Lets encrypt howto

ruggerio · July 18, 2018, 12:11:07 PM

Hi,

I configured the letsencrypt-service on a forwarded webserver.

I could issue certificates without Problem, but how is the webserver aware of the new issued certifcates? Should i sync those certificates via rsync between opnsense and the webserver?

If the new issued certificates are not accessible from webserver, this will just drop certificate-errors

Thx
Roger

franco · July 19, 2018, 12:33:40 AM

Hi Roger,

There is manual work involved here... unless you use haproxy acme-client integration and let the OPNsense handle the SSL connection for the internal servers and afterwards just redirect them.

Here's the original doc for the integration:

https://github.com/opnsense/plugins/pull/71

Cheers,
Franco

fraenki · August 14, 2018, 04:30:05 PM

I second that. Use HAProxy to do the SSL offloading and proxy requests to your webserver(s). This way OPNsense will do everything for you :)

Lets encrypt howto

ruggerio

July 18, 2018, 12:11:07 PM

franco

July 19, 2018, 12:33:40 AM #1

fraenki

August 14, 2018, 04:30:05 PM #2