Acme Certs are Not Renewing

cwagz

I am running:
25.11-BETA (amd64)
built on Tue Oct 28 11:38:00 PDT 2025
FreeBSD 16.0-CURRENT

I started receiving errors each night that my Acme certs are failing to renew. I have had this setup for several years without issue. I tried doing a manual renew and a cert is generated but there appears to be an error at the end related to reloadcmd.sh

[Sun Nov 9 11:15:36 PST 2025] Your cert is in: /.acme.sh/xxxx.com/xxxx.com.cer
[Sun Nov 9 11:15:36 PST 2025] Your cert key is in: /.acme.sh/xxxx.com/xxxx.com.key
[Sun Nov 9 11:15:36 PST 2025] The intermediate CA cert is in: /.acme.sh/xxxx.com/ca.cer
[Sun Nov 9 11:15:36 PST 2025] And the full-chain cert is in: /.acme.sh/xxxx.com/fullchain.cer
[Sun Nov 9 11:15:36 PST 2025] Your pre-generated key for future cert key changes is in: /.acme.sh/xxxxx.com/xxxx.com.key.next
[Sun Nov 9 11:15:37 PST 2025] Running reload cmd: reloadcmd.sh
eval: reloadcmd.sh: not found
[Sun Nov 9 11:15:37 PST 2025] Reload error for: xxxx.com

Is anyone else experiencing anything like this with the beta?

Gertjan

@cwagz

The problem is hiding in plain sight :

@cwagz said in Acme Certs are Not Renewing:

eval: reloadcmd.sh: not found

This file is created just before "acme.sh" is executed, and you can find it here :
/tmp/acme/[YOUR_CERT_NAME]/

In that same folder you'll find also the "acme_issuecert.log" file with far more details.

If, for some reason, /tmp/acme/[YOUR_CERT_NAME]/ doesn't exist, then you've found your problem.
It should exist, as the cert renewal worked fine ....
Strange it could create that one single "reloadcmd.sh" file.
This file is the one that gets all the cert details and integrated them in the pfSense System > Certificates > Certificates store.

The /tmp/ is always emptied during a system 'pfSense' (re)boot, but the acme.sh package will repopulate it with all the needed files before it executes acme.sh.

marcosm

This will be fixed in the next public build, thanks!