-
acme 0.2.6 DNS-NSupdate / RFC 2136 in PF2.4.3 not work.
i have test v1 and v2. it is can't use TSIG for update.
Renewing certificateaccount: xiao@on.org
server: letsencrypt-production/usr/local/pkg/acme/acme.sh –issue -d 'xiao.net' --home '/tmp/acme/xiao.net-xmpp/' --accountconf '/tmp/acme/xiao.net-xmpp/accountconf.conf' --force --reloadCmd '/tmp/acme/xiao.net-xmpp/reloadcmd.sh' --dns 'dns_nsupdate' --log-level 3 --log '/tmp/acme/xiao.net-xmpp/acme_issuecert.log'
Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[NSUPDATE_SERVER] => /tmp/acme/xiao.net-xmpp/xiao.net/nsupdate
[NSUPDATE_KEYNAME] =>
[NSUPDATE_KEYALGO] => 157
[NSUPDATE_KEY] => /tmp/acme/xiao.net-xmpp/xiao.net/nsupdate
)
[Tue Apr 3 13:08:25 CST 2018] Single domain='xiao.net'
[Tue Apr 3 13:08:25 CST 2018] Getting domain auth token for each domain
[Tue Apr 3 13:08:25 CST 2018] Getting webroot for domain='xiao.net'
[Tue Apr 3 13:08:25 CST 2018] Getting new-authz for domain='xiao.net'
[Tue Apr 3 13:08:32 CST 2018] The new-authz request is ok.
[Tue Apr 3 13:08:32 CST 2018] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_nsupdate.sh
[Tue Apr 3 13:08:32 CST 2018] adding _acme-challenge.xiao.net. 60 in txt "tLfHes4-b6Q9-dRkkOrX1yFN1s4QLAKQ6OxGY2e7RKg"
dns_request_getresponse: expected a TSIG or SIG(0)
[Tue Apr 3 13:08:32 CST 2018] error updating domain
[Tue Apr 3 13:08:32 CST 2018] Error add txt for domain:_acme-challenge.xiao.net
[Tue Apr 3 13:08:32 CST 2018] Please check log file for more details: /tmp/acme/xiao.net-xmpp/acme_issuecert.log -
You need to have an RFC2136 server to update:
https://doc.pfsense.org/index.php/RFC2136_Dynamic_DNS
-
You need to have an RFC2136 server to update:
https://doc.pfsense.org/index.php/RFC2136_Dynamic_DNS
the services_dyndns.php is normal work.
but acme update not work.
-
The code is fine, it works for me and hundreds, maybe thousands, of others.
Something is wrong in your settings or with your DNS provider.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.