pfSense » pfSense Packages

Hello -

Please post to the forum for assistance. There is an ACME-specific category at https://forum.netgate.com/category/72/acme

This is possible in the current ACME package by adding additional SANs with the add button and is probably just being mis-configured.

They will all need to be validated in the certificate issuing process, of course.

I was referring to multiple domains inside a single SAN - otherwise the same DNS keys, API tokens, etc are copied multiple times, and when they change have to be edited in every SAN which is extra work and potential for mistakes.

In my case I'd need about 15 SANS for the 2 firewalls, and that's 15 copies of the same set of Cloudflare API keys, tokens, email addr, zone keys etc. 15 x 6 items if they all change, almost 100 entries to have to modify in the future, every time they change.

For now I just gave up and used a wildcard, let the hackers have at it.

Thanks Jim, I used the wrong terminology re domains/SANs.

The intention is still valid - would be good to have a single cert issue method definition shared by multiple SAN entries.

For ex.:

Method 1: DNS Cloudflare - API KEY=123 email=something API token=987 etc.
Method 2: Web dir

SAN 1: fw1.mydomain.com - uses Method 1
SAN 2: fw2.mydomain.com - uses Method 1
...
SAN 20: fw.comcast.mydomain.com - uses Method 1

This way, when any of the Cloudflare auth info for ex. changes in the future, it only needs to be modified in one place, not for every SAN.

If there's no interest in this because "most people" only need 1 or 2 SANS fair enough, I can discuss further in forums or look at doing a PR in the future.