Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded

opns_neuling · August 11, 2021, 09:05:15 PM

Hello!
I have a case here with 2 opnsense (cascaded connected).
One of them has a public IP and the second is cascaded (DMZ).
Letsencrypt runs on the first Opensense.
I would like to synchronize the certificates for extensions to the second Opensense and restart the GUI there (so the letsencrypt certificates are used for the GUI in the second router) .... is that possible? how to? ideas ?
Thanks in advance

opns_neuling · December 21, 2021, 08:05:14 PM

Does anyone have a similar scenario?
2 pfsense, one with wan connection and one on a second level (without wan access) ?

opensense 1 with acme-client (for wilcard-cert)
opensense2 (at another location) has to use the same wilcard-cert ...

Thanks a lot

opn_nwo · December 22, 2021, 03:42:59 PM

I can't help you with the specifics, but you can probably script it and scp it to the target server, maybe?

KHE · December 22, 2021, 06:28:37 PM

Hi,

according to Let's Encrypt you can create up to 5 duplicate certificates. I would create just another certificate on the second OPNsense.
LE rate limit are here.

Copying the file is not a problem, there is the sftp Automation plugin. But importing it on the second OPNsense is the problem.

KH

Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded

opns_neuling

August 11, 2021, 09:05:15 PM

opns_neuling

December 21, 2021, 08:05:14 PM #1

opn_nwo

December 22, 2021, 03:42:59 PM #2

KHE

December 22, 2021, 06:28:37 PM #3