A set of scripts to automate the delivery of Let's Encrypt certificates issued through pfSense's Automated Certificate Management Environment (ACME).
- pfSense¹
- ACME package for pfSense¹
- A valid public DNS domain
¹ It is likely to work with opnSense as well.
- First of all, prepare your pfSense and ACME server as shown here
- Second, prepare the server that will use the certificate and automatically download it whenever renewed (Linux tutorial here; Windows tutorial coming soon!)
- Done! The certificate, even if wildcard, was issued manually, but will be renewed and applied automatically wherever it is needed
- Facilities for collecting and centralizing logs
- Script to import and apply certificates in Windows
- Scripts to generate log and facilitate reloading of services that use the certificates
- Small adaptations to enable automated delivery of non-Let's Encrypt certificates
- The entire process was done with some haste, so refactorings will still be necessary, including making the code more semantic and intelligible
- Tutorial to import and apply certificates automatically in Windows
- Documentation enhancements
- Tutorial to import and apply certificates automatically in Linux-like systems
- Script to import and apply certificates in Linux and similar (linux/certgetter.sh)
- Underscores (_) have been replaced by dashes (-) in various places
- Minor documentation tweaks
- certgetter.sh for pfSense-based ACME server has been modified to save logs
- Script to convert and prepare ACME certificates for export from pfSense (pfsense/certgetter.sh)
- Tutorial to configure ACME, its certificates and install CertGetter inside pfSense
BSD 3-Clause "New" or "Revised" License
Developed by Ezequiel Lage, Sponsored by Lageteck
Any and all suggestions, criticisms and contributions are welcome!
Get in touch via Issues, Discussions and Pull Requests
BTC: 1Nw2fzDgtXM5X219Q9VtJ7WaSTDPua3oe8
DASH: XeEuQk3za87DTtNZGkriRXMAJPoMbXNjUA
LTC: LgMYNhUREb2kgXpBXoybgjtJM7QSNZKs14
ZEC: t1dtNs9nNphKdLrro3JPzvE2r5E48doboM1
ERC20*: 0xbc024170e10e097140d4be5c30fd4ed6220cfb57
* Any ERC20 token supported by Binance (ETH, USDC, USDT, etc)