Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
ACME plugin with Gandi PAT
« previous
next »
Print
Pages: [
1
]
Author
Topic: ACME plugin with Gandi PAT (Read 381 times)
Tugdualenligne
Newbie
Posts: 13
Karma: 0
ACME plugin with Gandi PAT
«
on:
June 29, 2024, 07:23:50 am »
Just wanted to share as I spent hours trying to solve this:
Situation:
- OPNsense firewall with ACME client able to create certificates using PAT (Gandi's Personal Access Token, required to create the txt record in the DNS system temporarily)
- for some reason, the PROD ACME environment wasn't able to create a certificate, while the STAGING ACME environment was able to
Solution:
- I logged in OPNsense root shell account using SSH
- I copied the last two lines of the STAGING file found in here /var/etc/acme-client/accounts/*_stg/account.conf
- I edited /var/etc/acme-client/accounts/*_prod/account.conf, replacing the last line GANDI_LIVEDNS_TOKEN by the last two lines that are in the STAGING account.conf
- then within OPNsense web UI I issued a new PROD certificate, imported it (there's a small button for that), and switched in System / Settings / Administration the two STAG and PROD certificates to obviously use the new valid PROD certificate
I've been trying to solve that for months
At last!
(where * is for example 64da74b3412297.72803120_prod, or *_stag)
Logged
Patrick M. Hausen
Hero Member
Posts: 6812
Karma: 572
Re: ACME plugin with Gandi PAT
«
Reply #1 on:
June 29, 2024, 11:32:26 am »
You cannot switch your configuration from staging to production. You need to remove the staging one and recreate the production one from scratch.
Could that be the cause of your problem?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
ACME plugin with Gandi PAT
