You would want to raise that issue with the acme.sh project directly, since we do not maintain the code which interacts with DNS providers, they do. https://github.com/acmesh-official/acme.sh/issues

@kiokoman Thank you! The problem was that in my backend I wrote "localhost" instead of "127.0.0.1" as you. Fixing that it works!

@johnpoz yes it works well now, although the UI is well hidden. I had to click another tiny button to show the full settings for this DNS-Infomaniak, as you said it's not so intuitive but now that it works I won't touch it ever again so... Thanks for your help!

@amarand said in ACME with Siteground: Is that not a feature that Let's Encrypt supports? Your quiet close. It's : @gertjan said in ACME with Siteground: The TXT filed will contain a challenge code to be put into the TXT field. This code is give to the acme script by Letsensrypt. For example : 'bmDWOCHFZRtOOCr_vU-mEfTIqA6i9ib0R3V6-RMF3FE'. This bmD....................RMF3FE thing is generated randomly, and will be unique for every certificate request. This proofs that you control right now - and not some time X in the past. Note that, ones this test passed, it stays valid for one week.

@Gertjan thanks a lot!

The last paragraph about the '/etc/hosts' workaround in pfSense was incorrect; I forgot that '/etc/hosts' gets wiped periodically by pfSense. The real workaround is below: If you have set the pfSense system-wide DNS servers to use OpenDNS/NextDNS/etc. and don't wish to change these in each individual DHCP range assignment, you can simply add 'Allowlist' entries for dns.google and cloudflare-dns.com in the web console for your DNS provider ('Allowlist' may be called something else but that is what NextDNS calls it). This will allow DNS validation to succeed for ACME. If you are concerned about clients circumventing your DNS provider due to whitelisting the Google and Cloudflare DNS names, you can always redirect all DNS traffic on your LAN to make sure it goes through your DNS provider: https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html

@jimp Indeed, the SAN addition works now. However, I'm still hoping to figure out why my second server doesn't create correct certificates. I have now removed the certificates and CA, but I ran into the LE rate limiting, so I'll try again later.

The last line shows the issue : @fmohcine26 said in I did not pass Renewing certificate: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/ Click and read the link.

0.6.9_2 Fixed my problem! Thanks for such a fast turn around!

@MarcinSempek said in ACME 0.6.9_1 DNS ISPConfig Record ID: 'false}': Can someone verify That some one should actually use acme.sh AND the "ISPConfig API". Even the thread at github => acme doesn't show many people with the issue. Still, try posting there to revive the subject.

@cjbujold said in DNS-MadeEasy update option not working: [Wed Oct 28 10:24:50 ADT 2020] accra.ca is already verified, skip dns-01. [Wed Oct 28 10:24:50 ADT 2020] protector.accra.ca is already verified, skip dns-01. [Wed Oct 28 10:24:50 ADT 2020] geneabujold.accra.ca is already verified, skip dns-01. [Wed Oct 28 10:24:50 ADT 2020] famille.accra.ca is already verified, skip dns-01. [Wed Oct 28 10:24:50 ADT 2020] remotehelp.accra.ca is already verified, skip dns-01. [Wed Oct 28 10:24:50 ADT 2020] ftpweb.accra.ca is already verified, skip dns-01. [Wed Oct 28 10:24:50 ADT 2020] securebackup.accra.ca is already verified, skip dns-01. [Wed Oct 28 10:24:50 ADT 2020] support.accra.ca is already verified, skip dns-01. The cert was already renewed recently, so it skipped the DNS check since it was still verified. The verification lasts a while, I think it's a week. So if you created or renewed the certificate in the last few days then it won't need to make the TXT records again yet.

@Gertjan That worked. I created a new certificate and switched the pfsense to use that one.

@jimp Thanks, figured it was something like that. I will give it a try again later this morning. Thanks again for the fast response.

@viktor_g @trigg3r , It seems the acmesh's owner does not want to merge it , but I do not understand why. I asked him many times, but no answers. Woudl you help me in doing this?

On whatever is actually using the certificate. Typically a web server but there are other uses for them (mail servers, VPNs, etc)