Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME Certificates

    Scheduled Pinned Locked Moved ACME
    15 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcury Rebel Alliance
      last edited by

      Take a look at this topic:

      https://forum.netgate.com/topic/159198/dns-duckdns-does-not-renew?_=1613048088801

      dead on arrival, nowhere to be found.

      F 1 Reply Last reply Reply Quote 0
      • F
        FOOLiSH86 @mcury
        last edited by

        @mcury not work 😧 i have changed the string but don't work

        M 1 Reply Last reply Reply Quote 0
        • M
          mcury Rebel Alliance @FOOLiSH86
          last edited by

          @foolish86 Are you getting this same error?

          Errors happened during adding the TXT record, response=KO

          dead on arrival, nowhere to be found.

          F 1 Reply Last reply Reply Quote 0
          • F
            FOOLiSH86 @mcury
            last edited by

            @mcury mydomain.duckdns.org
            Renewing certificate
            account: MYDOMAIN
            server: letsencrypt-production-2

            /usr/local/pkg/acme/acme.sh --issue --domain 'mydomain.duckdns.org' --dns 'dns_duckdns' --home '/tmp/acme/mydomain.duckdns.org/' --accountconf '/tmp/acme/mydomain.duckdns.org/accountconf.conf' --force --reloadCmd '/tmp/acme/mydomain.duckdns.org/reloadcmd.sh' --dnssleep '120' --log-level 3 --log '/tmp/acme/mydomain.duckdns.org/acme_issuecert.log'
            Array
            (
            [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
            [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
            [DuckDNS_Token] => my-token
            )
            [Mon Feb 15 08:35:22 CET 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
            [Mon Feb 15 08:35:23 CET 2021] Single domain='mydomain.duckdns.org'
            [Mon Feb 15 08:35:23 CET 2021] Getting domain auth token for each domain
            [Mon Feb 15 08:35:30 CET 2021] Getting webroot for domain='mydomain.duckdns.org'
            [Mon Feb 15 08:35:31 CET 2021] Adding txt value: my-value for domain: _acme-challenge.mydomain.duckdns.org
            [Mon Feb 15 08:35:31 CET 2021] Error extracting the domain.
            [Mon Feb 15 08:35:31 CET 2021] Error add txt for domain:_acme-challenge.mydomain.duckdns.org
            [Mon Feb 15 08:35:31 CET 2021] Please check log file for more details: /tmp/acme/mydomain.duckdns.org/acme_issuecert.log

            this is the log

            M 1 Reply Last reply Reply Quote 0
            • M
              mcury Rebel Alliance @FOOLiSH86
              last edited by

              0d317429-c4d2-455f-8a7a-ecfc83edad80-image.png

              github-acmesh-official

              New .sh for duckdns released 4 days ago, try that to confirm if it's going to work for you

              dead on arrival, nowhere to be found.

              F 1 Reply Last reply Reply Quote 0
              • F
                FOOLiSH86 @mcury
                last edited by

                @mcury I will update and let you know

                F 1 Reply Last reply Reply Quote 0
                • F
                  FOOLiSH86 @FOOLiSH86
                  last edited by

                  @foolish86 c7fa22c7-2e26-4363-a42e-123c1b011efc-image.png
                  only this settings it's ok?

                  M 1 Reply Last reply Reply Quote 0
                  • M
                    mcury Rebel Alliance @FOOLiSH86
                    last edited by mcury

                    @foolish86 Yes

                    ssh to your pfsense

                    cd /usr/local/pkg/acme/dnsapi
                    mv dns_duckdns.sh dns_duckdns.sh.backup
                    vi dns_duckdns.sh
                    copy the code from github and save
                    chmod 555 dns_duckdns.sh
                    

                    Then try again. Same configuration as you showed in your picture.

                    dead on arrival, nowhere to be found.

                    F 1 Reply Last reply Reply Quote 0
                    • F
                      FOOLiSH86 @mcury
                      last edited by

                      @mcury do you have the link for the code?

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan @FOOLiSH86
                        last edited by Gertjan

                        @foolish86 mcury mentionned a link.

                        https://forum.netgate.com/topic/159198/dns-duckdns-does-not-renew?_=1613048088801

                        acme.sh is a github-ware product.
                        Here is the official latest dns_duckdns.sh file. It's part of the acme.sh project.

                        This one is even better.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        F 1 Reply Last reply Reply Quote 0
                        • F
                          FOOLiSH86 @Gertjan
                          last edited by

                          @gertjan "type": "urn:ietf:params:acme:error:rateLimited",
                          "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
                          "status": 429

                          πŸ™„ πŸ™„
                          ops i must wait

                          M 1 Reply Last reply Reply Quote 0
                          • M
                            mcury Rebel Alliance @FOOLiSH86
                            last edited by

                            @foolish86 :) it happens, but it will work now

                            dead on arrival, nowhere to be found.

                            F 1 Reply Last reply Reply Quote 0
                            • F
                              FOOLiSH86 @mcury
                              last edited by

                              @mcury jooooo!!! now it work! πŸ‘

                              M 1 Reply Last reply Reply Quote 0
                              • M
                                mcury Rebel Alliance @FOOLiSH86
                                last edited by

                                @foolish86 :)Who gave me that tip was @Gertjan, thanks to him we both got our certificates.

                                dead on arrival, nowhere to be found.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.