Thank you!! - Although it was just a walk-through, seeing how it all fits together is the perfect starting point for more advanced learning.

You definitely deserve more recognition. Your videos are extremely well put together. Hope you keep making them! Greets from Portugal!

Amazing video, thank you so much for making this. Worked 100%. Only thing I'll add is ensure you either have a hosted domain name to use or a dynamic DNS host entry which needs to match the name of the router. Hope you come back and make more videos as yours is outstanding!!!

you can use 443 if you don't like using port 80 just change to Standalone TLS-ALPN server, hope it helps. thanks for the video.

AWSOME - You included everything, unlike other videos. Thank you, from Cape Town, South Africa

It works! I used cloudflare dns (not standalone HTTP server). At first I got errors, but I made 2 mistakes: Wrong subdomain and a typing error. Fixed those, and now the connection is secure

Thank you - I implemented it according your video - still valid after 2 years.

I like your well-organized style, thanks for the detailed explanation.

Thanks for clearing up some gray areas regarding certificates.

Hello. Thanks for your Video. Sorry for my bad English. because of port 80. you can usually set wan under advanced schedule so that the port is only active at a certain time. namely when the cron job is running.

Thanks to your great video I was able to setup my certificate. I appreciate the details you provided.

amazing video. thank you for sharing this. your instruction is crystal clear

That’s a great video, thanks .My setup didn’t work, I had to add a floating rule similar to the wan rule but it only worked externally by directing it to port 8000 for some reason

I could not get the ACME certificate to issue on my pfsense with HA Proxy. I have a cloudflare sub domain and ACME fails with error 400 - "Unable to update challenge :: authorization must be pending". I also deleted http to https redirect on HA Proxy but that did not help.

So I tried to do this but using DNS-Cloudflare instead with my domain name and API key. I'm getting a ERR_CERT_AUTHORITY_INVALID error. What could I be missing here? The certificate generated successfully and everything, this was the only issue. I do have pfblocker enabled and suspect this may be it. What else can I be missing?

Great video. Could you create one using DNS validation? It seems to be pfsense's recommended way.

How quick was that! Great video!

This is a great video for getting firewall UI certs. This leads me to a question to further use let's encrypt within the internal network of the firewall. I have a ddwrt router (which needs a cert) that is receiving its ip from pfsense. What process would be best to get a let's encrypt cert without exposing ddwrt to the outside world? Thanks again for the education on cert setup.

What all does "have your domain ready" at @4:03 entail? I have a domain, I've essentially done nothing to it, and I get an error when I try to issue the certificate. From researching it, it seems like LetsEncrypt is looking for a txt file at the domain, but I'm not hosting a site with this domain.

Thanks for that... It's not straightforward. But do you have other guides for getting it working with the DNS method instead of Standalone HTTP Server? Getting it working with the DNS method would negate the need for setting a new port for the WebConfigurator, and the fw rule to open port 80, and disabling the webgui redirect rule. Plus, i'd be able to use my hostname.domainname resolution instead of the external DNS name even when im on the LAN. I mean, I get why you did it this way; because it's the easiest way to get up and running without any external configuration, but it's not the optimal method.

After this video, you earned my sub and likes... Ill checkout the content, thank you so much... Cheers from Costa Rica.

can you specify ACME as the source, i understand your explanations on hacking port 80 just thought it would be better to have specific ip's as the source instead of leaving it (any). good video. thanks

Great tutorial and it worked instantly on my home network. Thank you! I also added my pfSense as a subdomain to Cloudflare, but I am getting an error for the host. It says that Cloudflare is unable to establish an SSL connection to the origin server. Any hints what causes this?

Thank you for this, great guide. You've got yourself a sub👍🏾

That Was Awsome , You explaind that very clearly and easy , thanks a lot

thnx a lot for shorting the way for me with my pFsense :X

comprehensive and concise - good job :)

Great video! Just wondering if you have the issue of the SSL certificate not renewing if HAProxy is running? I need to disable it to renew my ticket for some reason if not i will get the following error “Cannot negotiate ALPN protocol”

What happens if you are using port 80 forwarded to a web server behind your pfSense firewall?

I keep getting check that a DNS record exists for this domain

Okay great video. I can not get my cert to stay it keeps defaulting under advanced webConfigurator (SSL/TLS Certificate) Not sure what I missed

using noip what choice do i have to select for the webpage; DNS Host, Web redirect, DNS Alias (CName)?

how to enable SSL cert for my website (http), hosted on my local server, to make it HTTPS using pfsense and Let's Encrypt ?

So If you always use ip addreses of your devices (like ip cams) you will never get an encripted connection? You need to setup a dns for each device?

It's possible to use this resources in PFSENSe to generate certificates to another machines (for example the machine with webservice in IIS, in intranet)?

Thankyou for this was very easy to follow the first try it faild but then i changed the domain i was using one of my sub domains and that worked fine however even tho it issued fine and all that it still has an ! on the padlock saying connection not secure

Great video, you made it nice and easy to setup and it all worked perfectly :)

A question if the pfsense web gui is running with ssl with a self-signed certificate (443), and the Certbot uses port 80. What is the relevance of changing the port?

How can i disable accessing public IP i have already ssl on my domain pfsense but i can still access the public ip with no ssl cert what will be the redirection of the public ip?

Thank you for the video. Is there trick in order for pfsense to accept the certificate even if we use the IP address instead of the domain name?

Hi, I have done exactly what you did but my pfsense is running on the default certificate, I have change SSL/TLS Certificate option from default to Let's encrypt but it's running on the older one. Please help

i got an error on certificate, did you publish the solution?

I didn't see you creating an A DNS record (ACME challenge). Did I miss it?

stupid question here: I don't have a domain name or anything, I've got my pfsense connected to my ISP modem, I want to use lets encrypt for traffic coming in and out from the ISP modem, is that feasable? I don't have domain name and im using pihole as my DNS server. thanks

I got lost while adding the domain name. Where did you get this domain name from? Great video btw.

Hi, I'm just wondering if these certificates auto-renew?

Great Video! Thanks

Excellent demo, thank you. Consult the same certificate I can use for a transparent proxy server, activating the option "HTTS / SSL Interception", "SSL / MITM Mode" "Splice All", and in the option "CA" use that was created by the package "Acme" Thank you

Very thorough. Thank you

Does the cron job apply to DNS-Manual method?

How do i get domain name SAN? I dont have a domain. Thanks in advance

please shoot a video about pfsense suricata. show how to block and unblock ip sorry for my bad English

It doesn't work with my port 8443 not 443.

how do you go about obtaining the domain name?

hi man, i success till get certificate and put in on system>advance but my firewall still can't secure, any suggest ?

How can I do this behind CGNat?

I check your video and setup same in my Pfsense but when I check these certificates in browser with valid domain then it's given error ^fake certs and non-secure certs^

should i disable port 80 after i get the cert working?

did exactly what you did but got a " 400 bad request The plain HTTP request was sent to HTTPS port nginx " instead and now im locked out of my pfsense...

good job

Hey dude, Superb easy to follow video! Setup with no worries except one? I can't get Truenas to connect to update servers on port 80. I opened a port and found my NAS connected to the Internet so promptly turned it off!!. Any chance you can give me some pointers with the Rules/NAT configuration, please?.

is there any option to do this same on OPNsens?

It works fine Thanks

Thanks man

Hi there, great tutorial video. However, I am stuck with one problem. I am getting a connection timed out (522) from cloudflare when I try to load my site. I have cloudflare set up to proxy the DNS entry but I have also tried it as a straight A type as well. My WAN rule looks just like what was created here. Not exactly sure where to look for the issue next. Would appreciate a hint!

thx 4 tutorial !

my ntopng stopped working

I wish you had used a real(ish) set up with both WAN and LAN interfaces. On top, your rules are not default ones; moreover, what you are showing as "WAN" port has FW rules for LAN interface. I am pretty sure, those who are watching this kind of tutorials are beginers with pfSense and your interfaces and rules will confuse a lot of folks - myself included.

Спасибо вам!

Thanks

Mine cert couldn’t register

LoL. I wouldn't do it like this

hey yes

where did the get the domain in the 1st place?