Error Updating Domain, Error Add Txt (Solved)
-
I am using the latest ACME v 0.6.10_1 upgraded today...I used DNS-NSupdate method and here is a copy of the output:
nollivoipserver_cert
Renewing certificate
account: nollivoipserver_key
server: letsencrypt-production-2
[Tue Feb 15 20:36:59 CST 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Feb 15 20:36:59 CST 2022] Single domain='nollivoipserver.nollicomm.net'
[Tue Feb 15 20:36:59 CST 2022] Getting domain auth token for each domain
[Tue Feb 15 20:37:01 CST 2022] Getting webroot for domain='nollivoipserver.nollicomm.net'
[Tue Feb 15 20:37:01 CST 2022] Adding txt value: 7jo9LvRYJvtV06f3isoPhkb0O2wJXWEen6YO9sCnXPg for domain: _acme-challenge.nollivoipserver.nollicomm.net
[Tue Feb 15 20:37:01 CST 2022] adding _acme-challenge.nollivoipserver.nollicomm.net. 60 in txt "7jo9LvRYJvtV06f3isoPhkb0O2wJXWEen6YO9sCnXPg"
dns_request_getresponse: expected a TSIG or SIG(0)
[Tue Feb 15 20:37:01 CST 2022] error updating domain
[Tue Feb 15 20:37:01 CST 2022] Error add txt for domain:_acme-challenge.nollivoipserver.nollicomm.net
[Tue Feb 15 20:37:01 CST 2022] Please check log file for more details: /tmp/acme/nollivoipserver_cert/acme_issuecert.logHowever, the log isn't clear what the problem is, so I am lost in understanding...should I have chosen a lower private key despite that I have the horsepower and memory on hardware? Where is it adding the txt? This post had a similar issue: https://forum.netgate.com/topic/145497/acme-dns-nsupdate-rfc-2136-issue/6 which according to Jimp, was a pfSense issue For server, I put registrar's nameserver and I left zone blank. Here is the log below:
[Tue Feb 15 20:22:47 CST 2022] readlink exists=0
[Tue Feb 15 20:22:47 CST 2022] dirname exists=0
[Tue Feb 15 20:22:47 CST 2022] Lets find script dir.
[Tue Feb 15 20:22:47 CST 2022] SCRIPT='/usr/local/pkg/acme/acme.sh'
[Tue Feb 15 20:22:47 CST 2022] _script='/usr/local/pkg/acme/acme.sh'
[Tue Feb 15 20:22:47 CST 2022] _script_home='/usr/local/pkg/acme'
[Tue Feb 15 20:22:47 CST 2022] Using config home:/tmp/acme/nollivoipserver_cert/
[Tue Feb 15 20:22:47 CST 2022] ACCOUNT_CONF_PATH='/tmp/acme/nollivoipserver_cert/accountconf.conf'
[Tue Feb 15 20:22:47 CST 2022] APP
[Tue Feb 15 20:22:47 CST 2022] 3:LOG_FILE='/tmp/acme/nollivoipserver_cert/acme_createdomainkey.log'
[Tue Feb 15 20:22:48 CST 2022] APP
[Tue Feb 15 20:22:48 CST 2022] 4:LOG_LEVEL='3'
[Tue Feb 15 20:22:48 CST 2022] LE_WORKING_DIR='/tmp/acme/nollivoipserver_cert/'
[Tue Feb 15 20:22:48 CST 2022] Running cmd: createDomainKey
[Tue Feb 15 20:22:48 CST 2022] Creating domain key
[Tue Feb 15 20:22:48 CST 2022] Using config home:/tmp/acme/nollivoipserver_cert/
[Tue Feb 15 20:22:48 CST 2022] ACCOUNT_CONF_PATH='/tmp/acme/nollivoipserver_cert/accountconf.conf'
[Tue Feb 15 20:22:48 CST 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Feb 15 20:22:48 CST 2022] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Tue Feb 15 20:22:48 CST 2022] CA_CONF='/tmp/acme/nollivoipserver_cert//ca/acme-v02.api.letsencrypt.org/ca.conf'
[Tue Feb 15 20:22:48 CST 2022] DOMAIN_PATH='/tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net'
[Tue Feb 15 20:22:48 CST 2022] _createkey for file:/tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.key
[Tue Feb 15 20:22:48 CST 2022] Use length 4096
[Tue Feb 15 20:22:48 CST 2022] Using RSA: 4096
[Tue Feb 15 20:22:48 CST 2022] APP
[Tue Feb 15 20:22:48 CST 2022] 1:Le_Keylength='4096'
[Tue Feb 15 20:22:48 CST 2022] The domain key is here: /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.key -
The zone box states optional yet is it mandatory? Is the zone the domain name as here in my case nollicomm.net?
-
@stephenw10 Please, is there a problem with the new ACME package as the thread above mentioned? I am getting similar errors, the latest: ; TSIG error with server: expected a TSIG or SIG(0)
update failed: NOTIMP -
It turned out that, after digging deeply into the issue, my domain registrar does not support DNS_NSupdate RFC2136. So, I switched name server to Cloudflare and after a few stumble, got my certificate...wipe off sweat for lots of reading, swearing, and more reading.
[Fri Feb 18 13:04:37 CST 2022] Your cert is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.cer
[Fri Feb 18 13:04:37 CST 2022] Your cert key is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.key
[Fri Feb 18 13:04:37 CST 2022] The intermediate CA cert is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/ca.cer
[Fri Feb 18 13:04:37 CST 2022] And the full chain certs is there: /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/fullchain.cer
[Fri Feb 18 13:04:37 CST 2022] Run reload cmd: /tmp/acme/nollivoipserver_cert/reloadcmd.sh