Dynamic DNS support for EuroDNS not working
-
Hi everyone,
I am not sure if this is a bug: Basically, I set up an EuroDNS profile in the Dynamic DNS section of pfSense's WebUI. It has been working correctly for a long time but recently it just stopped working. I examined the log and the error is:
Jun 26 20:04:37 php-fpm /services_dyndns.php: Curl error occurred: SSL certificate problem: certificate has expired
Jun 26 20:04:37 php-fpm /services_dyndns.php: Dynamic DNS eurodns ([my-domain]): _checkStatus() starting.
Jun 26 20:04:32 php-fpm /services_dyndns.php: Dynamic DNS eurodns ([my-domain]): _update() starting.
Jun 26 20:04:32 php-fpm /services_dyndns.php: DynDns ([my-domain]): Dynamic Dns: More than 25 days. Updating. 1593173072 - 1590825842 > 2160000I believe the problem is "SSL certificate problem: certificate has expired" as indicated in the log. However, I also checked file /etc/inc/dyndns.class in pfSense's filesystem and the definition of EuroDNS is follows:
case 'eurodns': $needsIP = TRUE; curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); $server = "https://update.eurodyndns.org/update/"; $port = ""; if ($this->_dnsPort) { $port = ":" . $this->_dnsPort; } curl_setopt($ch, CURLOPT_URL, $server .$port . '?hostname=' . $this->_dnsHost . '&myip=' . $this->_dnsIP); break;
It appears to me that the ssl certificate of the update server of EuroDNS is in fact valid if you just open it in a browser and I am not sure why it happens or if it is a bug.
(If I change "https://update.eurodyndns.org/update/" to "http://update.eurodyndns.org/update/" in /etc/inc/dyndns.class, the update works again. But I guess it is just a walkaround and some permanent solutions are still needed.)
Also, if I wan
Thanks!
-
@mamsds said in Dynamic DNS support for EuroDNS not working:
Hi everyone,
I am not sure if this is a bug: Basically, I set up an EuroDNS profile in the Dynamic DNS section of pfSense's WebUI. It has been working correctly for a long time but recently it just stopped working. I examined the log and the error is:
I believe the problem is "SSL certificate problem: certificate has expired" as indicated in the log. However, I also checked file /etc/inc/dyndns.class in pfSense's filesystem and the definition of EuroDNS is follows:Indeed this is the root cause of the problem.
It appears to me that the ssl certificate of the update server of EuroDNS is in fact valid if you just open it in a browser and I am not sure why it happens or if it is a bug.
I had the same problem with freeDNS (you can read this: http://freedns.afraid.org/news/ )
(If I change "https://update.eurodyndns.org/update/" to "http://update.eurodyndns.org/update/" in /etc/inc/dyndns.class, the update works again. But I guess it is just a walkaround and some permanent solutions are still needed.)
You have to wait until you provider (EuroDNS) is resolving his certificate problem or you have to live (for the moment) with the solution you already have found.
Regards,
fireodo -
@fireodo said in Dynamic DNS support for EuroDNS not working:
freeDNS
@fireodo Hi, yes your answer explains it. However, I just checked the link you posted and it said that:
"if you have an out of date CA root store in your TLS client, automatic dynamic updates (over TLS only) may not be working for you starting today due to a upstream TLS provider chain key change."
As I understand, does it mean that it is pfSense which is not updating the certificate repository correctly so curl failed to recognized the updated certificate of EuroDNS? Also, my Firefox thinks the ssl certificate of EuroDNS server is valid.
-
@mamsds said in Dynamic DNS support for EuroDNS not working:
As I understand, does it mean that it is pfSense which is not updating the certificate repository correctly so curl failed to recognized the updated certificate of EuroDNS? Also, my Firefox thinks the ssl certificate of EuroDNS server is valid.
You may search the pfsense forum there is a post where a user has modified the pfsense certificates. (/usr/local/share/certs/ca-root-nss.crt)
He has eliminated a expired certificate - be careful and make a backup before!