4. pf 2.4.4, ACME 0.6.4, Bind, Can't Pull Cert

pf 2.4.4, ACME 0.6.4, Bind, Can't Pull Cert

  • M

    Hello! I have a domain that I'd like to automate getting a wildcard cert for. I have the domain hosted on private Bind servers. when I run the following on a Linux host on my network I can update the zone:

    <user>@Bound:~$ nsupdate
    server ns1.<doamin.com>
    key External <key>
    zone _acme-challenge.<doamin.com>
    update add _acme-challenge.<doamin.com> 600 IN A 192.168.1.1
    send
    update add _acme-challenge.<doamin.com> 600 IN TXT "Test"
    send

    On the other hand I cannot get pfSense to update a record. Here is my acme me config that errors out:


    9cafd25f-1d77-43bb-a808-675330bb9b09-image.png
    7b171dff-5a86-4be1-a568-e274e5909d08-image.png

    And here's the error log: https://pastebin.com/TVu2uH9a. If I knew more about what I was looking at I'd truncate it but right now I'm just lost as to why this isn't working. Thanks in advance!

    0
  • M

    Update: When I try to setup Dynmaic DNS RFC 2136 updates (just to test) I noticed this error:

    /services_rfc2136_edit.php: The command '/usr/local/bin/nsupdate -k /var/etc/nsupdatekey0 /var/etc/nsupdatecmds0' returned exit code '1', the output was 'check-names failed: bad owner '_acme-challenge.<doamin.com>' syntax error'

    I briefly looked up solutions but then mentioned puny-code and I still don't quite understand. Going to keep looking into this.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy