@Boab You have a wild card, so you can probably delete de start dot domain.tld as it is going out of businesses anyway.

@johnpoz @Gertjan thanks to both of you

@Gertjan Hope this is descriptive and short enough: https://redmine.pfsense.org/issues/15229 I found actually another bug in the way the password special characters are added into the URL. Next to the UI changes it is also required to enable some URL encoding to change for example the '#' letter to '%23'.

@johnpoz said in Unable to generate ACME Certificate: re you trying to write this dns entry, lost-sierra.blog isn't a valid domain on the public internet.. I show nxdomain for that domain, Thanks John. I had a lame typo in my dns entry. Should not have included the '-' between lost and sierra. Looks like I'm all set now. You get a gold star! Jeff

Thanks for the advice! I guess I'll uninstall my packages and then upgrade. I've already backed up my config.

@KelvinU said in New cert Invalid response: it's not listed yeah prob not - hhehehe Move your domain to some sort of global dns provider..

@sandie looks like you have an Actions list with a PHP Command Script method, and something there has a / where it doesn't belong. The cert will be fine, but whatever your action after is, is not. [image: 1703194385269-screen-shot-2023-12-21-at-4.32.50-pm.png]

@jrey said in ACME DNS API support: Clearly you are doing something else Antworten Yep, you are on a totally different path. I was asking about ACME and acme.sh's DNS providers. That RFC2136 is working for you is nice, but has nothing to do with the question :) Like previously suspected, it seems the "acme-dns.io" selection is indeed the acme-dns tool from GitHub and you can enter your own hosted instance. It had a few rough edges but worked finally, so seems to work like expected - we will see if renewal works fine, too.

@gregeeh said in Question regarding Acme and DDNS: Hope this was correct? Sure as long as your browser trusts the CA is all that matters.

@Unoptanio I don’t think so? The other methods are all on that page. Or just use the self signed cert.

@linuxlover2 said in new cert setup not finishing: so now have to wait 2 weeks to renew. One week, or even right away, check here Rate Limits.

@Gertjan Right, I don't mind waiting. I just hit that button about a week ago when I first noticed the issue and wanted to see if forcing an update would solve it.

One more question to the topic. I found an option to restart HAProxy after cert update. However, I have unfortunately not found an option to restart HAProxy on the second pfSense instance. How could this be done?

@jperezme Methods used, wildcards etc, don't forget to watch the movie.

Well, really, I had deleted IPv6 and didn't realize that when I had implemented/enabled IPv6 that it would removed the IPv4 as been checked as a default route also...so I had to go to System > Routing to check the IPv4 box...the real reason that I could not register key...all is good.

@Gertjan said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5: You still need to ID, using a 'key' Yes, but's not a secret do you have at your DNS registrar as user login. To not leave the pfsense world we can find here BIND configuration steps. Thanks for your mentions.