Comments on: Issuing Let’s Encrypt certificates on your pfSense using ACME!

By: Encrypting Zabbix Server communication with Agents using Let's Encrypt certificates - Geek is the Way!

Mon, 29 Jan 2024 02:50:41 +0000

[…] to other posts discussing Let’s Encrypt certificates, I will assume you know how to issue Let’s Encrypt certificates on your pfSense and have scripts in place to copy them to all your servers […]

By: Thiago Crepaldi

Thiago Crepaldi — Tue, 19 Oct 2021 03:48:52 +0000

In reply to Sha. Hi Sha, I never used use HA on pfSense, so I am afraid I cannot help with it. In the worst case, you can always create a CRON job to copy from master to the slave on a schedule. I did get a second Netgate, so soon I might start playing with HA. Stay tuned

By: Thiago Crepaldi

Thiago Crepaldi — Tue, 19 Oct 2021 03:46:19 +0000

In reply to Sha. Hi Sha, port 80 and 443 on your pfSense must be open and connecting to Internet. Make sure your ISP does not block those ports

By: Sha

Sha — Wed, 26 May 2021 15:52:45 +0000

Hi Thiago Crepaldi,

Very good explanation!

Could you please help me out, i have two pfsese in HA-Availability, one is master node and second one is backup node.

With CARP IP HA sync is also working i am using package HAProxy and ACME, if i create some rule (Fronted and Backened) for HAProxy it immediately replicate to backup node, till here as expected.
But when i create certificate on Master Node after successful creation i see on the log even i go to location /tmp/acme and /conf/acme certificate created.
Why this two location /tmp/acme and /conf/acme i thought initially when certifcate not created with some issue it goes to /tmp/acme but this is not the case.

But my question is why this certificate not replicate to Backup node with High Availability Sync even sync option is Certificate Authorities, Certificates, and Certificate Revocation Lists selected.

Is there any way that after creating certificate on Maser node replicate to Backup node automatically or do we need to manually copy and paste to backup.

Thanks in advance.
Happy to hear from you soon!

By: Sha

Sha — Wed, 26 May 2021 15:16:44 +0000

Good Post!
One question i am unable to issue certificate using ACME, Do we need to create Firewall rule to communication with Let’s Encypt. Already open WAN interface 443 for this?

Thanks in advance!

By: Thiago Crepaldi

Thiago Crepaldi — Sun, 11 Apr 2021 03:38:03 +0000

Do you have the error message? when you type https as URL, that already implies port 443. Maybe you are not using default SSL port on your setup?

By: Brad A Chriss

Brad A Chriss — Thu, 08 Apr 2021 23:47:17 +0000

I’ve created a domain and host name for my pfsense but I can’t use the url I created for it without using the port number too. when I use the url without the port number I get an SSL error

By: Thiago Crepaldi

Thiago Crepaldi — Sun, 20 Dec 2020 14:24:07 +0000

In reply to Garrett. Thanks for the heads up. I've just did another clean installation and verified the change. The post is updated too!

By: Garrett

Garrett — Wed, 16 Dec 2020 17:20:21 +0000

The target directory for ACME certificates is actually under /cf/config/acme/. At least on my installation, /tmp/acme does not even exist. Just a heads up. I’m assuming the file location was changed after a recent update.