Pete's Log: Silly pfsense, silly Pete
Entry #2007, (Coding, Hacking, & CS stuff)(posted when I was 43 years old.)
For the last few weeks, pfsense has been bugging me daily with this message (with the number of days counting down):
The following CA/Certificate entries are expiring: Certificate Authority: Acmecert: O=Let's Encrypt, CN=R3, C=US (5fcd976ace82c): Expiring soon, in 7 days
Which was confusing me, since I kept thinking it was warning me that the Let's Encrypt certificate I generated for it was expiring, but that certificate is currently good for a couple months. I even tried renewing it, but that didn't make the message stop coming.
Then a few days ago I saw a post on Hacker News that the old root certificate for Let's Encrypt is expiring. But silly me didn't make a connection right away. But something stewed for long enough in my subconscious and it occurred to me that maybe pfsense is complaining about this root certificate instead of any of my generated certificates.
Sure enough, it's got the expiring one and its replacement:
A quick search then led me to this post on the netgate forum. As instructed, I removed the expiring certificate, and hopefully pfsense will now stop bugging me. I suspect nothing would have happened anyway after it actually expired, and we're only a handful of days away from that now, so I haven't saved myself a whole lot of being bugged. But at least I figured it out...