Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
ACME client not updating certs into OPNsense trust storage
« previous
next »
Print
Pages: [
1
]
Author
Topic: ACME client not updating certs into OPNsense trust storage (Read 1315 times)
namnnumbr
Newbie
Posts: 8
Karma: 0
ACME client not updating certs into OPNsense trust storage
«
on:
January 05, 2023, 02:28:33 pm »
As of 1 Jan 2023, ACME client is renewing LetsEncrypt cert daily. Further investigation indicates it is not registering the new certs in OPNsense `System > Trust > Certificates`.
Navigating to `Services > ACME client > Log Files` reports it thinks the cert needs to be renewed: "AcmeClient: certificate must be issued/renewed: opnsense.example.com". Logs show successful renewal.
In the `Services > ACME client > Certificates` shows the cert has been renewed.
However, `System > Trust > Certificates` shows the old cert, and checking the cert with my browser shows the old cert. So somehow the ACME client is not writing the cert to OPNsense's trust storage.
I have tried to reimport the cert, but nothing changes. Rebooting also does not resolve the issue.
Further info:
I had previously run into an issue where the webUI wasn't registering the new cert, and I resolved that by adding an automation to restart the webUI. However in that case (IIRC), the cert did not keep on renewing, it was simply that the browser would show warnings about the expired cert.
Running
OPNsense 22.7.10_2-amd64
FreeBSD 13.1-RELEASE-p5
OpenSSL 1.1.1s 1 Nov 2022
«
Last Edit: January 05, 2023, 02:35:44 pm by namnnumbr
»
Logged
veriwind
Newbie
Posts: 2
Karma: 0
Re: ACME client not updating certs into OPNsense trust storage
«
Reply #1 on:
January 05, 2023, 02:52:28 pm »
I'm having this same issue. The Trust store isn't being updated but the cert has been renewed via acme client. I'll sync to haproxy and then the next day haproxy will be back with the old expired cert. Reload haproxy and it has the new one, every day.
Logged
namnnumbr
Newbie
Posts: 8
Karma: 0
Re: ACME client not updating certs into OPNsense trust storage
«
Reply #2 on:
January 05, 2023, 03:52:47 pm »
see also:
https://github.com/opnsense/plugins/issues/3127
Logged
veriwind
Newbie
Posts: 2
Karma: 0
Re: ACME client not updating certs into OPNsense trust storage
«
Reply #3 on:
January 06, 2023, 04:18:30 pm »
Quote from: namnnumbr on January 05, 2023, 03:52:47 pm
see also:
https://github.com/opnsense/plugins/issues/3127
This is exactly the issue. I'll have to follow it there. Issue was resolved by rebooting opnsense early this morning. I'll have to try scheduling a webui restart.
Logged
namnnumbr
Newbie
Posts: 8
Karma: 0
Re: ACME client not updating certs into OPNsense trust storage
«
Reply #4 on:
January 06, 2023, 05:09:45 pm »
If you can, add your logs so the devs realize the issue is live. The issue is older, so I want to bump the activity.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
ACME client not updating certs into OPNsense trust storage