Topics

Hi all

This was all working but not any longer and I haven't made any changes to my config. I am using duckdns, Let's Encrypt and DNS-01 challenge

I can successfully renew the cert if I remove the alt name (so mydomain.duckdns.org renews fine).

If I add back the alt name (opnsense.mydomain.duckdns.org) then the renewal fails.

Has something changed with letsencrypt and support for alt names?

Any assistance or advice appreciated.

I know this is probably a basic concept but I am a noob - so apologies and I hope someone can help me.

I understand that rules are applied in sequence from top to bottom and I wanted to check I am on the right track.

I want to block access to port 2375 apart from my 2 docker hosts on the LAN interface.

Is this close? Thanks in advance.


rule1: allow port 2375 for alias containing my two docker hosts
rule2: reject port 2375 for LAN net
rule3: default allow LAN net

I have a simple opnsense setup for my home network. I use the adguard plugin together with unbound on port 5335

Everything is working fine for dns resolution for all of my lan hosts.

I have one host that I need to resolve for any subdomain on this host as follows:

host.lan -- 192.168.1.10 (working)
test.host.lan  -- 192.168.1.10 (DOES NOT WORK)

Is there a way to allow / config so that anything.host.lan resolves to the same ip as host.lan?

I am on latest 24.7 and have tried switching to KEA dhcp (I only use ipv4 on my system) but have found that a number of clients do not resolve to their hostname using KEA so I went back to ISC.

Is this a known limitation for KEA dhcp at the moment?

I also remember reading a release note for opnsense 24.7 relating to ISC dhcp and static dhcp reservations - something about having to restart a service after changing/adding reservations. At the moment I need to restart opnsense for these new reservations to apply but there must be a way to do this without having to restart?