So after a bit of best practice here.
I have 5 names on my cert that PFSense firewall gets issued. I’m just trying to figure out the best way to get them from my pfsense /conf/acme/name.pem folder to my servers that need them.
There are three ways i can think of.
PFSense exports as p12 (passworded) to a file share locationed on my network, each Linux box pulls them in and copys the files to where they need to be and restarts services.
PFSense scps the files to the servers that need them, and triggers a restart of the each service on the servers.
i.e.
scp /conf/acme/LiveCert.key [email protected]:/etc/cert/privkey.pem
scp /conf/acme/LiveCert.all.pem [email protected]:/etc/cert/fullchain.pem
Create a new user on PFSense, with access only to /conf/acme/ and have each Linux box scp the files off, then restart services.
Which i run using the built in script runner in PFsense once the cert has renewed.
Then once a month i have a cronjob running the following script (as root and with keys added)
How do you change the certs to pen I only have one pen xxxx.all.pem for example that must be the fullchain.pem but how to get the privacy.pem I do have one .key ?