Pfsense SSL expired and I am unable to fine where!

I have set up all of my local in network servers to use my pfsense router and haproxy to use the same SSL wildcard cert. I had all of this working just fine then I went on vacation. When I returned, I logged in to pfsense it the browser complained that my wildcard SSL Cert had expired. Well I browsed around to my other URL’s, bitwarden, nextcloud, truenas, etc and they all worked and where secured with the same wildcard SSL cert. I get my wildcard cert through pfsense app acmecert/lets encript. I would think that if my SSL had expired all my internal haproxy servers would complain also.

I looked and did not see any certs what were expired and needing renewal. I am stumped at this point and looking for assistance.

Thanks in advance.

this might help
https://blog.tastatursport.de/2021/09/pfsense-2-5-x-letsencrypt-haproxy-proper-mitigation-of-expiring-le-intermediate-ca/

Look in the pfsense certificates manager page and see if they are showing expired there.
https://docs.netgate.com/pfsense/en/latest/certificates/index.html

Yeah, I checked my certificate manager under certificates and I have none that are expired. It appears that pfsense is picking up a different cert that all of my other servers/apps.

Any help would be nice.

To me it looks like nginx, which serves pfSense’s webUI, has not adopted the new certificate for some reason. Did you reboot the box? You could also try to execute option 11 “restart webConfigurator” in the console menu, which should restart the nginx web server.

You where right. The web configurator was the culprit. I restarted it and the cert works fine now. How often should i expect for the WC to loose its cookies and ignore the cert? Should i schedule a WC restart once a week?

In any event, I’m good now and back online and secure. Thanks for all the input.

bfnpmsz

You can configure an action when ACME renews the cert.