Acme, Haproxy and DNSMadeEasy not working



  • Trying to get acme, haproxy and DNSMadeEasy working together and cannot find any documentation or guide.  If somebody can point me in the right direction it would be appreciated.

    1. created my test account Key

    2. created my certificate using dnsMadeeasy for verification, but this is where it seems to break.  The error I get is

    [Wed Feb 22 15:31:45 AST 2017] The new-authz request is ok.
    [Wed Feb 22 15:31:45 AST 2017] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_me.sh
    [Wed Feb 22 15:31:47 AST 2017] invalid domain
    [Wed Feb 22 15:31:47 AST 2017] Error add txt for domain:_acme-challenge.secure.accra.ca

    I have entered my API Key and API Secret Password.  I presume that I'm missing something additional in my DNS settings but I do not know what.  What do I need to add to my DNS settings to get this to work? Do I need to forward some additional port over the HAProxy port settings?

    Is there any documentation or guide that can help?

    Thanks



  • I'm seeing similar, check the debug logs, do you see an extra } symbol in the debug log like I am seeing?

    https://forum.pfsense.org/index.php?topic=125946.0

    In the meantime, you can get acme working today by using HTTP validation mode, put this on a non-standard port (82?) then set haproxy to forward requests for URLs starting with /.well-known/acme-challenge/ to a custom backend which ultimately points to 127.0.0.1:82. Be aware that you need to turn off monitoring for this backend as the HTTP validation server only runs for a few seconds when it's needed.

    I'd still rather get DNSMadeEasy integration working, but for hostnames which point to your pfSense and have haproxy on port 80, this may work.



  • Not seeing the same issue as you.  My log is below.  The error seems to be that it is not finding the API Key (Dynamic DNS ID) when connecting to DNSMadeEasy.  I have verified both the ID and Password and they are valid.

    [Thu Feb 23 09:01:23 AST 2017] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_me.sh
    [Thu Feb 23 09:01:23 AST 2017] dns_me_add exists=0
    [Thu Feb 23 09:01:23 AST 2017] APP
    [Thu Feb 23 09:01:23 AST 2017] 4:ME_Key='231XXXX'
    [Thu Feb 23 09:01:23 AST 2017] APP
    [Thu Feb 23 09:01:23 AST 2017] 5:ME_Secret='testforSecureXXXXX'
    [Thu Feb 23 09:01:23 AST 2017] First detect the root zone
    [Thu Feb 23 09:01:23 AST 2017] name?domainname=secure.accra.ca
    [Thu Feb 23 09:01:23 AST 2017] GET
    [Thu Feb 23 09:01:23 AST 2017] url='https://api.dnsmadeeasy.com/V2.0/dns/managed/name?domainname=secure.accra.ca'
    [Thu Feb 23 09:01:23 AST 2017] timeout
    [Thu Feb 23 09:01:23 AST 2017] curl exists=0
    [Thu Feb 23 09:01:23 AST 2017] wget exists=127
    [Thu Feb 23 09:01:23 AST 2017] _CURL='curl -L –silent --dump-header /tmp/acme/accra.ca//http.header '
    [Thu Feb 23 09:01:24 AST 2017] ret='0'
    [Thu Feb 23 09:01:24 AST 2017] response='{error: ["API key not found"]}'
    [Thu Feb 23 09:01:24 AST 2017] name?domainname=accra.ca
    [Thu Feb 23 09:01:24 AST 2017] GET
    [Thu Feb 23 09:01:24 AST 2017] url='https://api.dnsmadeeasy.com/V2.0/dns/managed/name?domainname=accra.ca'
    [Thu Feb 23 09:01:24 AST 2017] timeout
    [Thu Feb 23 09:01:24 AST 2017] curl exists=0
    [Thu Feb 23 09:01:24 AST 2017] wget exists=127
    [Thu Feb 23 09:01:24 AST 2017] _CURL='curl -L –silent --dump-header /tmp/acme/accra.ca//http.header '
    [Thu Feb 23 09:01:24 AST 2017] ret='0'
    [Thu Feb 23 09:01:24 AST 2017] response='{error: ["API key not found"]}'
    [Thu Feb 23 09:01:24 AST 2017] name?domainname=ca
    [Thu Feb 23 09:01:24 AST 2017] GET
    [Thu Feb 23 09:01:24 AST 2017] url='https://api.dnsmadeeasy.com/V2.0/dns/managed/name?domainname=ca'
    [Thu Feb 23 09:01:24 AST 2017] timeout
    [Thu Feb 23 09:01:24 AST 2017] curl exists=0
    [Thu Feb 23 09:01:24 AST 2017] wget exists=127
    [Thu Feb 23 09:01:24 AST 2017] _CURL='curl -L –silent --dump-header /tmp/acme/accra.ca//http.header '
    [Thu Feb 23 09:01:25 AST 2017] ret='0'
    [Thu Feb 23 09:01:25 AST 2017] response='{error: ["API key not found"]}'
    [Thu Feb 23 09:01:25 AST 2017] invalid domain
    [Thu Feb 23 09:01:25 AST 2017] Error add txt for domain:_acme-challenge.secure.accra.ca
    [Thu Feb 23 09:01:25 AST 2017] pid
    [Thu Feb 23 09:01:25 AST 2017] _clearupdns
    [Thu Feb 23 09:01:25 AST 2017] Dns not added, skip.
    [Thu Feb 23 09:01:25 AST 2017] _on_issue_err
    [Thu Feb 23 09:01:25 AST 2017] Please check log file for more details: /tmp/acme/accra.ca/acme_issuecert.log


Log in to reply