pf 2.4.4, ACME 0.6.4, Bind, Can't Pull Cert

MeCJay12

Hello! I have a domain that I'd like to automate getting a wildcard cert for. I have the domain hosted on private Bind servers. when I run the following on a Linux host on my network I can update the zone:

Spoiler

<user>@Bound:~$ nsupdate
server ns1.<doamin.com>
key External <key>
zone _acme-challenge.<doamin.com>
update add _acme-challenge.<doamin.com> 600 IN A 192.168.1.1
send
update add _acme-challenge.<doamin.com> 600 IN TXT "Test"
send

On the other hand I cannot get pfSense to update a record. Here is my acme me config that errors out:

Spoiler

And here's the error log: https://pastebin.com/TVu2uH9a. If I knew more about what I was looking at I'd truncate it but right now I'm just lost as to why this isn't working. Thanks in advance!

MeCJay12

Update: When I try to setup Dynmaic DNS RFC 2136 updates (just to test) I noticed this error:

/services_rfc2136_edit.php: The command '/usr/local/bin/nsupdate -k /var/etc/nsupdatekey0 /var/etc/nsupdatecmds0' returned exit code '1', the output was 'check-names failed: bad owner '_acme-challenge.<doamin.com>' syntax error'

I briefly looked up solutions but then mentioned puny-code and I still don't quite understand. Going to keep looking into this.