Securing your Pfsense webconfigurator with SSL/HTTPS is of utmost importance when running your proxy in production. We tried a number of ways to get Let's Encrypt SSL certificates working with Pfsense, and thanks to x_radeon we managed to get things working pretty easily. The method used was DNS manual verfication. Let's get started!
First, install the Acme package in Pfsense by heading over to:
System -> Package Manager
Next, navigate to:
Services -> Acme Certificates -> Account keys
Click on Add.
!["accountkeys"]("__GHOST_URL__/content/images/2017/10/accountkeys.png")
Complete the fields as follows:
Name: We used a tld: subdomain.yourdomain.co.za
Description: Knock yourself out 🙂
Acme Server: Let's Encrypt Production
Next, click on Create new account key followed by Register acme account key and then click on Save. Next, click on the certificates tab, click on Add, and complete the fields as follows:
Name: We used a tld: subdomain.yourdomain.co.za
Description: Knock yourself out 🙂
Acme Account: Select the Acme account created above
Key Size: 4096
!["domainsan"]("__GHOST_URL__/content/images/2017/10/domainsan.png")
Under Domain SAN List enter subdomain.yourdomain.co.za in the Domainname input, and select DNS-Manual under method. Leave all other fields as default and click on Save. Next, click on the Issue button for the certificate you just created. Information pertaining to a TXT record to be added to your cPanel will be output. Copy the lines similar to the following:
Domain: '_acme-challenge.subdomain.yourdomain.co.za'
TXT value: 'abggshyyDdVjmCebPXE8uOjI88FFF'
Next, login to your cPanel, click on Zone Editor and then click on Manage. Add a TXT record as shown in the screenshot:
!["txt"]("__GHOST_URL__/content/images/2017/10/txt.png")
Insert the following in the Name text box:
_acme-challenge.subdomain.yourdomain.co.za
Insert the following in the Record text box:
abggshyyDdVjmCebPXE8uOjI88FFF
Click on the Add Record button. Next, go back to pfSense and click on the Renew button to the right of the certiciate you create above. Please DO NOT click on the Issue button again. Your certificate will now be issued 🙂 The final step is to select your newly obtained certificate in pfSense by navigating to:
System -> Advanced
Select your certificate from the SSL Certificate select box. Ensure HTTPS is the selected protocol. Click Save and Bob's your uncle! You will now be able to nagivate to: