FYI - ACME on 2.3.x


  • Rebel Alliance Developer Netgate

    Anyone who is still for whatever reason running pfSense 2.3.x and using ACME, be aware that changes at Let's Encrypt have stopped allowing the very old version of acme.sh running on pfSense 2.3.x to function. You will receive an error to the effect that it cannot obtain a new nonce and the renew (or issue) will fail.

    [Mon Oct 28 09:12:45 EDT 2019] Could not get nonce, let's try again.
    [Mon Oct 28 09:12:47 EDT 2019] Registered
    [Mon Oct 28 09:12:47 EDT 2019] Can not find account id url.
    

    The changes happened very recently, so expect more and more certificate operations to fail over the next few months until eventually the certificates all expire as they cannot be renewed by the 2.3.x package.

    As 2.3.x is EOL there will be no update to address this.

    While it may be possible to copy back code from the current version manually (with adjustments for things lacking on 2.3.x), if you insist on staying on 2.3.x, that is an exercise left for the reader.

    For the best experience, update to the most recent supported version of pfSense (2.4.4-p3 as of this writing) and the latest version of the ACME package.


Log in to reply