This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Creating a LetsEncrypt wildcard certificate for an internal domain using ACME-dns in pfSense ====== 1. Install the ACME Package: - Navigate to "System > Package Manager". - Click the "Available Packages" tab. - Locate the "ACME" package and click the "Install" button. 2. Configure ACME Settings: - Go to "Services > ACME Certificates". - Under "General Settings": - Enable the "ACME DNS Validation" option. - Enter your desired email address for notifications. - Under "DNS Settings": - Select "ACME-dns" as the "DNS API". - Provide the API endpoint URL for your ACME-dns server (if external). - If using pfSense as the DNS server, leave this field blank. 3. Create a Domain Override - Go to "Services > DNS Resolver". - Click the "Domain Overrides" tab. - Click "Add". - Enter your internal domain name (e.g., *.mycompany.local). - Select "A (Address)" as the type. - Enter the IP address of your pfSense box itself as the IP address. - Click "Save". 4. Request a Wildcard Certificate: - Navigate back to "Services > ACME Certificates". - Click the "Add" button. - Enter your internal domain name with a wildcard prefix (e.g., *.mycompany.local). - Select "DNS Validation" as the challenge type. - Click "Create". 5. Complete DNS Challenge: //ACME-dns will present a DNS challenge record that needs to be added to your DNS server.// \\ - Go to "Services > DNS Resolver". - Click the "Custom Options" tab. - Add the challenge record as a custom option, following the format provided by ACME-dns. - Click "Save". 6. Finalize Certificate Issuance: //Once the challenge is validated, ACME-dns will automatically obtain and install the wildcard certificate. You can view the issued certificate under "Services > ACME Certificates".// ==== Additional Notes: ==== Certificate Usage: Use the generated certificate for your internal services and applications. Renewals: ACME-dns can automatically renew certificates before they expire. Troubleshooting: If you encounter issues, consult pfSense documentation or community forums for assistance. Remember: Replace placeholders like mycompany.local with your actual domain name. If using an external ACME-dns server, provide its correct API endpoint URL. Ensure your pfSense box is accessible as the DNS server for your internal devices.