Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME 0.5 update (TLS-ALPN, BuyPass, and more)

    Scheduled Pinned Locked Moved ACME
    12 Posts 3 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan
      last edited by Gertjan

      Was spam-hitting 'refresh packages' since.
      Got it :

      0_1547142533008_38e71191-e837-4a9f-92ab-516a3e543dde-image.png

      Thanks !

      edit
      Wow ...
      The version number took a hit :
      0_1547142632498_2445385c-3e04-4642-987a-eb86f1eaf567-image.png

      edit again : never mind : saw the change log.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by jimp

        I bugged Namecheap since my API access still had not been approved and they manually approved it. I tested the Namecheap API code and found a bug. It is fixed in pkg version 0.5.1 which will show up to install shortly.

        With that, I was able to successfully obtain a certificate using the Namecheap DNS API.

        Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan
          last edited by

          I'm using 0.5.1 fro several days now, works great.

          I noticed one big visual change. Before, when acme finished (manually, me hitting the button) renewing, I saw this huge big green text bloc with 'log results'.
          Now, all I see is this :

          0_1547542286469_abe3ac6a-8542-434c-84d5-32d454a66399-image.png

          which means : "all ok". Right ?

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            I still get the same green text box output I did before, at least with the methods I used/tested (nsupdate and namecheap). Are you sure nothing changed in your browser? Any different ad/script blockers?

            Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • B
              bigbrett
              last edited by

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • B
                bigbrett
                last edited by

                I have been trying to issue certs with the TLS-ALPN method, but getting failures:

                "type": "tls-alpn-01",
                "status": "invalid",
                "error": {
                "type": "urn:acme:error:connection",
                "detail": "Timeout during connect (likely firewall problem)",
                "status": 400

                Firewall setings are good but i looked through the logs as I see the line to start the server with openssl:

                openssl s_server -www -cert /tmp/acme/example.com-cert//xample.com/tls.validation.cert -key /tmp/acme/example.com-cert//xample.com/tls.validation.key -accept 443 -4 -alpn acme-tls/1

                When running this manually I get :

                unknown option -4
                usage: s_server [args ...]

                editing acme.sh:2174: __S_OPENSSL="$__S_OPENSSL -4"

                to acme.sh:2174: __S_OPENSSL="$__S_OPENSSL"

                and certificates are issued fine

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @bigbrett
                  last edited by

                  @bigbrett said in ACME 0.5 update (TLS-ALPN, BuyPass, and more):

                  When running this manually I get :

                  So, locally, it passes.
                  But LetsEnscrypt comes in from the outside, and it hit the wall.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • B
                    bigbrett
                    last edited by

                    No it is not firewall related at all but the fact that acme.sh is putting in the '-4' flag on the command line to start the TLS-ALPN server, which is not supported by the current openssl version.
                    The TLS-ALPN server does not in fact start so LE cannot connect to it, even though the firewall rules are correct. Maybe there needs to be a check to make sure the server is started successfully before proceeding?

                    Cheers,

                    Brett

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      I fixed this a different way (that didn't require editing acme.sh):

                      https://github.com/pfsense/FreeBSD-ports/commit/b7024a0b261280d456317f37c3e1deff8290d682

                      Should be up for download shortly.

                      Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • B
                        bigbrett
                        last edited by

                        great work as always :)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.