Letsencrypt Certificates & OPNSense


I’m reporting back on the scene, I’ve been ill for almost a year and now it’s starting again with full force.
Well, still on crutches for a few months, but then :wink:

Just before I got sick I got so much new input from @Andy_Wismer (thank you so much!) because I’m still working on it.

Currently I have outsourced the firewall, which is running has been replaced by OPNSense.

As the next sub-project, I would like to move the certificates (Letsencrypt) to the OPNSense.

OPNSense would then distribute the certificates to the devices via SFTP.
Is there a sample solution how NS reads and accepts the certificates?

How do you do this?

  • cron job?
  • script?


The preferred situation is pretty much always to get the certs on the device that’s going to use them, so if you’re going to be using the cert on the Nethserver box, obtain it there as well. If you port-forward 80 and 443 directly to the Nethserver system, this is easy–just use the GUI as normal.

If you aren’t port-forwarding to the Nethserver system, you can use DNS validation. There’s some support for this in the base system, but I can never find the docs for it–but I’ve written a couple of guides on the wiki, here and here. There’s rarely if ever a need to obtain the certs on a remote device and then copy them to the Nethserver instance.