(Updated Video In Description) Creating pfsense Let's Encrypt Wildcard Certificates using HAProxy

Your are an IT God Tom - Thank you for all you do....

Great Video Tom! Things work like a charm. However, I did run into an issue. I have servers that I've assigned with a static IP. When I check the box, "Register DHCP static mappings in the DNS Resolver" ... I loose the host overrides that I've specified... and therefore, no cert when I visit in internal server. When I uncheck the same box...boom, the overrides work and the cert is there. Is this the expected behaviour of PFsense?

To fix the issue of all the logs saying the connection is coming from the pfsense box (192.168.1.1) you can turn on the Use "forwardfor" option in the advanced settings part of the front end. It adds a header that contains the client machine's IP address.

Thank you for amazing videos ! One thing I noticed, you use wrong command in Action list. Should be "/usr/local/etc/rc.d/haproxy.sh restart" you have only "/usr/local/etc/rc.d/haproxy.sh" :)

Thank You for wonderful technical videos and information

Nice video, got it working thanks. Can you add this cert for accessing your pfsense box too? Do you need the HA reverse proxy in that case?

This can be really useful! Thanks

Great video setup got it working thanks

18:24 Wouldn't 'Use "forwardfor" option' help with that?

Great video, thanks!

Great video. Everything Works now
But i want to use the fqdn internal like for instance a bitwarden server needs HTTPS in browser. I setup my Pihole to internal have DNS records set but i cant get it to work that HAproxy gives the SSL to the domain internal.

Finally got it to work :D

Hi everyone
I think I have broke my connection with my router I can not connect and I get the wildcard cert instead the SSL and one last thing for Tom good video and informative but I can not make it work with Nextcloud . Can you please make one video on how to connect to a jail for instance (Nextcloud)
Thanks

@18:14 - Can't HAProxy pass the client IP on to the backend server?

The DNS Overriide works great, i can ping the name i want to access and it reolves it to the correct ip. But i cant access the service i want to connect to, in the HaProxy Dashboard the Bachend shows offline, but the backend settings are correct. Do i miss some Firewall rules for Haproxy ?

Great video, thx! I assume for SSL on LAN hosts HAProxy package is a must?

You sir, are the best. Please employ me lol.

Many thanks

Thank you for the video. I just have one question, what if I'm trying to create an internal SSL for my Synology NAS, since I'm routing all traffic to the LAN IP, when I do SMB to mount a folder it doesn't find the NAS

Anyone knows if this also works with the DNS-alias technique? I have a domain without the ability to add API-access but have a dummy domain with it. I'm able to use the dummy domain for normal certificates. But trying out wildcards doesn't work yet.

@Lawrence Systems at 16:50, you mentioned you have multiple LAN on your office, any guidance on how to do this with multiple Subnets (LANs), I have a couple of services running on a different LAN and I haven't be able to get it working. (Main LAN is working flawlessly)

Thanks!

I fix it, I forgot to change the 443 port to 10443 port all good on that

So for private servers accessed through VPN, it seems like you still need a specific individual domain with a public entry in order to resolve without SSL errors? If I am understanding that right, that's the way to go for VPN clients, and then wildcard for everything else that won't be accessed via VPN?

I have followed as Tom did and did not work at all i need help if anybody has some spare time!

First

The guy has noble intentions, but his videos are scatterbrained caveman mumblings... could be much more logical and coherent.