ACME SFTP Folder /var/etc/acme-client/sftp-config Missing for SSH pub key

Started by Polka7398, February 05, 2025, 10:59:54 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 05, 2025, 10:59:54 AM Last Edit: February 05, 2025, 11:16:41 AM by Polka7398
Hello everyone,

I'm trying to set up ACME SFTP automation on my OPNSense, but the folder /var/etc/acme-client/sftp-config does not exist. According to the documentation, this directory should contain the SFTP configuration and public key, but it's completely missing.

Without this folder, I don't have a public key for access. I tried manually creating the directory and uploading my own SSH key, but I'm not sure if this is the correct approach.

root@opnsense:/var/etc/acme-client # ll
total 28
drwxr-x---   3 root wheel 512 Jan 15 09:56 accounts/
drwxr-x---  15 root wheel 512 Jan 31 10:09 cert-home/
drwxr-x---  15 root wheel 512 Jan 31 10:09 certs/
drwxr-x---   2 root wheel 512 Jan 15 09:55 challenges/
drwxr-x---  15 root wheel 512 Jan 31 10:09 configs/
drwxr-x---   3 root wheel 512 Jan 15 10:11 home/
drwxr-x---  15 root wheel 512 Jan 31 10:09 keys/

Has anyone encountered this issue or found a solution to properly set up ACME SFTP access?

Thanks for your help! 😊
February 05, 2025, 11:08:15 AM #1
Probably the plugin doesn't cover all the capabilities, only those needed for the core concept of requesting let's enctrypt certs. I do not know, only speculating.
Is the automation you require not available in "Automations" tab of the plugin? There is one for SFTP to upload certs.
If not, it would help to explain what is what you want to achieve.
February 05, 2025, 11:12:37 AM #2
You're right that the SFTP upload automation exists in the "Automations" tab of the ACME plugin. However, my issue is that I need the public key to distribute it to my systems so that OPNSense can actually authenticate and upload the certificates via SFTP.

Since the expected directory /var/etc/acme-client/sftp-config/ is missing, I don't have access to the public key that should be used for authentication. Without this key, I can't configure my target systems properly to accept SFTP uploads from OPNSense.

Did you manually retrieve the public key somewhere, or was it automatically generated for you? Any insights would be appreciated! 😊
February 05, 2025, 12:46:04 PM #3
Try clicking "Test Connection" in your automation. It appears that doing that causes a key-pair (and the directory to contain it) to get created if they don't already exist.
Print
Go Up Pages1
User actions