Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Acme Certificates error:Invalid response

    ACME
    3
    4
    3.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fmohcine26
      last edited by

      Hello
      I have a problem with the service Letsencrypt I tried everything without success
      Thank you for your help
      Method: Webroot local folder

      CA_pfsense_forgertien
      Renewing certificateaccount: CA_pfsense_forgertien
      server: letsencrypt-production

      /usr/local/pkg/acme/acme.sh –issue -d 'pirona.com' --home '/tmp/acme/CA_pfsense_forgertien/' --accountconf '/tmp/acme/CA_pfsense_forgertien/accountconf.conf' --force --reloadCmd '/tmp/acme/CA_pfsense_forgertien/reloadcmd.sh' --webroot pfSenseacme --log-level 3 --log '/tmp/acme/CA_pfsense_forgertien/acme_issuecert.log'

      Array
      (
      [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
      [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
      [folder] => /usr/local/www/.well-known/acme-challenge/
      )
      [Thu Mar 8 16:26:18 GMT 2018] Registering account
      [Thu Mar 8 16:26:19 GMT 2018] Already registered
      [Thu Mar 8 16:26:20 GMT 2018] ACCOUNT_THUMBPRINT='m8vYqBL4av_L-0EV55e-MWS4bVjaPuwWWCTPqDUjRzw'
      [Thu Mar 8 16:26:20 GMT 2018] Single domain='pirona.com'
      [Thu Mar 8 16:26:20 GMT 2018] Getting domain auth token for each domain
      [Thu Mar 8 16:26:20 GMT 2018] Getting webroot for domain='pirona.com'
      [Thu Mar 8 16:26:20 GMT 2018] Getting new-authz for domain='pirona.com'
      [Thu Mar 8 16:26:21 GMT 2018] The new-authz request is ok.
      [Thu Mar 8 16:26:21 GMT 2018] Verifying:pirona.com
      [Thu Mar 8 16:26:21 GMT 2018] Found domain http api file: /tmp/acme/CA_pfsense_forgertien//httpapi/pfSenseacme.sh

      challenge_response_put CA_pfsense_forgertien, pirona.com
      FOUND domainitemwebroot
      put token at: /usr/local/www/.well-known/acme-challenge//M5RxxXkv7jO1_Z-mU21ar7bcVYXbnhb_VYZaunm5y8Y
      [Thu Mar 8 16:26:25 GMT 2018] Found domain http api file: /tmp/acme/CA_pfsense_forgertien//httpapi/pfSenseacme.sh
      [Thu Mar 8 16:26:25 GMT 2018] pirona.com:Verify error:Invalid response from http://pirona.com/.well-known/acme-challenge/M5RxxXkv7jO1_Z-mU21ar7bcVYXbnhb_VYZaunm5y8Y:
      [Thu Mar 8 16:26:26 GMT 2018] Please check log file for more details: /tmp/acme/CA_pfsense_forgertien/acme_issuecert.log

      ![pro4545.pirona.com - Services Acme Certificate options Edit.png](/public/imported_attachments/1/pro4545.pirona.com - Services Acme Certificate options Edit.png)
      ![pro4545.pirona.com - Services Acme Certificate options Edit.png_thumb](/public/imported_attachments/1/pro4545.pirona.com - Services Acme Certificate options Edit.png_thumb)
      ![Screenshot-2018-3-8 pro4545 pirona com - Services Acme Certificate optionst.png](/public/imported_attachments/1/Screenshot-2018-3-8 pro4545 pirona com - Services Acme Certificate optionst.png)
      ![Screenshot-2018-3-8 pro4545 pirona com - Services Acme Certificate optionst.png_thumb](/public/imported_attachments/1/Screenshot-2018-3-8 pro4545 pirona com - Services Acme Certificate optionst.png_thumb)

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        pirona.com is for sale …
        Are you sure it's yours ? And if so, did acme really create http://pirona.com//usr/local/www/.well-known/acme-challenge//M5RxxXkv7jO1_Z-mU21ar7bcVYXbnhb_VYZaunm5y8Y (the web GUI webroot ????) - is your GUI really accessible like this http://pirona.com/.well-known/acme-challenge/M5RxxXkv7jO1_Z-mU21ar7bcVYXbnhb_VYZaunm5y8Y ??????

        You read https://doc.pfsense.org/index.php/ACME_package ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • F
          fmohcine26
          last edited by

          @Gertjan:

          pirona.com is for sale …
          Are you sure it's yours ? And if so, did acme really create http://pirona.com//usr/local/www/.well-known/acme-challenge//M5RxxXkv7jO1_Z-mU21ar7bcVYXbnhb_VYZaunm5y8Y (the web GUI webroot ????) - is your GUI really accessible like this http://pirona.com/.well-known/acme-challenge/M5RxxXkv7jO1_Z-mU21ar7bcVYXbnhb_VYZaunm5y8Y ??????

          You read https://doc.pfsense.org/index.php/ACME_package ?

          the domain is not available on internet ,Should I have a real domain to validate the Acme certificate?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Yes. It requires a real, valid domain name. And using webroot or standalone mode on pfSense requires that the domain name point to your WAN IP address and that your firewall expose port 80 and/or 443 (depending on the mode) to the world, which is not good.

            Get a real domain name, pick one of the providers that offers a DNS update method supported by the ACME package (there is a list in the certificate options), and then use that to update. You don't have to publicly expose anything on your firewall for DNS updates.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.