Let’s Encrypt Setup with GoDaddy® and PfSense®
Let’s get started!Under System / Package Manager / Available Packages, there will be a package called Acme. Click the install button and allow it to complete. Don’t leave the page till it says Success.
|
|
|
|
|
|
There really are no complex settings for this package add on, so if you are using any of the auto-renew methods, I would suggest checking this little box here in general settings. |
|
|
We have a few options for setting up the host verification process, first off we need to decide if this is a production site or just for testing. In the spirit of this Tutorial we will choose production. We want to put in a name and description that is sensible and easy for management. This may be a no brainer however, you will have to generate a new account key before registering an account key. It is easier to create separate Acme Accounts for each domain we are generating Certificates for. These will show up in the drop down for “Acme Account” when you create the domain account certificate. |
|
GoDaddy® API Access Key’s |
|
|
Lets’ get into setting up GoDaddy® API secure access keys. First we will need to log into our GoDaddy® Domain Hosting account I believe all GoDaddy® accounts have access to the developer portal, so then we need to type this address into the address bar. This has been confirmed with an account that only has basic hosting. |
|
|
After you click on the Generate Keys link, you will have the option of naming and generating an API Key Pair, be careful to store the secret in a safe place as it will only be shown once. You will need both key and secret for the steps to follow. |
|
|
We are going to go back to the firewall device and finish up the setup of Acme. So let’s go back to the Acme package now running under the services menu! |
|
|
Click on Certificates, this will open up dialogue to create a new certificate that we will be attaching to a domain. Give your cert a name and description for easy identification. Choose the Acme account you created earlier in the Account Keys section. Put in the actual FQDN for the site we are securing where it says Domain name. Since this is for GoDaddy®, the method should be set to DNS-Godaddy. Fill in the API key and secret you generated above, and choose an action item on the list, the page has awesome help tips on what to use here. Click save and you are done creating the certificate renewal accounts |
|
|
|
After you have saved all that hard work, you will be met with the option to Issue/Renew. This will verify hosting account ownership and then create the certificate! Voila we are done! Next tutorial is to setup HaProxy to host mutliple sites or even a single site behind our gateway appliance and have them redirect from http:// to https:// ! |
As of this documentMachine used in this example environment VMware Virtual Machine
|
|
Referenceshttps://doc.pfsense.org/index.php/ACME_package https://blog.artooro.com/2017/02/16/quick-easy-lets-encrypt-setup-on-pfsense-using-acme/ https://community.spiceworks.com/topic/1983563-pfsense-acme-letsencrypt-what-am-i-doing-wrong-here |
|
There is really no reason not to secure any of your sites or gateways with a self signed certificate because Let’s Encrypt is free, secure and easy to use. Especially when you use PfSense® as an OS for your security gateway appliance.
