Pfsense Https V2
Well, well, well, exactly 90 days later (the expiration date of the previous HTTPS certificate…) I had to dig in and manually renew the cert. I believe I’m the only one using it, so the impact was quite small.
This time, I started from the PfSense web GUI and just clicked “renew”. It took a really long time and I didn’t notice any popups when it was done. I eventually logged into the unit via ssh and found the log file with cat /tmp/acme/us-pfsense/acme_issuecert.
Unifi Controller HTTPS
Here’s another HTTPS certificate story. This time, a self-hosted Unifi Controller was the “invalid certificate” annoyance.
Yesterday, it began with attempting to use acme.sh from GitHub on our Ubuntu 22.04.1 LTS server which has unifi running on it. I did encounter a similar error to my last story, and I had to change my DNS servers again. That probably deserves another blog post so I don’t forget how to do it next time.
A Real pfsense HTTPS Certificate
Yesterday, I learned how to get Let’s Encrypt working on our PfSense router.
First I set ssh to only use public keys, then installed the sudo package and the acme.sh package in the GUI.
https://gaurangpatel.net/installing-nano-in-pfsense (this was very handy, as I am a nano user.)
https://jarrodstech.net/how-to-pfsense-haproxy-setup-with-acme-certificate-and-cloudflare-dns-api/
The kicker was getting /etc/resolv.conf to not use internal DNS routing. We use OpenDNS Umbrella’s free teir and we block the VPN category. acme.