Blog

Working with Jamf School

I’ve been using Jamf School at work for 3 years now. This is the first year (2024) in which I believe ALL of our faculty and staff Macs are enrolled in JS. Previously to the 21-22 school year, the school paid for Jamf Pro to manage the iPads for the K-5th graders and used imaging to deploy the Macs. I arrived in 2021, and that summer we began to move our devices and configurations to Jamf School.

Pfsense Https V2

Well, well, well, exactly 90 days later (the expiration date of the previous HTTPS certificate…) I had to dig in and manually renew the cert. I believe I’m the only one using it, so the impact was quite small. This time, I started from the PfSense web GUI and just clicked “renew”. It took a really long time and I didn’t notice any popups when it was done. I eventually logged into the unit via ssh and found the log file with cat /tmp/acme/us-pfsense/acme_issuecert.

Unifi Controller HTTPS

Here’s another HTTPS certificate story. This time, a self-hosted Unifi Controller was the “invalid certificate” annoyance. Yesterday, it began with attempting to use acme.sh from GitHub on our Ubuntu 22.04.1 LTS server which has unifi running on it. I did encounter a similar error to my last story, and I had to change my DNS servers again. That probably deserves another blog post so I don’t forget how to do it next time.

A Real pfsense HTTPS Certificate

Yesterday, I learned how to get Let’s Encrypt working on our PfSense router. First I set ssh to only use public keys, then installed the sudo package and the acme.sh package in the GUI. https://gaurangpatel.net/installing-nano-in-pfsense (this was very handy, as I am a nano user.) https://jarrodstech.net/how-to-pfsense-haproxy-setup-with-acme-certificate-and-cloudflare-dns-api/ The kicker was getting /etc/resolv.conf to not use internal DNS routing. We use OpenDNS Umbrella’s free teir and we block the VPN category. acme.

Hello World

First post!

A Real pfsense HTTPS Certificate

Planted January 12, 2023

pfsense_logo

Yesterday, I learned how to get Let’s Encrypt working on our PfSense router.

First I set ssh to only use public keys, then installed the sudo package and the acme.sh package in the GUI.

https://gaurangpatel.net/installing-nano-in-pfsense (this was very handy, as I am a nano user.)

https://jarrodstech.net/how-to-pfsense-haproxy-setup-with-acme-certificate-and-cloudflare-dns-api/

The kicker was getting /etc/resolv.conf to not use internal DNS routing. We use OpenDNS Umbrella’s free teir and we block the VPN category. acme.sh was trying to hit some DNS addresses like “cloudflare-dns.com” which was getting blocked by OpenDNS.

So, after getting acme.sh all set up with my Cloudflare API token inside of pfsense, it would just loop and loop until I killed the process manually. It would constantly output curl error 60, which turns out it means that the https certificate of the request was insecure.

I believe removing the dnscheck would fix the issue, too. https://github.com/acmesh-official/acme.sh/wiki/dnscheck

Now, visiting https://my.fqdn.net actually gives no certificate errors!

Since we have two campuses at work, now I get to do it again for the second pfsense box.

img source