ACME with OPNsense

OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.

One of the requirements for the use of OPNsense with ClouDNS is to have access to our HTTP API. All our Premium DNS and DDoS Protected DNS plans include access to the HTTP API and can be used to generate free SSL certificates with Cerbot for any hostname you need. Another important condition is, that your domain is delegated to our name servers and the DNS for the domain name is hosted on our side.

How to configure ACME with OPNsense

  1. Install OPNsense. You can download it from here
  2. Install the ACME Plugin. You can download the plugin from here
  3. After installation go to Services > ACME Client > Settings and enable plugin
  4. After enabling plugin go to Services > ACME Client > Accounts and create an account used for Let’s Encrypt as shown in the image below.

  5. After registration Let's Encrypt go to Services > ACME Client > Challenge Types and configure ClouDNS as shown in the example. You can use either your auth-user id or sub-user id at ClouDNS. If you have not created an auth-user or sub-user, you can do this from here.

  6. After setting up Challenge Types go to Services > ACME Client > Certificates and configure the certificate you want to use. Select the previously created Challenge Type and Renew Webinterface automation as shown.

  7. Last, select the Issue or Renew certificate command.

Difference between Sectigo SSL certificates and Let's Encrypt SSL certificates

 As you know, ClouDNS provides Sectigo SSL certificates. Currently, there is no difference in the security between the provided Positive SSL certificates and Let's Encrypt SSL certificates. The advantage of the Positive SSL certificates is that they are issued by Sectigo for 1 year (Let's Encrypt certificates are issued for 3 months) and the relying party warranty they have. The Let's Encrypt SSL certificates are a good option for mail servers, control panels, internal systems, and other types of administrative services, but using trusted SSL certificates is still an advantage for commercial websites.

Last modified: 2024-07-05
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more