Letsencrypt cron renew the firewall certificate but webgui don't use it.

[zentoo]

Several instances of opnsense that I use present the same issue with letsencrypt:
- The cron "Renew ACME certificates" => renew the certificate as expected
- The certificate used for the webgui is still the old one

So I need to manually restart the webgui service in order that it takes in account the new certificate.

Conclusion: If the certificate have been renewed by letsencrypt "Renew ACME certificates" the webgui have to be restarted automatically. It is not the case.

[KHE]

Hi,

that is what the Automations in the ACME Client are for.
You need to add a Restart OPNsense Web UI automation in ACME Client -> Automations and then assign it to the certificate in ACME Client -> Certificates.

Works for me :)

[zentoo]

Hi and thanks a lot ! I wouldn't thought about it.

It should be an automation that opnsense manage itself when the certificate is used for the web UI.

So for other concerned to use a letsencrypt certificate for opnsense web ui:

  1- create letsencrypt certificate [Services/ACME client/Certificates]
  2- assign SSL certificate [System/Settings/Administration]
  3- create letsencrypt automation [Services/ACME client/Automations] and choose run command "Restart OPNsense Web UI"
  4 - edit certificate from #1 [Services/ACME client/Certificates] and assign the automation created at #3


Or more quicker but less intuitive:

  1- create letsencrypt automation [Services/ACME client/Automations] and choose run command "Restart OPNsense Web UI"
  2- create letsencrypt certificate [Services/ACME client/Certificates] and choose automation created at #1
  3- assign SSL certificate [System/Settings/Administration]