[x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
[x] When the request is meant for an existing plugin, I've added its name to the title.
Is your feature request related to a problem? Please describe.
It is unclear where the SSH certificate is located that is required to use SSH/SFTP automations of the ACME Client.
In the OPNsense WebUI under Services: ACME Client: Automations: Introduction it is only stated that one should:
Copy a certificate to one or more other hosts using the SFTP/SSH protocol.
This way OPNsense can be used as a central authority for ACME certificates and secrets for DNS providers can be kept on a secure device.
Describe the solution you'd like
As far as I know, the SSH certificates that one needs to copy to a remote server in order to use the SSH/SFTP automations of the ACME client are located on OPNsense in the /var/etc/acme-client/sftp-config directory.
If this is the case, there should be a note on the Introduction page of the ACME Client Automations tab that only SSH certificates from there can be used for this purpose.
Describe alternatives you've considered
Alternatively, an entry about the ACME client could be created on the OPNsense plugins documentation page.
As far as I understand, the ACME client isn't documented at all, or I haven't been able to find it if it exists.
Additional context
I had trouble using the ACME Client's automation to upload the TLS certificates it requested from LetsEncrypt to two servers via SFTP.
I ended up getting it to work, but only by searching the web instead of using the OPNsense documentation.
I hope we can find a solution to improve this.
Thanks in advance. :slightly_smiling_face:
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
Is your feature request related to a problem? Please describe. It is unclear where the SSH certificate is located that is required to use SSH/SFTP automations of the ACME Client. In the OPNsense WebUI under
Services: ACME Client: Automations: Introductionit is only stated that one should:Screenshot:
I could also not find any information in the OPNsense Docs at https://docs.opnsense.org/plugins.html The only hint I found was this post in the OPNsense forum: https://forum.opnsense.org/index.php?topic=25144.0 Before I found this post, I tried to use SSH certificates I manually generated in
/root/.sshon OPNsense.Describe the solution you'd like As far as I know, the SSH certificates that one needs to copy to a remote server in order to use the SSH/SFTP automations of the ACME client are located on OPNsense in the
/var/etc/acme-client/sftp-configdirectory. If this is the case, there should be a note on the Introduction page of the ACME Client Automations tab that only SSH certificates from there can be used for this purpose.Describe alternatives you've considered Alternatively, an entry about the ACME client could be created on the OPNsense plugins documentation page. As far as I understand, the ACME client isn't documented at all, or I haven't been able to find it if it exists.
Additional context I had trouble using the ACME Client's automation to upload the TLS certificates it requested from LetsEncrypt to two servers via SFTP. I ended up getting it to work, but only by searching the web instead of using the OPNsense documentation.
I hope we can find a solution to improve this. Thanks in advance. :slightly_smiling_face: