Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME Certificates

    Scheduled Pinned Locked Moved ACME
    15 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcury Rebel Alliance @FOOLiSH86
      last edited by

      @foolish86 Are you getting this same error?

      Errors happened during adding the TXT record, response=KO

      dead on arrival, nowhere to be found.

      F 1 Reply Last reply Reply Quote 0
      • F
        FOOLiSH86 @mcury
        last edited by

        @mcury mydomain.duckdns.org
        Renewing certificate
        account: MYDOMAIN
        server: letsencrypt-production-2

        /usr/local/pkg/acme/acme.sh --issue --domain 'mydomain.duckdns.org' --dns 'dns_duckdns' --home '/tmp/acme/mydomain.duckdns.org/' --accountconf '/tmp/acme/mydomain.duckdns.org/accountconf.conf' --force --reloadCmd '/tmp/acme/mydomain.duckdns.org/reloadcmd.sh' --dnssleep '120' --log-level 3 --log '/tmp/acme/mydomain.duckdns.org/acme_issuecert.log'
        Array
        (
        [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
        [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
        [DuckDNS_Token] => my-token
        )
        [Mon Feb 15 08:35:22 CET 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
        [Mon Feb 15 08:35:23 CET 2021] Single domain='mydomain.duckdns.org'
        [Mon Feb 15 08:35:23 CET 2021] Getting domain auth token for each domain
        [Mon Feb 15 08:35:30 CET 2021] Getting webroot for domain='mydomain.duckdns.org'
        [Mon Feb 15 08:35:31 CET 2021] Adding txt value: my-value for domain: _acme-challenge.mydomain.duckdns.org
        [Mon Feb 15 08:35:31 CET 2021] Error extracting the domain.
        [Mon Feb 15 08:35:31 CET 2021] Error add txt for domain:_acme-challenge.mydomain.duckdns.org
        [Mon Feb 15 08:35:31 CET 2021] Please check log file for more details: /tmp/acme/mydomain.duckdns.org/acme_issuecert.log

        this is the log

        M 1 Reply Last reply Reply Quote 0
        • M
          mcury Rebel Alliance @FOOLiSH86
          last edited by

          0d317429-c4d2-455f-8a7a-ecfc83edad80-image.png

          github-acmesh-official

          New .sh for duckdns released 4 days ago, try that to confirm if it's going to work for you

          dead on arrival, nowhere to be found.

          F 1 Reply Last reply Reply Quote 0
          • F
            FOOLiSH86 @mcury
            last edited by

            @mcury I will update and let you know

            F 1 Reply Last reply Reply Quote 0
            • F
              FOOLiSH86 @FOOLiSH86
              last edited by

              @foolish86 c7fa22c7-2e26-4363-a42e-123c1b011efc-image.png
              only this settings it's ok?

              M 1 Reply Last reply Reply Quote 0
              • M
                mcury Rebel Alliance @FOOLiSH86
                last edited by mcury

                @foolish86 Yes

                ssh to your pfsense

                cd /usr/local/pkg/acme/dnsapi
mv dns_duckdns.sh dns_duckdns.sh.backup
vi dns_duckdns.sh
copy the code from github and save
chmod 555 dns_duckdns.sh

                Then try again. Same configuration as you showed in your picture.

                dead on arrival, nowhere to be found.

                F 1 Reply Last reply Reply Quote 0
                • F
                  FOOLiSH86 @mcury
                  last edited by

                  @mcury do you have the link for the code?

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @FOOLiSH86
                    last edited by Gertjan

                    @foolish86 mcury mentionned a link.

                    https://forum.netgate.com/topic/159198/dns-duckdns-does-not-renew?_=1613048088801

                    acme.sh is a github-ware product.
                    Here is the official latest dns_duckdns.sh file. It's part of the acme.sh project.

                    This one is even better.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    F 1 Reply Last reply Reply Quote 0
                    • F
                      FOOLiSH86 @Gertjan
                      last edited by

                      @gertjan "type": "urn:ietf:params:acme:error:rateLimited",
                      "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
                      "status": 429

                      πŸ™„ πŸ™„
                      ops i must wait

                      M 1 Reply Last reply Reply Quote 0
                      • M
                        mcury Rebel Alliance @FOOLiSH86
                        last edited by

                        @foolish86 :) it happens, but it will work now

                        dead on arrival, nowhere to be found.

                        F 1 Reply Last reply Reply Quote 0
                        • F
                          FOOLiSH86 @mcury
                          last edited by

                          @mcury jooooo!!! now it work! πŸ‘

                          M 1 Reply Last reply Reply Quote 0
                          • M
                            mcury Rebel Alliance @FOOLiSH86
                            last edited by

                            @foolish86 :)Who gave me that tip was @Gertjan, thanks to him we both got our certificates.

                            dead on arrival, nowhere to be found.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.