Help with Acme, Letsencrypt and HTTP-01 for hosted domains at Strato

Started by vafk18, December 20, 2024, 12:33:59 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 20, 2024, 12:33:59 AM
Hi folks,

I recently moved from pfSense after years of use when I realized that the HAProxy would not work with my TrueNAS scale and several apps like PhotoPrism, NextCloud and others. Only then I found out about OPNSense but when I followed a few tutorials from their website I realized that for the first time when I as a newbee when I wanted to build my IPSec and Wireguard tunnels for site2site all I had to follow was the clear tutorial to get it work on the first try! Fantastic job :-)

Now I am stuck with the Letsencrypt certificate creation. Does anyone have a tutorial how to install ACME with HTTP-01 option (including the firewall rules)? Thanks in advance!
December 20, 2024, 01:43:28 PM #1
This is pretty easy.

You need a Lets Encrypt account, if you haven't one yet.
The hostnames of the certificate have to resolve to your public IP in the public DNS.
Create a challenge of type HTTP and select the desired service.
Configure the certificate. State the primary hostname as Common Name and add additional hostnames in the Alt Names box. Select your account, the challenge and an Automations action if desired. The ACME plugin might have created a HAproxy start action automatically.
December 20, 2024, 02:54:37 PM #2
I got it working now. Thanks @viragomann
December 21, 2024, 10:53:35 AM #3 Last Edit: December 21, 2024, 06:58:39 PM by vafk18
I can now create certificates with Acme and HTTP-01. I see them listed at Trust - System - Certificates. Description, issuer, Name all contain valid information.

When I select to download the new certificate, it opens a windows where I can select the type to download. But then nothing gets downloaded.

When I select edit, I get empty mask.

When I push I to show certificate info, nothing happens. I cannot delete this new certificate.

I can only download the original Web GUI TLS certificate.

Any idea what is wrong here?

*Update:
After I rebooted the firewall, the newly imported certificate is able to be used (viewed, downloaded, deleted). Is this what seems to be a uncomfortable workaround (having the fw rebooted) od did I miss something?
January 08, 2025, 09:52:20 AM #4
Quote from: vafk18 on December 21, 2024, 10:53:35 AM...
After I rebooted the firewall, the newly imported certificate is able to be used (viewed, downloaded, deleted). Is this what seems to be a uncomfortable workaround (having the fw rebooted) od did I miss something?

I am experiencing the same behavior, both in the gui and in the api. (The api just provides an empty json object for most of the failed occasions)

Where would be the best location to report this bug/issue?
Print
Go Up Pages1
User actions