Hi, I use the following script which runs once a week using cron (to make sure that the certificate is always up-to-date). It stops the packetfence service and uses the standalone function in certbot to setup a temporary server to get the certificate generated and then restarts packetfence once this is installed. As mentioned, the packetfence server needs to be reachable from google with a public DNS entry matching your certificate to generate the certificate itself.
Hope this will be of use to someone :) #!/bin/bash # Script to generate new certificate for servername.fqdn.com # # Stop packetfence service packetfence stop # Retrieve new certificate with certbot certbot certonly -n --keep --standalone -d servername.fqdn.com -m [email protected] # Copy certificates to packetfence cp /etc/letsencrypt/live/servername.fqdn.com/cert.pem /usr/local/pf/conf/ssl/server.crt cp /etc/letsencrypt/live/servername.fqdn.com/privkey.pem /usr/local/pf/conf/ssl/server.key cp /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.pem cp /etc/letsencrypt/live/servername.fqdn.com/chain.pem /usr/local/pf/conf/ssl/chain.crt # Add private key to server.pem cat /usr/local/pf/conf/ssl/server.key >> /usr/local/pf/conf/ssl/server.pem # Start packetfence service packetfence start echo "Certificate for servername.fqdn.com generated and installed from letsencrypt.org." Best regards Michel Pedersen Norwegian Public Roads Administration Postal address: Statens vegvesen Vegdirektoratet, Postboks 8142 Dep, 0033 OSLO Office address: Brynsengfaret 6A, OSLO Mobile: +47 99117502 e-mail/Lync: [email protected] http://www.vegvesen.no e-mail: [email protected] Please consider the environment before printing this e-mail -----Opprinnelig melding----- Fra: Jason 'XenoPhage' Frisvold [mailto:[email protected]] Sendt: 6. mars 2017 13:12 Til: [email protected] Emne: Re: [PacketFence-users] Lets Encrypt compatability Yes, basically. You could have another server that handles the certificate updates and then copy those to the back end packetfence servers. On 2/22/17 7:16 AM, Arthur Emerson wrote: > Stupid question - What does the LE server need to do when it connects > to the PF server? If it is just checking that the name resolves in > public DNS, could the PF server's *public* DNS name be pointed at > another web server to get past this test??? > > -Arthur > > ------------------------------------------------------------------------- > Arthur Emerson III Email: [email protected] > <mailto:[email protected]> > Network Administrator InterNIC: AE81 > Mount Saint Mary College MaBell: (845) 561-0800 Ext. 3109 > 330 Powell Ave. Fax: (845) 562-6762 > Newburgh, NY 12550 SneakerNet: Aquinas Hall Room 008-A > > > From: Jason 'XenoPhage' Frisvold <[email protected]> > <mailto:[email protected]> > Reply: [email protected] > <[email protected]> > <mailto:[email protected]> > Date: February 21, 2017 at 10:35:13 PM > To: [email protected] > <[email protected]> > <mailto:[email protected]> > Subject: Re: [PacketFence-users] Lets Encrypt compatability > >> I haven't tried it with packetfence, but LE works great for typical >> websites. It requires a public website, though, so if you're going to >> use it for your portal, the LE servers will need to be able to get to it. >> >> On 2/15/17 12:19, Sallee, Jake wrote: >> > Hello All! >> > >> > My current captive portal cert is through Comodo, suddenly all kinds of >> > devices are very upset about this fact. >> > >> > Most mobile devices no longer trust my cert and now some desktop/laptop >> > systems are complaining as well. >> > >> > Since it looks like I will need to be replacing my cert I was wondering >> > about using Lets Encrypt. >> > >> > It looks like a really nice project and the cost is right up my alley! >> > >> > Is there any reason I should not use a LE cert? Anyone see a problem with >> > this path? >> > >> > Jake Sallee >> > Godfather of Bandwidth >> > System Engineer >> > University of Mary Hardin-Baylor >> > WWW.UMHB.EDU >> > >> > 900 College St. >> > Belton, Texas >> > 76513 >> > >> > Fone: 254-295-4658 >> > Phax: 254-295-4221 >> > >> > ------------------------------------------------------------------- >> > ----------- Check out the vibrant tech community on one of the >> > world's most engaging tech sites, SlashDot.org! >> > http://sdm.link/slashdot >> > _______________________________________________ >> > PacketFence-users mailing list >> > [email protected] >> > https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > >> >> -- >> --------------------------- >> Jason 'XenoPhage' Frisvold >> [email protected] >> --------------------------- >> >> "A common mistake that people make when trying to design something >> completely foolproof is to underestimate the ingenuity of complete >> fools." >> - The Hitchhikers Guide to the Galaxy >> >> --------------------------------------------------------------------- >> --------- >> >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! >> http://sdm.link/slashdot_____________________________________________ >> __ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > ---------------------------------------------------------------------- > -------- Check out the vibrant tech community on one of the world's > most engaging tech sites, SlashDot.org! http://sdm.link/slashdot > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- --------------------------- Jason 'XenoPhage' Frisvold [email protected] --------------------------- "Space," it says, "is big. Really big. You just won't believe how vastly, hugely, mindbogglingly big it is. I mean, you may think it's a long way down the road to the chemist's, but that's just peanuts to space." - The Hitchhikers Guide to the Galaxy ------------------------------------------------------------------------------ Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
