Using Cloudflare SSL Cert instead of Let’s Encrypt

So I currently use Acme within pFsense to create a Let’s Encrypt Cert. but the certificate is only good for 90 days

I’m confused as to whether I can use a Cloudflare generate certificate instead of Let’s Encrypt?
And of I can how do I “export” it for use in my pFsense router and export it as a pkcs#12 for use with my Emby server?

Are you referring to an origin certificate? If so, then you can, but it will only be good between Cloudflare and your pfSense./ origin. If you try and access the host directly, then it will throw a certificate not valid error.

1 Like

Hey thanks for replying. I’ve seen that wording before. So the way the pFsense and thus my applications are accessed is by typing h T T p s subdomain(dot)domain(dot)com

So doesn’t that go first to Cloudflare and then to my router? My settings for my DNS in my Cloudflare are currently DNS only

Do I have to change and let Cloudflare proxy?

I guess I’m confused as to when/how I would go directly to my pFsense ?

Also any brief ideas on how to import the origin cert to pFsense? And how to create a pkcs#12 which is required for the Emby server?

When your DNS records are :grey: then they don’t go through Cloudflare and you will be a bad cert error. They need to be :orange:.

One thing to keep in mind is emby is probably going to violate 2.8 of ToS

1 Like

For your use case, both pfSense and Emby, you will be better off automating Let’s Encrypt. The is an ACME package available for pfSense that works well with Cloudflare for DNS-01 validation.

The following three forums should be useful for your questions that fall outside the topic of Cloudflare.

Emby Community
Join the best group of media enthusiasts around and share your experiences with us. We’re all working together to make our media more fun!

1 Like

Thanks again for the reply - I actually have the ACME package on pFsense with Let’s Encrypt. The problem is that the automation doesn’t works so well (probably user error in part).

But the 3 months is really short. The main issue is not that the cert deeosn’t renew automatically in pFsense , but the cert also has to be transferred to Emby so that Emby can access a pksc#12 version of the cert. There are also “places” that the renewed certs have to be placed in the Synology NAS as well. By the time everything is done it seems pretty confusing —— just would be much easier if I had to do it once a year instead of 4 or 5.

I also made the mistake of doing individual certs for different applications (WebDav, synology access, Emby, etc etc). I guess I could have done a wildcard cert with Let’s Encrypt and that would have made things much easier

I find it much easier to generate the certificates where they need to be used, rather than moving them around. Mine are all configured to renew automatically every 60 days and only require intervention of I need to change something.

You will benefit most by getting your automation working with a visit to the Let’s Encrypt Community. Cloudflare Origin CA certificates are not going to be suitable for your use case.

So think , but not completely sure, I can automate a cert creation on the Synology NAS where my Emby lives currently.
I have already been letting ACME renew cents with Let’s Encypt on pFsense.

Will both certs be active and functioning if I renew (recreate) them in two differnt places, ie the NAS and in pFsense? Thinking they wouldn’t work that way is why I was “moving” them.

You can have more than one valid certificate with the same name. The Let’s Encrypt Community can point your toward issuance limits enforced by their CA

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.