pf 2.4.4, ACME 0.6.4, Bind, Can't Pull Cert



  • Hello! I have a domain that I'd like to automate getting a wildcard cert for. I have the domain hosted on private Bind servers. when I run the following on a Linux host on my network I can update the zone:

    <user>@Bound:~$ nsupdate
    server ns1.<doamin.com>
    key External <key>
    zone _acme-challenge.<doamin.com>
    update add _acme-challenge.<doamin.com> 600 IN A 192.168.1.1
    send
    update add _acme-challenge.<doamin.com> 600 IN TXT "Test"
    send

    On the other hand I cannot get pfSense to update a record. Here is my acme me config that errors out:


    9cafd25f-1d77-43bb-a808-675330bb9b09-image.png
    7b171dff-5a86-4be1-a568-e274e5909d08-image.png

    And here's the error log: https://pastebin.com/TVu2uH9a. If I knew more about what I was looking at I'd truncate it but right now I'm just lost as to why this isn't working. Thanks in advance!



  • Update: When I try to setup Dynmaic DNS RFC 2136 updates (just to test) I noticed this error:

    /services_rfc2136_edit.php: The command '/usr/local/bin/nsupdate -k /var/etc/nsupdatekey0 /var/etc/nsupdatecmds0' returned exit code '1', the output was 'check-names failed: bad owner '_acme-challenge.<doamin.com>' syntax error'

    I briefly looked up solutions but then mentioned puny-code and I still don't quite understand. Going to keep looking into this.


Log in to reply