A Real pfsense HTTPS Certificate
Planted January 12, 2023
Yesterday, I learned how to get Let’s Encrypt working on our PfSense router.
First I set
ssh to only use public keys, then installed the
sudo package and the
acme.sh package in the GUI.
https://gaurangpatel.net/installing-nano-in-pfsense (this was very handy, as I am a
The kicker was getting
/etc/resolv.conf to not use internal DNS routing. We use OpenDNS Umbrella’s free teir and we block the VPN category.
acme.sh was trying to hit some DNS addresses like “cloudflare-dns.com” which was getting blocked by OpenDNS.
So, after getting
acme.sh all set up with my Cloudflare API token inside of pfsense, it would just loop and loop until I killed the process manually. It would constantly output
curl error 60, which turns out it means that the https certificate of the request was insecure.
I believe removing the
dnscheck would fix the issue, too. https://github.com/acmesh-official/acme.sh/wiki/dnscheck
https://my.fqdn.net actually gives no certificate errors!
Since we have two campuses at work, now I get to do it again for the second pfsense box.