ACME DNS Challenge & Cloudflare
Thanks for your help!
I'm having trouble getting the ACME DNS challenge to work Cloudflare. I first attempted this on a production domain without success. For troubleshooting I have fresh pfSense install with only the ACME package added.
In both cases when attempting to request a certificate I receive the below error message:
(xxxx substituted for actual domain name)
[Tue Oct 29 20:06:45 PDT 2019] Single domain='pf-cite.xxxx.info'
[Tue Oct 29 20:06:45 PDT 2019] Getting domain auth token for each domain
[Tue Oct 29 20:06:47 PDT 2019] Getting webroot for domain='pf-cite.xxxx.info'
[Tue Oct 29 20:06:47 PDT 2019] Adding txt value: 0htNTdBUQ22vSgCDfQmJZ1R6OLR0352eK6Atq_UPyUA for domain: _acme-challenge.pf-cite.xxxx.info
[Tue Oct 29 20:06:48 PDT 2019] invalid domain
[Tue Oct 29 20:06:48 PDT 2019] Error add txt for domain:_acme-challenge.pf-cite.xxxx.info
Dynamic DNS with Cloudflare works 100%.
I've reviewed the pfSense provided video and exhausted all web resources found to-date.
Any help is appreciated!
Thanks for everyone who viewed my post for potential help, I appreciate it!
I found my ACME - Cloudflare DNS-01 configuration error. The error was with how I created my Cloudflare API Token:
Cloudflare API Token: (incorrect)
Cloudflare API Token: (corrected)
Include-All zones (could also be a single zone)
Again Thanks You,
@rkgraves I have not been able to get it to work setting the zone resource to a single zone. Unless I set the token to have access to all zones it fails with the invalid domain error.
Have you been able to get it to work? I want to restrict the API tokens to the zone if at all possible.
@artooro - Yes, I verified that it is working correctly with these settings.
Cloudflare API Token:
From my original post I noted that Zone Resources could point to a single zone. But I did not test that. For this domain name I have a simple parent DNS Zone hosted in Cloudflare.
Let me know if I can help,
@rkgraves just want to add this worked for me as well.