pfSense Support Subscription

Author Topic: Automatically renew Lets Encrypt with Squid reverse proxy  (Read 257 times)

0 Members and 1 Guest are viewing this topic.

Offline joppybt

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
Automatically renew Lets Encrypt with Squid reverse proxy
« on: March 13, 2017, 03:19:47 pm »
[Posted before in a topic by someone else, bad idea, it was unanswered]

I want to use a Lets Encrypt certificate with the Squid reverse proxy.
Renewal of the certificate all works fine but Squid keeps serving the old certificate.

The renew action is set to /usr/local/etc/rc.d/squid.sh restart but that does not help. Even when I ssh into the box and do this restart manually it makes no difference.
What however does help is pressing Save in the Squid reverse proxy page.

My guess: Squid makes a local copy of the certificates in "/usr/local/etc/squid" and only refreshes this on Save, not on reload.

Is there a way to do this 'Save' as renewal action after the ACME refresh?

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 7990
  • Karma: +823/-214
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Automatically renew Lets Encrypt with Squid reverse proxy
« Reply #1 on: March 13, 2017, 06:42:17 pm »
The renew action is set to /usr/local/etc/rc.d/squid.sh restart but that does not help.

Won't work, you need something like squid_resync_general() (see squid.inc)
Do NOT PM for help!

Offline ferao

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Automatically renew Lets Encrypt with Squid reverse proxy
« Reply #2 on: March 17, 2017, 04:39:30 am »
[Posted before in a topic by someone else, bad idea, it was unanswered]

I want to use a Lets Encrypt certificate with the Squid reverse proxy.
Renewal of the certificate all works fine but Squid keeps serving the old certificate.

The renew action is set to /usr/local/etc/rc.d/squid.sh restart but that does not help. Even when I ssh into the box and do this restart manually it makes no difference.
What however does help is pressing Save in the Squid reverse proxy page.

My guess: Squid makes a local copy of the certificates in "/usr/local/etc/squid" and only refreshes this on Save, not on reload.

Is there a way to do this 'Save' as renewal action after the ACME refresh?

Hi - I'm having the same problem with Squid, did you solve this so that the certificate autoupdates in squid? - and if so, how? :-)

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 7990
  • Karma: +823/-214
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Automatically renew Lets Encrypt with Squid reverse proxy
« Reply #3 on: March 17, 2017, 05:25:14 am »
The solution is right above your post.
Do NOT PM for help!

Offline ferao

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Automatically renew Lets Encrypt with Squid reverse proxy
« Reply #4 on: March 17, 2017, 08:56:02 am »
The solution is right above your post.

Yes, and i tried to insert both:

squid_resync_general()

and

require 'squid.inc'; squid_resync_general();

as a php command script under Actions for my certificate, but it did not work.
I'm not expirienced with this, so i'm at a loss, and so far, researching php commands and pfsense did not provide a final solution.

Offline ferao

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Automatically renew Lets Encrypt with Squid reverse proxy
« Reply #5 on: March 20, 2017, 06:08:39 am »
The solution is right above your post.

Yes, and i tried to insert both:

squid_resync_general()

and

require 'squid.inc'; squid_resync_general();

as a php command script under Actions for my certificate, but it did not work.
I'm not expirienced with this, so i'm at a loss, and so far, researching php commands and pfsense did not provide a final solution.
Since i was unable to find the correct syntax / solution on my own, i was hoping that someone else, better at pfsense / php, would be so kind that they would provide me with the solution, if it was known to them.

Regards

Offline ferao

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Automatically renew Lets Encrypt with Squid reverse proxy
« Reply #6 on: March 22, 2017, 09:50:51 am »
The solution is right above your post.
would you be so kind as to write the correct command with syntax and all? - would that be possible?

thanks in advance.

Offline ferao

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Automatically renew Lets Encrypt with Squid reverse proxy
« Reply #7 on: Yesterday at 06:53:57 am »
The solution is right above your post.

Hi Doktornotor

Can i trouble you for the correct syntax for this command?