Homelab

SSL Certificates for OPNsense through Cloudflare

Jamie Banks

19 May 2025 — 3 min read

When accessing the OPNsense web interface, by default you'll get a warning about the SSL certificate not being valid. If you have a domain in Cloudflare, then you can use their API with the help of Lets Encrypt to generate a valid certificate.

Cloudflare

To get started, login to your Cloudflare Dashboard to generate an API token.

Choose API Tokens on the left hand side then choose Create Token.

Under API token templates, choose 'Edit zone DNS' - this will give Certbot permission to make a temporary DNS record to validate your domain ownership.

In the next window titled Create Token, you can choose to give your token a name and specify the domain that you want to generate a certificate for. If you have a static public IP where your Proxmox server resides then you can put this into the Client IP Address Filtering box. If you're not sure then just leave this as the default which is nothing.

Once all filled in, it should look similar to this...

Now choose Continue to Summary, then Create Token.

Your new API token should then be shown on screen, keep this somewhere safe for later.

OPNsense

To begin, login to your OPNsense web GUI.

On the left, go to System -> Firmware -> Plugins

Search for acme and install the package called os-acme-client...

When you see ***DONE*** in the console, you can continue

Once done, refresh the page to reload the services

On the left, go to Services -> ACME Client -> Accounts

Select the Accounts tab at the top then choose the + symbol

Fill in similar to the below...

Next, go to Services -> ACME Client -> Challenge Types

Select the Challenge Types tab at the top then choose the + symbol

Fill in as below, make sure to enter your Cloudflare API Token in the CF API Token box that you saved from earlier...

Next, go to Services -> ACME Client -> Certificates

Select the Certificates tab at the top then choose the + symbol

Fill in as below...

Common name is the full URL of your OPNsense instance using your Cloudflare domain

Make sure to choose the ACME Account and Challenge Type that you created earlier

Now, choose Issue or renew certificate on the right here...

Once you see Last ACME Status show OK, you can proceed

Finally, go to System -> Settings -> Administration

Then, select your certificate like this...

Make sure you've added a DNS record in Unbound for your OPNsense using this host and domain.

Clear your browser cache, then reload your OPNsense web gui. You should see your new certificate in use.

Self Hosted Docker Image Repo Using Harbor

Harbor is an open-source container image registry that enhances the Docker Distribution project by providing a robust set of features tailored for enterprise needs. It offers: * Role-Based Access Control (RBAC): Manage user permissions with fine-grained control. * Image Vulnerability Scanning: Automatically scan images for known vulnerabilities using tools like Trivy or

VMs vs LXCs: When to use what

If you're running a Proxmox environment, you've probably noticed it supports two types of virtualisation: Virtual Machines (VMs) and Linux Containers (LXCs). Both are powerful, flexible, and useful in different scenarios, but knowing when to use which can save you time, resources, and a few headaches

Self Hosted Google Photos Alternative

I've been on the hunt for a Google Photos alternative for a number of years if I'm being honest. My Google account has been near the 15GB limit on and off for a while which is what caused me to look for a self-hosted alternative. I&

Proxmox Datacenter Manager

If like me you have a lot of individual Proxmox nodes or a lot of Proxmox clusters then this is for you. Proxmox Datacenter Manager allows you to combine all of your Proxmox nodes and clusters into a single web interface. Funnily enough a bit like vCenter from VMWare ;) Proxmox