OPNsense integrates the Acme client to facilitate the easy acquisition and management of Let's Encrypt certificates, enhancing the platform's security capabilities. This integration allows users to automatically obtain and renew SSL/TLS certificates, ensuring encrypted communication channels for websites and services. The Acme client simplifies the traditionally complex process of certificate management, automating tasks that otherwise require manual intervention. With its user-friendly interface, OPNsense makes it straightforward to configure and deploy these certificates, supporting a wide range of validation methods including DNS and HTTP. By incorporating the Acme client, OPNsense not only bolsters its security features but also provides a seamless, automated solution for maintaining up-to-date encryption, thus ensuring robust protection for network traffic and sensitive data.

Have a domain provider, which allows remote access to change configurations on your domain. Actual List of provided providers:

1984Hosting ACME DNS Acmeproxy Active24 Alwaysdata.com aliyun.com All-Inkl.com ArvanCloud ArtFiles Aurora (PCextreme/Versio) AutoDNS (InterNetX) AWS Route 53 Azure DNS Bunny ClouDNS CloudFlare.com CloudXNS.com Core-Networks ConoHa Constellix cPanel cyon.ch DDNSS deSEC.io DigitalOcean DirectAdmin DNSExit dnsHome DNSimple DNS.Services Domeneshop DNSMadeEasy.com DNSPod.cn Domain-Offensive LetsEncrypt Domain-Offensive Resellerinterface/Domainrobot DreamHost DuckDNS Dyn Managed Dynu dynv6 EasyDNS EUserv Exoscale FreeDNS Gandi LiveDNS GoDaddy.com Google Cloud DNS Google Domains GratisDNS.dk Hetzner hexonet.com hosting.de Hurricane Electric Infoblox Infomaniak internetbs.net INWX XMLRPC IONOS domain IPv64.net ISPConfig 3.1+ JD Cloud Joker KingHost Knot (knsupdate) LeaseWeb lexicon (DEPRECATED) Linode (v3 / Deprecated) Linode (v4) Loopia LuaDNS.com MailinaBox Mythic Beasts Name.com Namecheap Namesilo.com Nederhost netcup nic.ru Njalla NS1.com nsupdate (RFC 2136) online.net OPNsense BIND Plugin Oracle Cloud Infrastructure (OCI) OVH, kimsufi, soyoustart and runabove PowerDNS.com Plesk PointHQ Porkbun Rackspace rage4 RegRu SchlundTech selectel.com / selectel.ru Selfhost Servercow Simply.com Transip united-domains Reselling UnoEuro Variomedia.de Vscale Vultr World4You Yandex PDD Zilore Zone.eu zonomi.com

• Install plugin Acme on opnsense
• Create a Let's Encrypt Account through Services->ACME Client ->Accounts, this account is needed in other configurations. As you can see, the ACME CA provider is choosable, mostly use Let's Encrypt.

• Create a Challenge Type through Services->ACME Client->ChallengeTypes:
• Name it,
• Choose DNS-01 if you want to create changes on the domain provider and get the certificate through dns. All changes on the domain provider will be removed. They are only for creating the certificate.
• Choose the domain provider. In this case AllInkl.com. After choosing, input the login data. The login part is dependent of the choosen provider.

• Create a Certificate:
• The Common Name is the domain you want to create, for instance server.example.com
• For using wildcard, you have to add every domain you want into Alt Names, for instance test1.example.com test2.example.com. Leave the typing with tab, then you can type a new domain.
• Choose your created ACME Account
• Choose your created Challenge Type
• Enable Auto Renewal (a cronjob will be created automatically in System -> Settings -> Cron
• Set renewal Interval (dates).

• Create Automations: In the Run Command field you can choose some default commands, and custom commands. You can for instance create a custom command to copy to a remote server, or to run a script on a remote server.





• Logs: In the logs, you can see all renewal and automation activities