"
Let me sketch the situtation in the hope that someone has an idea or can point me in the right direction.
I have used Apache as reverse proxy with LE certificates for quite some time for several internally running websites. In an effort to make things less dependent on each other (reverse proxy was running on one of my websites) I decided to move the reverse proxy functionality to a separate machine running OPNsense. Note that OPNsense is running internally (LAN only) and provides DNS/DHCP and time services internally.
I setup HAProxy with Let's Encrypt as per this https://blog.bagro.se/lets-encrypt-with-haproxy-on-opnsense/. HAProxy is running fine and I initially configured a multi-domain certificate against te LE staging environment. Worked fine. But when I switched to the Production environment all I got was validation errors. Log shows
(obviously that is not my account number).
No matter what I changed, different account, staging to prod etc, create new certificates for the separate domains instead of a multi domain cert, I always get this error.
Should I wipe the setup and start clean (I did this already once but did not properly record all the steps) and if so, is there a place a should delete the files?
I have searched for many things, starting with opnsense - haproxy - lets encrypt - error but even if I widen the search I don't get much useful info.
Any pointers and/or suggestions are welcome, even pointing me to different solutions (preferably on OPNsense); I want a working reverse proxy with LE certs.
I have used Apache as reverse proxy with LE certificates for quite some time for several internally running websites. In an effort to make things less dependent on each other (reverse proxy was running on one of my websites) I decided to move the reverse proxy functionality to a separate machine running OPNsense. Note that OPNsense is running internally (LAN only) and provides DNS/DHCP and time services internally.
I setup HAProxy with Let's Encrypt as per this https://blog.bagro.se/lets-encrypt-with-haproxy-on-opnsense/. HAProxy is running fine and I initially configured a multi-domain certificate against te LE staging environment. Worked fine. But when I switched to the Production environment all I got was validation errors. Log shows
Code Select
detail": "KeyID header contained an invalid account URL: \"https://acme-v02.api.letsencrypt.org/acme/acct/123456789\"(obviously that is not my account number).
No matter what I changed, different account, staging to prod etc, create new certificates for the separate domains instead of a multi domain cert, I always get this error.
Should I wipe the setup and start clean (I did this already once but did not properly record all the steps) and if so, is there a place a should delete the files?
I have searched for many things, starting with opnsense - haproxy - lets encrypt - error but even if I widen the search I don't get much useful info.
Any pointers and/or suggestions are welcome, even pointing me to different solutions (preferably on OPNsense); I want a working reverse proxy with LE certs.
