PfSense: reverse proxy all the things. Part 4: Install AMCE for automatic SSL certificates

In this part we configure ACME for automatic Wildcard SSL Certificates.
Other Parts in this series:
– PfSense: reverse proxy all the things. Part 1: OpenVPN on tcp port 443
– PfSense: reverse proxy all the things. Part 2: Install HA-Proxy and configure frontend and backend for OpenVPN
– PfSense: reverse proxy all the things. Part 3: Configure HA-Proxy for SSL traffic
– PfSense: reverse proxy all the things. Part 5: Configure HA-Proxy for SSL-Offloading

Part 4: Install AMCE for automatic SSL certificates

Install ACME on PfSense

To install the ACME in PfSense goto: System -> Package Manager -> Available Packages.
search for ‘acme’ and install it.
Once installed you should see them in your ‘Installed Packages’

Configure ACME

To configure ACME goto: Services->Acme Certificates.
first we need to add an account key under ‘Account Keys’ click ‘Add’ to add anew key

Name: ACME
ACME Server: Let’s Encrypt Production ACME V2
E-Mail Address: <your email address>
click on the ‘+Create new account key ‘ to generate a new key
Once the key is generated click on ‘Register ACME account key. then ‘Save’

Generate Wildcard Certificates

To Create the certificate goto ‘Certificates’ and click ‘Add’
Name: I usually put the FQDN here
Status: Active
Acme Account: acme
Private Key: 384-bit ECDSA
Add a new entry in the Domain SAN list :
(When using CloudFlare generate an api on the CloudFlare site that allows DNS editing.)

Action List:
( I restart the webgui and the haproxy after a new cert is generated.)

Click ‘Save’
Once back in the certificates windows you should the entry for the Certificate where you know can click ‘Issue/Renew’
to request the certificate.
After the certificate is created you should see it under ‘System->Cert. Manager-> Certificates’
And the Let’s Encrypt CA should be import under ‘System->Cert. Manager->CAs’

In the final part we’ll use this certificate for SSL-Offloading