First of all, I’d like to give a big shout-out to LTS. Over the years your YouTube channel became one of the main information and inspiration sources of all kinds of IT related topics. It’s really great stuff!
That being said, I was hoping to get some ideas about a project I’m running in my lab.
I followed your video about ACME, Let’s Encrypt and HAProxy for HTTPS offloading on pfSense. That worked really well and saved lots of time as I was previously dropping LE certificates manually into my ESXi, pfSense, web servers, etc.
The challenge I am facing is regarding the captive / guest portal on my UniFi Cloud Key that I’d like to use for visitors. The connection between the UniFi AP and the Cloud Key is using a LE certificate, which can be refreshed manually or automatically by exposing port 80 on the Cloud Key every 90 days.
When guests connect to the AP via the captive portal this certificate is being used for the hotspot. And here comes my question. Do you have an idea how to utilize pfSense maybe with HAProxy to automate this process as well? I am essentially looking for a way to avoid exposing port 80 on the Cloud Key and was wondering if it’s possible to use SSL offloading between the AP to the CK.
Thanks for any ideas,