Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Acme DNS-NSupdate / RFC 2136

    ACME
    3
    4
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yon
      last edited by

      acme 0.2.6 DNS-NSupdate / RFC 2136 in PF2.4.3 not work.

      i have test v1 and v2.    it is can't use TSIG for update.

      Renewing certificateaccount: xiao@on.org
      server: letsencrypt-production

      /usr/local/pkg/acme/acme.sh –issue -d 'xiao.net' --home '/tmp/acme/xiao.net-xmpp/' --accountconf '/tmp/acme/xiao.net-xmpp/accountconf.conf' --force --reloadCmd '/tmp/acme/xiao.net-xmpp/reloadcmd.sh' --dns 'dns_nsupdate' --log-level 3 --log '/tmp/acme/xiao.net-xmpp/acme_issuecert.log'

      Array
      (
      [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
      [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
      [NSUPDATE_SERVER] => /tmp/acme/xiao.net-xmpp/xiao.net/nsupdate
      [NSUPDATE_KEYNAME] =>
      [NSUPDATE_KEYALGO] => 157
      [NSUPDATE_KEY] => /tmp/acme/xiao.net-xmpp/xiao.net/nsupdate
      )
      [Tue Apr 3 13:08:25 CST 2018] Single domain='xiao.net'
      [Tue Apr 3 13:08:25 CST 2018] Getting domain auth token for each domain
      [Tue Apr 3 13:08:25 CST 2018] Getting webroot for domain='xiao.net'
      [Tue Apr 3 13:08:25 CST 2018] Getting new-authz for domain='xiao.net'
      [Tue Apr 3 13:08:32 CST 2018] The new-authz request is ok.
      [Tue Apr 3 13:08:32 CST 2018] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_nsupdate.sh
      [Tue Apr 3 13:08:32 CST 2018] adding _acme-challenge.xiao.net. 60 in txt "tLfHes4-b6Q9-dRkkOrX1yFN1s4QLAKQ6OxGY2e7RKg"
      dns_request_getresponse: expected a TSIG or SIG(0)
      [Tue Apr 3 13:08:32 CST 2018] error updating domain
      [Tue Apr 3 13:08:32 CST 2018] Error add txt for domain:_acme-challenge.xiao.net
      [Tue Apr 3 13:08:32 CST 2018] Please check log file for more details: /tmp/acme/xiao.net-xmpp/acme_issuecert.log

      If you are interested in free peering for clearnet and dn42,contact me !

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You need to have an RFC2136 server to update:

        https://doc.pfsense.org/index.php/RFC2136_Dynamic_DNS

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • Y
          yon
          last edited by

          @Derelict:

          You need to have an RFC2136 server to update:

          https://doc.pfsense.org/index.php/RFC2136_Dynamic_DNS

          the services_dyndns.php is normal work.

          but acme update not work.

          If you are interested in free peering for clearnet and dn42,contact me !

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            The code is fine, it works for me and hundreds, maybe thousands, of others.

            Something is wrong in your settings or with your DNS provider.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.