1. Home
  2. pfSense Packages
  3. ACME
  4. FreeDNS ACME issue

FreeDNS ACME issue

  • P

    Greetings, I'm totally new over here, but I've got issues with my freshly set up acme, it worked like once, or twice and suddenly stops.
    It looks, there's a problem with starting up standalone http server, I'm attaching my output

    ||NK-----K22
    Renewing certificate
    account: NK-----K22
    server: letsencrypt-staging-2

    /usr/local/pkg/acme/acme.sh --issue -d 'nk----.k22.su' --standalone --listen-v4 --httpport '6666' --home '/tmp/acme/NK-----K22/' --accountconf '/tmp/acme/NK-----K22/accountconf.conf' --force --reloadCmd '/tmp/acme/NK-----K22/reloadcmd.sh' --log-level 3 --log '/tmp/acme/NK-----K22/acme_issuecert.log'

    Array
    (
    [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
    [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
    [port] => 6666
    [ipv6] =>
    )
    [Fri Jul 26 09:25:59 CEST 2019] Standalone mode.
    [Fri Jul 26 09:25:59 CEST 2019] Single domain='nk----.k22.su'
    [Fri Jul 26 09:25:59 CEST 2019] Getting domain auth token for each domain
    [Fri Jul 26 09:26:01 CEST 2019] Getting webroot for domain='nk----.k22.su'
    [Fri Jul 26 09:26:01 CEST 2019] Verifying: n----.k22.su
    [Fri Jul 26 09:26:01 CEST 2019] Standalone mode server
    2019/07/26 09:26:03 socat[66497] E write(6, 0x80204d800, 126): Broken pipe
    2019/07/26 09:26:05 socat[84851] E write(6, 0x80204d800, 126): Broken pipe
    [Fri Jul 26 09:26:06 CEST 2019] nk----.k22.su:Verify error:Invalid response from http://nk----.k22.su/.well-known/acme-challenge/B-fYHCXfoUaDfP5ZmIUU4JbMH-tO_MGQkrIg0I1Y5AI [217.196.113.40]: 503
    [Fri Jul 26 09:26:06 CEST 2019] Please check log file for more details: /tmp/acme/NKVDCloud-K22/acme_issuecert.log||

    If anyone is willing to push me in any direction, I'll be glad. I'm using FreeDNS, so DNS verification isn't an option for me.

    0
  • kiokoman
    LAYER 8

    @phobeus said in ACME 0.5.8 Breaks Letencrypt webroot local folder setup:

    .well-known/acme-challenge

    well you forgot to completely hide it..

    503 Service Unavailable
    No server is available to handle this request.

    socat[66497] E write(6, 0x80204d800, 126): Broken pipe

    check if you have the latest version of acme maybe something as changed and acme.sh does not work anymore as standalone

    0 P 1 Reply
  • P

    @kiokoman Yeah, you're right =) But anyway, I wasn't able to make some reasonable solution, so I've just created tiny VM guest with alpine linux, lighttpd and nfs-client, and I'm passing my .well-known challenge through "local webroot", but I'm putting there appropiate path for my NFS share + ballast ( </path/to/share>/.well-known/acme-challenge/ ). pfSense comes already preloaded with nfs, all I needed was just enable it through /etc/rc.d.local. HAProxy does rest of the job ( frontend for path match looks like that ---v )

    HAProxy Frontend rules ( I've got it implemented with http->https redirect, except for .well-known =3 I was pretty suprised it came on my mind )

    HAProxy Frontend rules

    So that's my hotfix solution, but I'm curious for any other ideas ))

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy