Unable to get OPNsense Acme Cert upload to seperate HAProxy using SSH Automation

bernieo · November 18, 2025, 04:52:57 PM

Hi

It seems OPNsense 25x has changed many things.
I have a setup where OPNsense is a VM and HAProxy is also a VM. I want OPNsense (on 10.10.20.10) to handle certificate requests via Cloudflare DNS-01 and then upload the certificate obtained to HAProxy on 10.10.20.20 using OPNsense ACME client's Automation workflow.
I would like to assign a user on OPNsense (with nologin if possible), say cert-bringer, who authenticates with its SSH key.

When I set this up by giving HAProxy cert-bringer's public key, I keep getting errors like this: Permission denied (publickey).

Do I need to create an OPNsense user for this to work?
If so, what access rights do I give that user?

If not, then how can I achieve this goal?

bernie

cookiemonster · November 18, 2025, 11:19:23 PM

QuoteWhen I set this up by giving HAProxy cert-bringer's public key, I keep getting errors like this: Permission denied (publickey).

This sounds like OPN side is set so far and the error is given to the cert-bringer user by the remote host. The haproxy one.
So you need to configure sshd on that side.

Unable to get OPNsense Acme Cert upload to seperate HAProxy using SSH Automation

bernieo

November 18, 2025, 04:52:57 PM

cookiemonster

November 18, 2025, 11:19:23 PM #1