Skip to content

Instantly share code, notes, and snippets.

@juliocbc

juliocbc/acme_plugin_patch.md

Last active September 30, 2021 01:19
Show Gist options
  • Save juliocbc/553fca2ee41d45d8b75ef954163de410 to your computer and use it in GitHub Desktop.
Save juliocbc/553fca2ee41d45d8b75ef954163de410 to your computer and use it in GitHub Desktop.
Download ZIP
OPNsense - Let's Encrypt X3 CA expiration fix (acme plugin)
Raw
acme_plugin_patch.md

Steps guidance kindly provided by Frank Wall on Twitter

USE AT YOUR OWN RISK

Tested on OPNsense 20.7.8_4 (may work on newer versions)

Download updated acme packages:

fetch https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/latest/All/acme.sh-3.0.0.txz

fetch https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/latest/All/os-acme-client-3.1.txz

Install downloaded packages

pkg install acme.sh-3.0.0.txz

pkg install os-acme-client-3.1.txz

Apply the patchs provided by plugin maintainer

opnsense-patch -c plugins ae69739 9220a41 247408e 774374a4

Restart configd

service configd restart

On WebUI, go to Services: ACME Client: Certificates and click on the '*' (Re)Import button (4th from left to right); Restart the services that are using the certificates (ex. Nginx / HAProxy)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment