Okay, I got this to work. It's a bit of a "hack" though. Since certbot wouldn't let me use the standard apache plugin (it failed each time..) this is what I did: (all to be setup in a weekly script when the portal is not in use meaning I can have a bit of downtime)
1. Stop packetfence : service packetfence stop 2. Use certbot to generate a standalone certificate : certbot certonly --standalone -d "server FQDN" -m "email for management of certificate" 3. Copy the now generated certificate files to /usr/local/pf/conf/ and rename them so that packetfence will use them on the next start (can probably be done better by changing the ssl config file in packetfence. I tried referencing them directly though and that did not work) cp /etc/letsencrypt/live/"FQDN"/* /usr/local/pf/conf/ssl/ cp /etc/letsencrypt/live/"FQDN"/cert.pem /usr/local/pf/conf/ssl/server.crt cp /etc/letsencrypt/live/"FQDN"/privkey.pem /usr/local/pf/conf/ssl/server.key cp /etc/letsencrypt/live/"FQDN"/server.crt /usr/local/pf/conf/ssl/server.pem cat /usr/local/pf/conf/ssl/server.key >> /usr/local/pf/conf/ssl/server.pem cp /etc/letsencrypt/live/"FQDN"/chain.pem /usr/local/pf/conf/ssl/chain.crt 4. Update /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf and add the following line. This is very important or the certificate will fail validation on a lot of browsers/tablets. Only needs to be done once : SSLCertificateChainFile %%install_dir%%/conf/ssl/chain.crt 5. Start packetfence again. The magic now picks up the certificate files and uses them : service packetfence start Since letsencrypt certificates are only valid for 90 days we'll need to run the certbot regularly to update the certificate if needed. The new certificate only takes effect when restarting packetfence. Voila :-) (oh btw, the portal needs to be internt accessible on https for the certificates to be generated. Mine isn't at the moment but looking at the FW I've opened up traffic (https) from outbound1.letsencrypt.org which seems to be originating the traffic when issuing the certificates) Hope this can be of help to someone else. I'm running this on RHEL7 (so no ZEN installation) -Michel Fra: Durand fabrice [mailto:[email protected]] Sendt: 16. november 2016 02:29 Til: [email protected] Emne: Re: [PacketFence-users] PacketFence with LetsEncrypt Hi Michel, i am also interested about using a letsencrypt certificate for Packetfence (ZEN). What you probably have to do is to follow the apache certificate generation instructions and check the conf/httpd.conf.d/ssl-certificates.conf file. Regards Fabrice Le 2016-11-15 à 02:22, Pedersen Michel a écrit : Hi everyone, I'm looking at using certificates from letsencrypt.org with my PacketFence server and am currently trying to get them installed using certbot. I must admit to not having done this before and having little experience with certificates (outside of generating/installing certificates from commercial vendors like comodo), so I was hoping that someone here had any experience with letsencrypt and packetfence and would be willing to share a bit of knowledge on how they did this. Any help would be appreciated :) Best regards Michel Pedersen Norwegian Public Roads Administration Postal address: Statens vegvesen Vegdirektoratet, Postboks 8142 Dep, 0033 OSLO Office address: Brynsengfaret 6A, OSLO Mobile: +47 99117502 e-mail/Lync: [email protected]<mailto:[email protected]> www.vegvesen.no<http://www.vegvesen.no> e-mail: [email protected]<mailto:[email protected]> Please consider the environment before printing this e-mail ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
