ACME with bind: Invalid Signature
-
I tried to follow the pfsense hangout for configuring pfsense with letsencrypt. But despite verifying my configuration numerous time I dont find my error.
This is my configuration (names and keys are dummy but correct):
On my BIND Server I have run
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST internal-net
My Bind Konfiguration is small and like this.
key "internal-net" { algorithm HMAC-MD5; secret "longscretekey........"; }; zone "internal.net." { type master; file "/etc/bind/zones/db.internal.net"; update-policy { grant internal-net name _acme-challenge.pfsense.internal.net. txt; }; };
On my pfsense I create an account and then a certificate
This is the error I see in the bind server
request has invalid signature: TSIG _acme-challenge.pfsense.internal.net: tsig verify failure (BADKEY)
Any ideas?
-
@hbauer you should try sslforfree.com, cuz they are use lets encrypt and you can download the certificate and upload to your pfsense router...
sorry for my bad english :)
-
I found my error. With this configuration you have to add "internal-net" to the optional "key name"
-
i think you must enable your port forwarding before doing it
-
@dennysmatthew1 said in ACME with bind: Invalid Signature:
i think you must enable your port forwarding before doing it
no. not needed
-
but i did it not in pfsense its in mikrotik...
-
i expose my localhost, use ngrok localhost exposer and i have a web site and then use the sslforfree.com solution
-
@hbauer said in ACME with bind: Invalid Signature:
dont find my error
I did.
It's here :So is your key name (used by bind) :
_acme-challenge.pfsense.internal.net.
?
If so, nothing to do ...
If not, well, error.@dennysmatthew1 said in ACME with bind: Invalid Signature:
@hbauer you should try sslforfree.com, cuz they are use lets encrypt and you can download the certificate and upload to your pfsense router...
sorry for my bad english :)Why ?
@hbauer has a domain name (although not internal.net ;) ) - and pfSense with the acme package. Thus a "real set it and forget it" situation.@dennysmatthew1 said in ACME with bind: Invalid Signature:
i think you must enable your port forwarding before doing it
Why ?
The bind server @hbauer is using is probably somewhere on the Internet, not behind its pfSense server. -
i'm sorry i still newbie, i can tell what i can do...
maybe another people can answer the @hbauer question...
-
@dennysmatthew1 said in ACME with bind: Invalid Signature:
i'm sorry i still newbie, i can tell what i can do...
maybe another people can answer the @hbauer question...Don't tell : start reading first and you will find out that he already found the solution.
-
@Gertjan i think you right...
-
i have a question, how to make a captive portal in a newer pfsense os? plz someone answer...
-
That's not a Home > pfSense Packages > ACME related question.
Check here for question and many (more !) answers. -
@Gertjan thanks, very appriciated...