pf 2.4.4, ACME 0.6.4, Bind, Can't Pull Cert

  • Hello! I have a domain that I'd like to automate getting a wildcard cert for. I have the domain hosted on private Bind servers. when I run the following on a Linux host on my network I can update the zone:

    <user>@Bound:~$ nsupdate
    server ns1.<>
    key External <key>
    zone _acme-challenge.<>
    update add _acme-challenge.<> 600 IN A
    update add _acme-challenge.<> 600 IN TXT "Test"

    On the other hand I cannot get pfSense to update a record. Here is my acme me config that errors out:


    And here's the error log: If I knew more about what I was looking at I'd truncate it but right now I'm just lost as to why this isn't working. Thanks in advance!

  • Update: When I try to setup Dynmaic DNS RFC 2136 updates (just to test) I noticed this error:

    /services_rfc2136_edit.php: The command '/usr/local/bin/nsupdate -k /var/etc/nsupdatekey0 /var/etc/nsupdatecmds0' returned exit code '1', the output was 'check-names failed: bad owner '_acme-challenge.<>' syntax error'

    I briefly looked up solutions but then mentioned puny-code and I still don't quite understand. Going to keep looking into this.

Log in to reply