Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
ACME-Automation Copy Certificate to Host via SFTP - Howto?
« previous
next »
Print
Pages: [
1
]
Author
Topic: ACME-Automation Copy Certificate to Host via SFTP - Howto? (Read 7575 times)
PotatoCarl
Full Member
Posts: 134
Karma: 5
ACME-Automation Copy Certificate to Host via SFTP - Howto?
«
on:
October 14, 2021, 08:47:19 am »
Hi
I could get the acme plugin up and running (this is BTW exactly what I was trying to acomplish for some time, but misunderstood the intention of the plugin...). HOWEVER, I try to automatize sending the certificate via SFTP to the host.
There is no password or key to be entered in the automation fields, only a user name. When I try it, I get "host does not allow access with this user name" (well, it needs a certificate or a password, DUH!).
I am misunderstanding here how that works? How can I get to transfer the certificate automatically? Do I have to setup the host in a special way?
Thanks.
Logged
abulafia
Full Member
Posts: 156
Karma: 8
Re: ACME-Automation Copy Certificate to Host via SFTP - Howto?
«
Reply #1 on:
October 14, 2021, 12:38:55 pm »
The ACME plugin sftp automation only permits certificate-based login, not password-based. So you need to set up a ssh certificate login at your target box (guides are available via google).
Attention: The ssh certificate/key you need it not the general OPNsense ssh one, but the specific one for the ACME plugin, found at /var/etc/acme-client/sftp-config/id.rsa.pub (thanks to
https://forum.opnsense.org/index.php?topic=20437.0
!).
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: ACME-Automation Copy Certificate to Host via SFTP - Howto?
«
Reply #2 on:
October 14, 2021, 03:51:21 pm »
Okay (actually a LINK on the help page would be EXTREMELY helpful), I have to login to the command line and use the public key, correct?
I prefer to stay in one context, e.g. in the webinterface (I like the webinterface...)
Thank you.
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: ACME-Automation Copy Certificate to Host via SFTP - Howto?
«
Reply #3 on:
October 14, 2021, 04:08:47 pm »
I just tried it, works perfectly, thanks a bunch!
Unreleated, or half-releated: It is the "fullchain" and the "CA" exported. I am trying to setup a reverse proxy with NGINX with Rocket.Chat. With any browser it works, but the Android app sais "trust anchor not found". Is that an android problem or do I need to "display" the fullchain.pem somehow, as I cannot find the right option to get this file "displayed"?
Logged
abulafia
Full Member
Posts: 156
Karma: 8
Re: ACME-Automation Copy Certificate to Host via SFTP - Howto?
«
Reply #4 on:
October 14, 2021, 09:21:13 pm »
Just guessing: old android version? Then it likely doesn't know the new letsencrypt root certificate
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: ACME-Automation Copy Certificate to Host via SFTP - Howto?
«
Reply #5 on:
October 15, 2021, 09:23:21 am »
Well Android 8.1.1 is not exactly old, but yes, it is not 11. However, with Android 11 it does not work either.
Finally, I found the problem and instead of using the "cert" file, I use "fullchain.pem" and then it works well with rocket.chat app.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
ACME-Automation Copy Certificate to Host via SFTP - Howto?