WEBGUI: does the built-in self-signed SSL Cert NOT auto-renew itself?

[andrew]

Newbie question:


Under System -> Trust -> Certificates I just stumbled upon this:


Name                           Issuer            Distinguished Name
webConfigurator default       self-signed     ST=Zuid-Holland, O=OPNsense, L=Middelharnis, C=NL
CA: Yes, Server: No    
                                                Valid From:    Tue, 03 Mar 2015 00:24:10 +0100
                                                Valid Until:    Wed, 02 Mar 2016 00:24:10 +0100


That's OPNsenses own SSL cert for the webgui. And it expired years ago after 1 year.  ::)
This is not critical in my case. But I wonder if it is normal that the default SSL cert for the webgui doesn't auto-renew, and if something is broken.

If this is normal, then what is the usual recommended way to deal with this?
Renew manually? Where?
I'm sure I can't be the only one.

[franco]

There's no mechanism for renewing that certificate since it's still invalid to browsers by default for self-signed reason alone.

Since 21.1 I think it's possible to run this command from the console:

# configctl webgui restart renew


Cheers,
Franco