Search Our Database

How to Renew or Reissue Certificate and CA certificate in pfsense

Last updated on |
under
Applications and Software, OpenVPN
|
by

Introduction

Certificates are used in pfSense to secure connections such as VPNs, HTTPS access to the web interface, and internal services. These certificates have expiration dates, and if they are not renewed before expiry, services like OpenVPN can stop working.

For example, OpenVPN Connect may show the following error if the certificate has expired or is invalid:

Example Screenshot: Connection failure due to expired or invalid certificate in OpenVPN Connect

 

This guide explains how to renew certificates in pfSense, especially for internal use like OpenVPN or the web interface. It focuses on certificates signed by the internal Certificate Authority (CA) inside pfSense. If a certificate is from an external CA (like Let’s Encrypt), it must be renewed from the original source or using tools like the ACME package.

Renewing internal certificates can prevent issues like:

  • OpenVPN client connection failures

  • HTTPS access problems to the pfSense web portal

  • Service disruptions due to invalid or expired certificates

This guide applies to pfSense CE and pfSense Plus version 2.5.0 and later.

 

Step-by-step Guide

Step 1: Locate the Certificate to Renew

  1. Navigate to:
    System > Cert. Manager

  2. Go to the Certificates tab for individual certificates, or the CAs tab for Certificate Authorities.

  3. Find the certificate that needs to be renewed.

  4. Click the Renew icon (circular arrow) at the end of the row.

Important Note ⚠️: The renew icon only appears for certificates that were signed by an internal CA created on the firewall

 

Step 2: Review and Renew the Certificate

  1. On the “Renew or Reissue” page, review the certificate details.

  2. Set the desired options under Renew or Reissue Options.

  3. Click the Renew/Reissue button.

  4. Click OK to confirm.

Once the process is complete, the renewed certificate will replace the previous entry in the configuration.

 

Conclusion

Renewing certificates in pfSense is simple when using the internal CA. This guide covered how to find expiring certificates, renew them, and apply them to services like OpenVPN and HTTPS. Doing this before the certificate expires can prevent downtime and connection issues.

For external certificates, use tools like the ACME package or your CA’s renewal process.

Should you have any inquiries about the guidelines, please feel free to open a ticket through your portal account or contact us at support@ipserverone.com. We’ll be happy to assist you further.

Related Article

Related Posts