@zimnysbrain
The bad news : Setting up acme.sh with the correct settings is close to rocket science.
And the good news : the pfSense acme.sh packages is used daily by the thousands. If it didn't work, people wouldn't have their certificates, and then things will go bad very fast.
Have a look for yourself here : you saw some one mentioning something ?
I have many domain names with OVH (EU), so I decided to ask for a domain name "test.test-domaine.fr" - I do own - rent "test-domaine.fr".
First, after reading the official OVH acme.sh notice : https://github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api#3-authentication-the-api-key I quickly created/found the 3 things needed :
[image: 1776250268164-950c3548-42b5-4aa9-a322-2a13abf08bb9-image.png]
[image: 1776250346724-6996b61c-7fcd-478b-848a-f44eafd48253-image.png]
and I hit 'Issue'.
[image: 1776250318306-aeacae9b-f89c-4139-af4b-a9303d73b201-image.png]
As I'm a bit more stupid then avarrage today, I totall forgot that, although I rent the domain name 'test-domaine.fr' from them, I removed all the extras, like : they don't do my DNS, I do my own DNS.
Which means I have to talk:negocaite to my own domain name server, not OVH ...
So the isseuing failed with a "invalid domain" which I should read as : "domain ok - but can't do DNS zone modification for you". So it couldn't add the TXT challenge, etc
But : no authorization issues.
Btw : the DNS-OVH API script, the official source file here was last modified 6 month ago.
The pfSense version was synced like yesterday - PfSense acme.sh package version 1.2.
I presume you use the same version.
Do you mind telling what your issue is, give details ?
With all the juicy details, andf you can find them here /tmp/acme/test-domaine.fr/acme_issuecert.log (where test-domaine.fr has to be changed with your domaine name)
@zimnysbrain said in NOT working with OVH end point since 2025:
is also the answer NOT updated OVH api which changed from the beginning of 2026
I copied this file, the original dns_ovh.sh on my pfSense, in the /root/ folder.
Then :
[26.03-RELEASE][root@pfSense.bhf.tld]/root: ll dns_ovh.sh
-rw-r--r-- 1 root wheel 8324 Apr 15 13:15 dns_ovh.sh
[26.03-RELEASE][root@pfSense.bhf.tld]/root: ll /usr/local/pkg/acme/dnsapi/dns_ovh.sh
-r-xr-xr-x 1 root wheel 8324 Apr 13 15:48 /usr/local/pkg/acme/dnsapi/dns_ovh.sh*
[26.03-RELEASE][root@pfSense.bhf.tld]/root: diff dns_ovh.sh /usr/local/pkg/acme/dnsapi/dns_ovh.sh
[26.03-RELEASE][root@pfSense.bhf.tld]/root:
conclusion : the pfSense acme.sh package contains the latest - identical 'official' "dns_ovh.sh" file.
Also :
In the past, when things were 'manual', I could use the instructions and get a certificate 'by hand' == using command line.
acme.sh is a command line tool after all.
Goto /usr/local/pkg/acme/ and start from there.
That should work, and I have an indirect proof : if it didn't you would have found others here talking about it.
