Lets Encrypt On pfSense

Set-Up Lets Encrypt On pfSense

Setting up Let’s Encrypt on pfSense involves using the ACME package to automatically request and renew SSL certificates for your domains. This guide assumes you have a domain name pointing to your pfSense router’s public IP address. Here’s how to set up Let’s Encrypt on pfSense:

1. Install the ACME Package:

  1. Log in to the pfSense web interface.
  2. Go to “System” > “Package Manager.”
  3. Search for “ACME” and install the ACME package.

2. Configure ACME Package:

  1. After installation, go to “Services” > “ACME Certificates.”
  2. Click on the “Issue/Renew” tab.
  3. Click the “+” button to add a new certificate.
  4. Configure the certificate settings:
    • Domain: Enter your domain name (e.g., example.com).
    • Domain key: Choose “Create a new key.”
    • Domain resolver: Choose “DNS-Cloudflare” or another method if needed.
    • Account key: Choose “Create a new account key.”
    • Certificate authority: Choose “Let’s Encrypt Production ACME v2.”
    • Validation method: Choose “HTTP-01.”
  5. Under “Custom Options,” enter the following:
    json
    {
    "webroot-path": "/usr/local/www/acme"
    }
  6. Save the configuration.

3. Configure Firewall Rules:

  1. Go to “Firewall” > “NAT.”
  2. Add a new port forward rule to forward external port 80 to internal port 80 on the pfSense router.

4. Create a Firewall Rule for Let’s Encrypt Validation:

  1. Go to “Firewall” > “Rules.”
  2. Create a new rule for the WAN interface:
    • Action Pass
    • Interface: WAN
    • Address Family: IPv4
    • Protocol: TCP
    • Source: Any
    • Destination: This Firewall (self)
    • Destination Port Range: HTTP (80)
  3. Save

5. Issue the Certificate:

  1. Go back to “Services” > “ACME Certificates.”
  2. Click the “Issue/Renew” tab.
  3. Click the “Renew” button for the certificate you configured.

6. Configure HTTPS Services:

  1. Go to “Services” > “Webserver.”
  2. Under “Webserver Settings,” check “Enable web server” and set the HTTPS port to 443.

7. Install the Certificate:

  1. Go to “System” > “Certificate Manager.”
  2. Click the “+” button to add a new certificate.
    • Method: Import an existing certificate
    • Certificate data: Paste the contents of the certificate (Full Chain)
    • Private key data: Paste the contents of the private key
  3. Save the certificate.

8. Configure Services to Use the Certificate:

  1. Go to “Services” > “Webserver.”
  2. Under “Default certificate,” select the certificate you imported
  3. Save the configuration.

Your pfSense router should now have a Let’s Encrypt SSL certificate installed and configured for HTTPS services. Make sure to test the certificate by accessing your domain using HTTPS. Remember to monitor certificate renewals to ensure that your SSL certificate remains valid.