-lived certificates: https://github.com/opnsense/plugins/issues/4572#issuecomment-2736540768
It's closed, but it doesn't seem like the issue was resolved. It feels like an option to the acme plugin/checkbox on a certificate that allows setting a "force renew" would solve this, but i'm not aware of other issues that might cause?
increasing the lifetime is certainly a solution. Maybe I'm just being stubborn with following the "best practice" outlined by step ca, but it feels worth it to me
my acme log for reference, after trying to manually renew my certificates (in the latest version of the acme plugin, the manual buttons on the right also don't seem to work, but that's a separate issue). At the very least, it feels like manual renew should have a "force" option:
I also found this related GitHub issue concerning short-lived certificates: https://github.com/opnsense/plugins/issues/4572#issuecomment-2736540768
It's closed, but it doesn't seem like the issue was resolved. It feels like an option to the acme plugin/checkbox on a certificate that allows setting a "force renew" would solve this, but i'm not aware of other issues that might cause?
increasing the lifetime is certainly a solution. Maybe I'm just being stubborn with following the "best practice" outlined by step ca, but it feels worth it to me
my acme log for reference, after trying to manually renew my certificates (in the latest version of the acme plugin, the manual buttons on the right also don't seem to work, but that's a separate issue). At the very least, it feels like manual renew should have a "force" option:
