Do you need to create both single domain and wildcard domain for the pfsense firewall to use ssl/tls for encryption with the letsencrypt certificate and not have the not secure message?
Hi, I followed your Drive to the letter and everything worked for access to secure webgui. Now I'm on the first automatic renewal of the certificate but it doesn't work. The following error message returns: "The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead." So it seems that the Manual DNS method should not be used??? How to change this?
Great question. In manual mode manual certificate renewal requires the same DNS TXT record but with a unique value. This means every renewal requires manual intervention to add new value. But you should use the DNS API instead for automatic renewal.
@@itkb Hi, my DNS manager is called Aruba and does not appear in the list of methods in pfsense to manage renewal with the API. Can you give me some suggestions? I saw that there is also a method called "standalone HTTP server" but I have no idea if it would be suitable for solving my automatic renewal problem
other than DNS methods, off-course you have use other methods i.e. standalone HTTP server, but its required your firewall to open port 80 for domain verification.
Very well done, thank you!
Thank you too!
Thank you ! It worked.
You're welcome!
Thank you! very helpful
Glad it was helpful!
Nice
Thanks
Do you need to create both single domain and wildcard domain for the pfsense firewall to use ssl/tls for encryption with the letsencrypt certificate and not have the not secure message?
I've created to show the public, otherwise single domain or wild card domain certificate is definitely enough to enable ssl/tls support in pfsense.
Thank you
You're welcome
Hi, I followed your Drive to the letter and everything worked for access to secure webgui. Now I'm on the first automatic renewal of the certificate but it doesn't work.
The following error message returns:
"The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
So it seems that the Manual DNS method should not be used??? How to change this?
Great question.
In manual mode manual certificate renewal requires the same DNS TXT record but with a unique value.
This means every renewal requires manual intervention to add new value. But you should use the DNS API instead for automatic renewal.
@@itkb
Hi, my DNS manager is called Aruba and does not appear in the list of methods in pfsense to manage renewal with the API.
Can you give me some suggestions?
I saw that there is also a method called "standalone HTTP server" but I have no idea if it would be suitable for solving my automatic renewal problem
@@itkb
when you talk about using DNS api, what do you specifically mean? what should I do? what steps?
other than DNS methods, off-course you have use other methods i.e. standalone HTTP server, but its required your firewall to open port 80 for domain verification.
DNS APIs take care of managing DNS records automagically when renewal is required, thus you have to authenticate first with your DNS server.
haproxy video?
Very soon