Let's encrypt certificate on Google domains with pfsense

Hey everyone,

Does anyone know how to use let’s encrypt with Google domains on of sense. I can find some info online but it seems to be all over the place.

An assumption is you use the free Cloudflare for your DNS. If you opt to use Google to manage your DNS for your Google Domain you will have to use “Standalone” HTTP or HTTPS mode. I do not use this option.

In pfSense ->Services -> Acme Certificates then 3rd tab select “Account Keys”. Create yourself account keys by entering the google email associated with your google domain. Use the pull down option for the V2. Click Create New Account Key, then Register ACME Account Key. Save Settings.

On 2nd Tab select “Certificates” and Add. Enter name (I use my domain name), default Status of Active and then make sure ACME account is selected for your appropriate account. Under Domain SAN List select Active and type your domain name you are wanting certificate for. For Method select “DNS-Cloudflare” and enter your API key (Found under your Cloudflare account for Global API Key).

If you have sub.domain names you can enter each of those in separate entries and each of them will receive certificates. DNS-Sleep is left blank but enter the command under Action List to “restart the web GUI”.

Once you save this, it willl take a minute or two to see if the certificate is received. You will either see a green status at the top of the screen when done saying it was successful or Red if it was not.

Good Luck.

Thanks. What if I want to use Google DNS how do you set up manual https mode?

Thanks braf

I dont know. Never used that method.

1 Like

I see that acme v2 is available now. some forums are suggesting there is a way to get this to work with google domains. has anyone had any success with this and pfsense yet?

Hi there,
This is way too late, but I struggled for a day with this and I find the best way is to use DNS manual. You will be asked to add a txt record with some specific key on your dns and renew. It really worked fine, using http standalone was a real hassle.

1 Like