# Acme Certificates with letsencrypt and cloudflare

This is to install and configure Acme certs with Letsencrypt as well as deploying HA Proxy for access to our internal services and add SSL services, we're using cloudflare for our cert verification.

On PFsense navigate to system/package manager/available packages

Search for acme and click install then on confirm

[![image.png](https://wiki.tinod.net/uploads/images/gallery/2023-03/scaled-1680-/Gs1h0rEvhFH4RLmN-aTtimage.png)](https://wiki.tinod.net/uploads/images/gallery/2023-03/Gs1h0rEvhFH4RLmN-aTtimage.png)

do the same for haproxy and install then click on confirm.

[![image.png](https://wiki.tinod.net/uploads/images/gallery/2023-03/scaled-1680-/JE4kNnf8nHM9PbCg-rpUimage.png)](https://wiki.tinod.net/uploads/images/gallery/2023-03/JE4kNnf8nHM9PbCg-rpUimage.png)

<p class="callout info">if you are installing this via the wan interface access, make sure you go back and disable packet filter as doing the installation will re enable, go to the shell and type pfctl -d to disable and gain access via WAN interface</p>

Navigate to Services/Acme

go to Account keys and click add, fill out the information below, for ACME Server you can use production or test, its the same

click on create new account key then register acme account key, after you are done click save

[![image.png](https://wiki.tinod.net/uploads/images/gallery/2023-03/scaled-1680-/o71mgnUXts2osSZK-qAWimage.png)](https://wiki.tinod.net/uploads/images/gallery/2023-03/o71mgnUXts2osSZK-qAWimage.png)

you have now your account key.

[![image.png](https://wiki.tinod.net/uploads/images/gallery/2023-03/scaled-1680-/vKcaHy0T00Gc6wG9-hRyimage.png)](https://wiki.tinod.net/uploads/images/gallery/2023-03/vKcaHy0T00Gc6wG9-hRyimage.png)

Navigate to General Settings and select Enable Acmee client renewal jojb to auto renew your certificates.

[![image.png](https://wiki.tinod.net/uploads/images/gallery/2023-03/scaled-1680-/kdfrXuuHoCM9xp3A-KgQimage.png)](https://wiki.tinod.net/uploads/images/gallery/2023-03/kdfrXuuHoCM9xp3A-KgQimage.png)

now you can create your first certificate, navigate to certificates and click add, we're using cloudflare

[![image.png](https://wiki.tinod.net/uploads/images/gallery/2023-03/scaled-1680-/2SW8a3cVkNeblSMw-gzaimage.png)](https://wiki.tinod.net/uploads/images/gallery/2023-03/2SW8a3cVkNeblSMw-gzaimage.png)

For this lab we're using a wildcard certificate, for our domain we will do \*.tinod.com

you need to get your key, token, accound ID and Zone ID from cloudflare

[![image.png](https://wiki.tinod.net/uploads/images/gallery/2023-03/scaled-1680-/YX79ir7V9NjTTgeY-N9vimage.png)](https://wiki.tinod.net/uploads/images/gallery/2023-03/YX79ir7V9NjTTgeY-N9vimage.png)

click add and your cert will be ready and it will renew automatically