Certificate issues with ACME

Started by zyon, August 01, 2024, 11:43:21 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 01, 2024, 11:43:21 AM Last Edit: August 01, 2024, 11:45:28 AM by zyon
Hi all,

Since the last update (27.4) i'm unable to click on view or download certificate made by ACME plugin (the certificate is OK and successfully created and it is present on the certificate list)

If i click on view and nothing
If i click on download, i can choose, private etc but nothing is downloaded.

Like the cert is not really here lol (sorry for this explantion...)

The only way is to reboot ;s

Any help ? :)
August 05, 2024, 02:38:49 AM #1
Same problem here.

I also noticed that the ACME logs do not appear under "Services: ACME Client: Log Files" (this is always empty). The only way to see the logs is in "System: Log Files: General"

Finally, there seem to be something wrong with the automation scripts. I am using one that is running a remote ssh command. If I edit it to change the remote command, the edit seems to work (the UI display the command I changed). But when I run the automation (either via "Test Connection" directly in the Automation edit panel, or via the "Run automations" from a certificate that calls this automation) it still runs the old command that was there prior to editing.


It seems that the ACME service is not working very well with 24.7
August 05, 2024, 05:18:47 PM #2
@zyon Where are you seeing an option in the GUI to view or download the certificate itself? Do you mean edit/copy the settings for the certificate?

@styx13 I am running ACME under 24.7 and I see Acme logs under ACME Client->Log files->ACME Log (tab). ACME Client->Log files->System log (tab) is empty for me.

August 06, 2024, 01:44:02 AM #3
Under "Services: ACME Client: Log Files" both  tabs "System Log" and "ACME Log" are both always empty for me.
The only logs I can see related to acme are in "System: Log Files: General"

I think @zyon is talking about the certificate list available under "System: Trust: Certificates"
Once ACME client issues or renew a certificate, it adds it to that list and there you have the option to download it (either as a P12 or a pem).
It used not to work for me yesterday, but it is working today and I had a reboot in between, so as zyon said, it seems a reboot is fixing that part, but that did not fix the log part for me nor the automation scripts.

And just want to mention that I am running a fresh 24.7 install (not an upgrade)
August 06, 2024, 08:51:52 AM #4 Last Edit: August 06, 2024, 08:53:36 AM by zyon
Yes i'm talking about Trust/certificate
Under the ACME menu the creation process is OK and also can see my new certificat

(Sorry for my Englush)
August 06, 2024, 07:35:03 PM #5
@Styx13, thanks for educating me. I learned something new. I use SSH to download ACME certificates and I didn't know they populated in System:Trust:Certificates.
September 21, 2024, 11:14:27 AM #6
Sadly is the same with the lastest version ...

Cert newly created with Acme plugin ==> OK
Cert present in the OPNsense system in trust ==> OK
Try to download the cert ==> KO

All service restarted ==> no change
The only way to have tha possibility to download is to reboot OPNsense :s
Print
Go Up Pages1
User actions