ACME DNS Challenge & Cloudflare



  • Thanks for your help!

    I'm having trouble getting the ACME DNS challenge to work Cloudflare. I first attempted this on a production domain without success. For troubleshooting I have fresh pfSense install with only the ACME package added.

    In both cases when attempting to request a certificate I receive the below error message:
    (xxxx substituted for actual domain name)

    [Tue Oct 29 20:06:45 PDT 2019] Single domain='pf-cite.xxxx.info'
    [Tue Oct 29 20:06:45 PDT 2019] Getting domain auth token for each domain
    [Tue Oct 29 20:06:47 PDT 2019] Getting webroot for domain='pf-cite.xxxx.info'
    [Tue Oct 29 20:06:47 PDT 2019] Adding txt value: 0htNTdBUQ22vSgCDfQmJZ1R6OLR0352eK6Atq_UPyUA for domain: _acme-challenge.pf-cite.xxxx.info
    [Tue Oct 29 20:06:48 PDT 2019] invalid domain
    [Tue Oct 29 20:06:48 PDT 2019] Error add txt for domain:_acme-challenge.pf-cite.xxxx.info

    Dynamic DNS with Cloudflare works 100%.

    I've reviewed the pfSense provided video and exhausted all web resources found to-date.
    Any help is appreciated!

    Thank you,
    RKGraves



  • Thanks for everyone who viewed my post for potential help, I appreciate it!

    I found my ACME - Cloudflare DNS-01 configuration error. The error was with how I created my Cloudflare API Token:

    Cloudflare API Token: (incorrect)
    Permissions:
    Zone-DNS: Edit

    Zone Resources:
    Include-All zones

    Cloudflare API Token: (corrected)
    Permissions:
    Zone-Zone: Read
    Zone-DNS: Edit

    Zone Resources:
    Include-All zones (could also be a single zone)

    Again Thanks You,
    RKGraves


Log in to reply