Author Topic: Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded (Read 2844 times)

opns_neuling · « **on:** August 11, 2021, 09:05:15 pm »

Hello!
I have a case here with 2 opnsense (cascaded connected).
One of them has a public IP and the second is cascaded (DMZ).
Letsencrypt runs on the first Opensense.
I would like to synchronize the certificates for extensions to the second Opensense and restart the GUI there (so the letsencrypt certificates are used for the GUI in the second router) .... is that possible? how to? ideas ?
Thanks in advance

opns_neuling · « **Reply #1 on:** December 21, 2021, 08:05:14 pm »

Does anyone have a similar scenario?
2 pfsense, one with wan connection and one on a second level (without wan access) ?

opensense 1 with acme-client (for wilcard-cert)
opensense2 (at another location) has to use the same wilcard-cert ...

Thanks a lot

opn_nwo · « **Reply #2 on:** December 22, 2021, 03:42:59 pm »

I can't help you with the specifics, but you can probably script it and scp it to the target server, maybe?

KHE · « **Reply #3 on:** December 22, 2021, 06:28:37 pm »

Hi,

according to Let's Encrypt you can create up to 5 duplicate certificates. I would create just another certificate on the second OPNsense.
LE rate limit are here.

Copying the file is not a problem, there is the sftp Automation plugin. But importing it on the second OPNsense is the problem.

KH

Author Topic: Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded (Read 2844 times)

opns_neuling

Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded

opns_neuling

Re: Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded

opn_nwo

Re: Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded

KHE

Re: Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded