Pfsense + acme plugin + route53 (dynamic dns) fails



  • Problem-
    Unable to issue/renew the certificate with Pfsense + acme plugin + route53 (dynamic dns) .

    My domain is:
    dragon.vkgh.org

    I verified Dynamic DNS with AWS works properly with the same user credentials. I followed steps here-
    https://www.ceos3c.com/cloud/aws-with-pfsense-part-2-route53-dyndns-with-pfsense/

    For Lets Encrypt+ AWS + pfsense, I followed -
    https://medium.com/@davidtstrauss/using-lets-encrypt-with-pfsense-576b50b7cfec
    I have added my HOSTED-ZONE-ID in the JSON script
    It produced this output:
    Please see attached images -
    pf_aws.png

    route53.png

    The operating system my web server runs on is (include version):
    2.4.4-RELEASE-p1 (amd64)
    built on Mon Nov 26 11:40:26 EST 2018
    FreeBSD 11.2-RELEASE-p4

    Acme version = 0.5.5_1

    Appreciate your help and pointers.

    Thanks.



  • Hi all,

    I have an update-

    The issue was that I had bought the domain through Google Domains, but I was trying to set up dynamic DNS+Letsencrypt for this domain through AWS. I’m not sure domain ownership works, this apparently is not correct. Obviously, if this method worked, people would be able to set up dynamic DNS for any random domains they did not own! 😁

    So I bought another domain through AWS and setup dynamic DNS+Letsencrypt both on AWS and repeated the process and it worked!

    Any idea why I can’t use the domain purchased on Google Domain with dynamic+Letsencrypt on AWS? Should I set up a some kind of backpointer from Google Domain to AWS for AWS to be able to host a dynamic DNS domain? Is this what I need to do? -
    https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/migrate-dns-domain-in-use.html

    I don’t want to transfer the domain from Google Domains to AWS.

    Thanks.



  • CodenSnap, (I now this is an old thread but in case this might help others)

    I'm working on a similar setup (domain registered with Google and hosting DNS with either CloudFlare or AWS Route53). In domain.google.com there is an option to switch your DNS to "manual". Once switched to manual you have the option to entered to DNS servers for for your domain. I can enter either Route53 or ClouldFlare. In either service I then add my DNS instance and create my Zone. From there I was able to use Dynamic DNS, add A, AAAA, & TXT, records ,etc, with either DNS provider. Have not yet got the ACME client to work. But best-I-can-tell there is no negative with registering a domain with Google and then hosting your DNS with another provider.

    Best Regards,
    RKGraves


Log in to reply