Error when creating new certificate - "error": "Unable to verify HMAC"'

cjbujold

Hi,

Need help with fixing an error. Do not understand what it means. Using Pfsense 2.4.4 with acme 0.6.4 and trying to add a new server to the certificate. When I test the entry I get:

[Sat Jan 11 15:07:48 AST 2020] response='{"error": ["Unable to verify HMAC"]}'
[Sat Jan 11 15:07:48 AST 2020] name?domainname=ca
[Sat Jan 11 15:07:48 AST 2020] od exists=0
[Sat Jan 11 15:07:48 AST 2020] GET
[Sat Jan 11 15:07:48 AST 2020] url='https://api.dnsmadeeasy.com/V2.0/dns/managed/name?domainname=ca'
[Sat Jan 11 15:07:48 AST 2020] timeout=
[Sat Jan 11 15:07:48 AST 2020] Http already initialized.
[Sat Jan 11 15:07:48 AST 2020] _CURL='curl -L --silent --dump-header /tmp/acme/accra.ca//http.header -g '
[Sat Jan 11 15:07:48 AST 2020] ret='0'
[Sat Jan 11 15:07:48 AST 2020] response='{"error": ["Unable to verify HMAC"]}'
[Sat Jan 11 15:07:48 AST 2020] invalid domain
[Sat Jan 11 15:07:48 AST 2020] Error add txt for domain:_acme-challenge.ftpweb.accra.ca
[Sat Jan 11 15:07:48 AST 2020] _on_issue_err
[Sat Jan 11 15:07:48 AST 2020] Please check log file for more details: /tmp/acme/accra.ca/acme_issuecert.log

jimp

What exactly did you change in the ACME entry?

Can you post the full logs from /tmp/acme/accra.ca/acme_issuecert.log ? (be sure to edit out any keys/passwords/etc)

cjbujold

Found a work around. I deleted the certificates and recreated them under a different name and everything now works. I presume that the configuration got corrupted somehow and re-creating it fixed the issue.

Thanks
Charles

cjbujold

@jimp Error when creating new certificate - "error": "Unable to verify HMAC"' the issue came back after 13 days. I am attaching the redacted log . hope it can identify the issue.

Thanks

Charles

acme_issuecertLog.txt

jimp

Looks like the error is being sent back from api.dnsmadeeasy.com -- so I'd check your account settings there and the credentials. Maybe they have some limit you're exceeding, or something else wrong.