This script authenticates against the OPNsense web administration using username and password. It then downloads a cert&key pair from the trust section of the OPNsense UI.
- Let your OPNsense firewall do the renewal/storage of Let's Encrypt certificates.
- Use this script to fetch the renewed crt & key from it.
- Use your crt & key for encrypting your mailserver communication.
- Profit!
- python3
- pyquery & requests lib (see requirements.txt)
usage: get-cert.py [-h] --keyfile KEYFILE --certfile CERTFILE --keyid KEYID
--url URL --username USERNAME --password PASSWORD
Fetches crt/key-Pair from OPNsense web interface.
optional arguments:
-h, --help show this help message and exit
--keyfile KEYFILE export .key to
--certfile CERTFILE export .crt to
--keyid KEYID which key number to export (get this from OPNsense web
interface)
--url URL url of OPNsense web interface
--username USERNAME username for OPNsense web interface
--password PASSWORD password for OPNsense web interface
To get the keyid, hover over the download button in the certificate list:
