Renewal of certificates

FOOLiSH86

when lest changed the CA certificate does not work.
I loaded R3,X1,X2 in the authorities

FOOLiSH86

@johnpoz
mynamedns
Renewing certificate
account: MY
server: letsencrypt-production-2

/usr/local/pkg/acme/acme.sh --issue --domain 'mynamedns.duckdns.org' --dns 'dns_duckdns' --home '/tmp/acme/mynamedns/' --accountconf '/tmp/acme/mynamedns/accountconf.conf' --force --reloadCmd '/tmp/acme/mynamedns/reloadcmd.sh' --log-level 3 --log '/tmp/acme/mynamedns/acme_issuecert.log'
Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[DuckDNS_Token] => *MYTOKEN
)
[Mon Oct 11 16:29:16 CEST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Oct 11 16:29:16 CEST 2021] Single domain='mynamedns.duckdns.org'
[Mon Oct 11 16:29:16 CEST 2021] Getting domain auth token for each domain
[Mon Oct 11 16:29:21 CEST 2021] Getting webroot for domain='mynamedns.duckdns.org'
[Mon Oct 11 16:29:21 CEST 2021] Adding txt value: MY VALUE for domain: _acme-challenge.mynamedns.duckdns.org
[Mon Oct 11 16:29:21 CEST 2021] Trying to add TXT record
[: : bad number
[: : bad number
[Mon Oct 11 16:29:22 CEST 2021] Errors happened during adding the TXT record, response=KO
[Mon Oct 11 16:29:22 CEST 2021] Error add txt for domain:_acme-challenge.mynamedns.duckdns.org
[Mon Oct 11 16:29:22 CEST 2021] Please check log file for more details: /tmp/acme/mynamedns/acme_issuecert.log

THIS LOG when i click Issue/Renew on PFsense

mcury

@foolish86 duckdns api is out of date in pfsense, thus you need to replace it with the new one:

Go to github, find the duckdns.sh, click in raw, copy all the content:
https://github.com/acmesh-official/acme.sh/tree/master/dnsapi

cd /usr/local/pkg/acme/dnsapi
mv dns_duckdns.sh dns_duckdns.sh.backup
vi dns_duckdns.sh
paste the code from github and save
chmod 555 dns_duckdns.sh

then try again to renew

johnpoz

@mcury You beat me ;) hehehe

mcury

@johnpoz :) hehe, already have that noted down in a .txt file, I cheated =P

FOOLiSH86

@mcury
/usr/local/pkg/acme/dnsapi/dns_duckdns.sh: 7: Syntax error: newline unexpected (expecting word)

when i issue/renew

mcury

@foolish86 said in Renewal of certificates:

@mcury
/usr/local/pkg/acme/dnsapi/dns_duckdns.sh: 7: Syntax error: newline unexpected (expecting word)

when i issue/renew

I renewed my certificate a week ago and it worked, kindly check and confirm if you copied exactly as it is in github

Click in raw like the image below

FOOLiSH86

@mcury
i have downloaded the file exactly dns_duckdns.sh

mcury

I didn't download it, copied the raw content and pasted through vi, then changed the permission of the file, and it worked.

Not sure if there is a difference between copying like I did and downloading like you did, but give it a try, who knows?

[21.05.1-RELEASE][root@xxx.xxx]/usr/local/pkg/acme/dnsapi: sha256 dns_duckdns.sh
SHA256 (dns_duckdns.sh) = 861f9dd27adf5cfdfb9b6ed0ab6abfa80aa5462333651e0edebe69430397c17b

FOOLiSH86

all ok! after copy all works!