Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
lets encrypt certificate not trusted for web-gui
« previous
next »
Print
Pages: [
1
]
Author
Topic: lets encrypt certificate not trusted for web-gui (Read 983 times)
tj-flens
Newbie
Posts: 4
Karma: 0
lets encrypt certificate not trusted for web-gui
«
on:
February 22, 2024, 11:46:31 am »
Hi,
I've been working with Opnsense for a few weeks now. I am on version 24.1.2 and have been using self signed certificates. Everything works great so far.
Now I would like to use my domain internally and switch to a Let's encrypt certificate.
For this I use DNS-01 Challenge via Cloudflare and can also create certificates for my opnsens. host name is : router. "domain".net.
I have entered the certificate under Systems/Settings/Administration and System/Settings/General (hostname/domain) and restart the web interface.
Opnsense can now be reached at this address, but the certificate is not secure!
I have searched through various tutorials but found nothing.
Thanks for tips
Logged
Patrick M. Hausen
Hero Member
Posts: 6702
Karma: 564
Re: lets encrypt certificate not trusted for web-gui
«
Reply #1 on:
February 22, 2024, 12:11:35 pm »
Did you not only place the FQDN in the CN field but also as a SAN? This is now mandated by browsers.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
tj-flens
Newbie
Posts: 4
Karma: 0
Re: lets encrypt certificate not trusted for web-gui
«
Reply #2 on:
February 22, 2024, 12:46:55 pm »
If I got your point correctly I need to put the router.domain.net into the alternate names field: router.domain.net.
Done - re-issued - but no change. the cert is still not trusted.
Logged
Patrick M. Hausen
Hero Member
Posts: 6702
Karma: 564
Re: lets encrypt certificate not trusted for web-gui
«
Reply #3 on:
February 22, 2024, 12:56:58 pm »
Then a screenshot of the certificate chain as the browser shows it is the only way I know to diagnose. Difficult if you don't want to share your FQDN. Possibly blur that part ...
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
tj-flens
Newbie
Posts: 4
Karma: 0
Re: lets encrypt certificate not trusted for web-gui
«
Reply #4 on:
February 22, 2024, 01:15:18 pm »
I've captured the info from firefox. hope this helps
Logged
Patrick M. Hausen
Hero Member
Posts: 6702
Karma: 564
Re: lets encrypt certificate not trusted for web-gui
«
Reply #5 on:
February 22, 2024, 01:36:06 pm »
First pictures says it all - you are using the STAGING CA of Letsencrypt.
You cannot change the CA of your registered account in the UI after the fact - the help text even states as much. You need to delete and create the account again, this time with the production CA.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
tj-flens
Newbie
Posts: 4
Karma: 0
Re: lets encrypt certificate not trusted for web-gui
«
Reply #6 on:
February 22, 2024, 01:57:22 pm »
thank you so much for you help!!!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
lets encrypt certificate not trusted for web-gui