Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui
« previous
next »
Print
Pages: [
1
]
Author
Topic: SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui (Read 920 times)
andyd
Newbie
Posts: 11
Karma: 0
SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui
«
on:
April 23, 2024, 05:25:52 am »
So...
1. I've set up the ACME client to get and auto renew the Lets Encrypt cert
2. I changed in Admin settings to use the cert
I am unable to access the website by the name
1. I have Adguard setup which has Unbound DNS as the upstream server - meaning Adguard on port 53 and Unbound on port 65353. This is working without issue
2. I can add DNS rewrites in Adguard to opnsense web gui - that works
3. I can access the router via IP - all devices are on LAN interface as I haven't gotten around to playing with VLANs.
Not sure what could be the issue?
I followed this guide...
https://homenetworkguy.com/how-to/replace-opnsense-web-ui-self-signed-certificate-with-lets-encrypt/
Which makes the process seem easy so not sure what could be going on. Guessing it has something to do with Adguard / Unbound setup but not 100% sure. I do know I have failed to do similarly via Traefik and nginx - always hit a timeout when trying to access by name.
Logged
andyd
Newbie
Posts: 11
Karma: 0
Re: SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui
«
Reply #1 on:
April 23, 2024, 05:53:05 am »
If I disable DNS rebind checks, it doesn't time out. Should this be disabled?
It still isn't able to do name resolution, though.
On adguard, I see it get processed...
Code:
[Select]
Status
Processed
DNS server
192.168.1.1:65353
Served from cache
Elapsed
0.04 ms
Response code
NOERROR
but getting ...
"This site can’t be reached router.mydomain.com’s server IP address could not be found."
in Chrome
So failing at Unbound?
«
Last Edit: April 23, 2024, 05:55:25 am by andyd
»
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1595
Karma: 176
Re: SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui
«
Reply #2 on:
April 23, 2024, 06:44:42 am »
Please don't replace the self signed certificate of the WebUI, you can lock yourself out if the certificates date becomes invalid if the ACME client has issues.
It doesn't improve security in any way to change it.
Logged
Hardware:
DEC740
andyd
Newbie
Posts: 11
Karma: 0
Re: SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui
«
Reply #3 on:
April 23, 2024, 01:48:26 pm »
Hmm. Not the response I was expecting.
I think the point of it is to not see a page showing accessing the gui is not secure but you’re saying this is preferred behavior ?
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1595
Karma: 176
Re: SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui
«
Reply #4 on:
April 23, 2024, 01:50:24 pm »
If you don't want to see that the page is not secure, just import the self-signed certificate of the OPNsense into your browsers trust store. That's the easiest method.
If it's chrome and you are on Windows, just import it into the Windows certificate store under "Trusted Root Certificates". If you save the certificate in your browser as .pem file, you can just double click to install it for example.
EDIT: This is exactly the same thing as the Let's Encrypt certificate does. It's also installed into the trust store of browsers, or windows/linux etc. Just, it comes preinstalled there. Compare to this funny issue:
https://bugzilla.mozilla.org/show_bug.cgi?id=647959
«
Last Edit: April 23, 2024, 01:57:49 pm by Monviech
»
Logged
Hardware:
DEC740
andyd
Newbie
Posts: 11
Karma: 0
Re: SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui
«
Reply #5 on:
April 24, 2024, 03:04:15 am »
Ah I thought it might make sense to tie it to my domain as well since I will eventually be doing the same for local ssl in my dockers.
So I installed the cert and I'm still getting the same issue. Attachment is showing the cert in trusted root.
Is there something else to it? Do I have to access using "opnsense.localdomain"? That doesn't work either though.
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1595
Karma: 176
Re: SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui
«
Reply #6 on:
April 24, 2024, 03:59:53 am »
Hmm thats weird. What I'm using for that is caddy. It reverse proxies the opnsense webui for me. That way I can access it from my normal domain with certificate, but the other way is still working too, giving me redundancy.
https://docs.opnsense.org/manual/how-tos/caddy.html#reverse-proxy-the-opnsense-webui
Logged
Hardware:
DEC740
andyd
Newbie
Posts: 11
Karma: 0
Re: SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui
«
Reply #7 on:
April 24, 2024, 05:25:01 am »
Ah got it. I was using nginx for reverse proxy but then was having similar issues with timeout. Thought going this route for now seemed easier but something with my setup is causing the names to not resolve correctly
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui