Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
ACME - Let's Encrypt Client Certs
« previous
next »
Print
Pages: [
1
]
Author
Topic: ACME - Let's Encrypt Client Certs (Read 6550 times)
DanMc85
Jr. Member
Posts: 68
Karma: 4
ACME - Let's Encrypt Client Certs
«
on:
February 05, 2018, 01:38:40 pm »
Has anyone else on 18.1 had issues with issuing Let's Encrypt certs using the ACME plugin?
HTTP Challenge Type
First I had to change my OPNSense firewall HTTPS port from a custom one back to 443.
Then I originally had a multi domain (SAN) filled out with a few subdomains.
Whenever I issued the cert it would have validation failed.
However, when I edited the cert just to be the main domain with no SAN's, it completed successfully.
I never had this issue before and always had a full multi-domain cert on prior releases.
Notes: All the subdomains are just CNAME entries pointing to the main domain IP to resolve through DNS.
Logged
elektroinside
Hero Member
Posts: 574
Karma: 51
Re: ACME - Let's Encrypt Client Certs
«
Reply #1 on:
February 06, 2018, 12:36:40 am »
There's an issue with the plugin, but it is getting fixed soon
Basically, it needs an upgrade. And if i'm not mistaken, the next version will also support wildcard certs
Logged
OPNsense v18
| HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s
Team Rebellion Member
DanMc85
Jr. Member
Posts: 68
Karma: 4
Re: ACME - Let's Encrypt Client Certs
«
Reply #2 on:
February 06, 2018, 04:56:19 am »
Nice find...
I just did a search and found this article which confirms what you said:
https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html
Looks like wildcard will only support DNS validation instead of HTTPS validation for issuing cert.
I use google domains so it would be nice to see API support added... or the ability to generate and manually add a TXT DNS record for validation purposes which the regular ACME plugin supports but the OPNSense GUI does not appear to.
Logged
elektroinside
Hero Member
Posts: 574
Karma: 51
Re: ACME - Let's Encrypt Client Certs
«
Reply #3 on:
February 06, 2018, 08:14:55 am »
Please request your needed feature here:
https://github.com/opnsense/plugins/issues
Thanks
Logged
OPNsense v18
| HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s
Team Rebellion Member
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
ACME - Let's Encrypt Client Certs