ACME Certificates
-
I have a problem with ACME, it doesn't renew certificates, I followed a guide and it should be right.
I use duckDNS as a service -
Take a look at this topic:
https://forum.netgate.com/topic/159198/dns-duckdns-does-not-renew?_=1613048088801
-
@mcury not work i have changed the string but don't work
-
@foolish86 Are you getting this same error?
Errors happened during adding the TXT record, response=KO
-
@mcury mydomain.duckdns.org
Renewing certificate
account: MYDOMAIN
server: letsencrypt-production-2/usr/local/pkg/acme/acme.sh --issue --domain 'mydomain.duckdns.org' --dns 'dns_duckdns' --home '/tmp/acme/mydomain.duckdns.org/' --accountconf '/tmp/acme/mydomain.duckdns.org/accountconf.conf' --force --reloadCmd '/tmp/acme/mydomain.duckdns.org/reloadcmd.sh' --dnssleep '120' --log-level 3 --log '/tmp/acme/mydomain.duckdns.org/acme_issuecert.log'
Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[DuckDNS_Token] => my-token
)
[Mon Feb 15 08:35:22 CET 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Feb 15 08:35:23 CET 2021] Single domain='mydomain.duckdns.org'
[Mon Feb 15 08:35:23 CET 2021] Getting domain auth token for each domain
[Mon Feb 15 08:35:30 CET 2021] Getting webroot for domain='mydomain.duckdns.org'
[Mon Feb 15 08:35:31 CET 2021] Adding txt value: my-value for domain: _acme-challenge.mydomain.duckdns.org
[Mon Feb 15 08:35:31 CET 2021] Error extracting the domain.
[Mon Feb 15 08:35:31 CET 2021] Error add txt for domain:_acme-challenge.mydomain.duckdns.org
[Mon Feb 15 08:35:31 CET 2021] Please check log file for more details: /tmp/acme/mydomain.duckdns.org/acme_issuecert.logthis is the log
-
New .sh for duckdns released 4 days ago, try that to confirm if it's going to work for you
-
@mcury I will update and let you know
-
@foolish86
only this settings it's ok? -
@foolish86 Yes
ssh to your pfsense
cd /usr/local/pkg/acme/dnsapi mv dns_duckdns.sh dns_duckdns.sh.backup vi dns_duckdns.sh copy the code from github and save chmod 555 dns_duckdns.sh
Then try again. Same configuration as you showed in your picture.
-
@mcury do you have the link for the code?
-
@foolish86 mcury mentionned a link.
https://forum.netgate.com/topic/159198/dns-duckdns-does-not-renew?_=1613048088801
acme.sh is a github-ware product.
Here is the official latest dns_duckdns.sh file. It's part of the acme.sh project. -
@gertjan "type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
"status": 429
ops i must wait -
@foolish86 :) it happens, but it will work now
-
@mcury jooooo!!! now it work!
-
@foolish86 :)Who gave me that tip was @Gertjan, thanks to him we both got our certificates.