ACME Certificates

mcury

Take a look at this topic:

https://forum.netgate.com/topic/159198/dns-duckdns-does-not-renew?_=1613048088801

FOOLiSH86

@mcury not work i have changed the string but don't work

mcury

@foolish86 Are you getting this same error?

Errors happened during adding the TXT record, response=KO

FOOLiSH86

@mcury mydomain.duckdns.org
Renewing certificate
account: MYDOMAIN
server: letsencrypt-production-2

/usr/local/pkg/acme/acme.sh --issue --domain 'mydomain.duckdns.org' --dns 'dns_duckdns' --home '/tmp/acme/mydomain.duckdns.org/' --accountconf '/tmp/acme/mydomain.duckdns.org/accountconf.conf' --force --reloadCmd '/tmp/acme/mydomain.duckdns.org/reloadcmd.sh' --dnssleep '120' --log-level 3 --log '/tmp/acme/mydomain.duckdns.org/acme_issuecert.log'
Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[DuckDNS_Token] => my-token
)
[Mon Feb 15 08:35:22 CET 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Feb 15 08:35:23 CET 2021] Single domain='mydomain.duckdns.org'
[Mon Feb 15 08:35:23 CET 2021] Getting domain auth token for each domain
[Mon Feb 15 08:35:30 CET 2021] Getting webroot for domain='mydomain.duckdns.org'
[Mon Feb 15 08:35:31 CET 2021] Adding txt value: my-value for domain: _acme-challenge.mydomain.duckdns.org
[Mon Feb 15 08:35:31 CET 2021] Error extracting the domain.
[Mon Feb 15 08:35:31 CET 2021] Error add txt for domain:_acme-challenge.mydomain.duckdns.org
[Mon Feb 15 08:35:31 CET 2021] Please check log file for more details: /tmp/acme/mydomain.duckdns.org/acme_issuecert.log

this is the log

mcury

github-acmesh-official

New .sh for duckdns released 4 days ago, try that to confirm if it's going to work for you

FOOLiSH86

@mcury I will update and let you know

FOOLiSH86

@foolish86
only this settings it's ok?

mcury

@foolish86 Yes

ssh to your pfsense

cd /usr/local/pkg/acme/dnsapi
mv dns_duckdns.sh dns_duckdns.sh.backup
vi dns_duckdns.sh
copy the code from github and save
chmod 555 dns_duckdns.sh

Then try again. Same configuration as you showed in your picture.

FOOLiSH86

@mcury do you have the link for the code?

Gertjan

@foolish86 mcury mentionned a link.

https://forum.netgate.com/topic/159198/dns-duckdns-does-not-renew?_=1613048088801

acme.sh is a github-ware product.
Here is the official latest dns_duckdns.sh file. It's part of the acme.sh project.

This one is even better.

FOOLiSH86

@gertjan "type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
"status": 429

ops i must wait

mcury

@foolish86 :) it happens, but it will work now

FOOLiSH86

@mcury jooooo!!! now it work!

mcury

@foolish86 :)Who gave me that tip was @Gertjan, thanks to him we both got our certificates.