This is a script to automate the import of TLS certificates into pfSense.
This works for Highly Avaliable configurations. (The prior script under HA would not update service references to the new certificate as it would see that the certificate was already imported via HA sync. Meaning you'd get a lot of notifications about services using the old expiring certificate. This will compare the certificates that each service is using and if changes are needed it will point them to the new certificate.)
Once a certificate has been imported or changes have been made, prior unused certificates containing 'pfsense-import-certificate.php' in their name will be deleted.
- Copy the script to pfSense.
- Automate / Copy your certificates to pfSense.
- Run the script in pfSense cron (Services / Cron).
# look for changes every hour:
0 */1 * * * /opt/pfsense-import-certificate/pfsense-import-certificate.php /home/jackson/certs/pengu.ca/cert.pem /home/jackson/certs/pengu.ca/key.pem