Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME

    Scheduled Pinned Locked Moved ACME
    11 Posts 2 Posters 736 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ejajE
      ejaj
      last edited by

      Hello Expert need help

      is ACME 0.6.5 outdated ?

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Why asking ?
        Why not looking for yourself ?
        It says

        VER=2.8.6
        

        ( /usr/local/pkg/acme/acme.sh : third line )

        Here (official source) https://github.com/acmesh-official/acme.sh/blob/master/acme.sh you find .....

        VER=2.8.6
        

        What is really your question ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        ejajE 1 Reply Last reply Reply Quote 0
        • ejajE
          ejaj @Gertjan
          last edited by

          @Gertjan Thanks for reply Sir,as we using pfsnese we have put certs in auto renewal , for now renewal not working all of sudden we have multiple location in different countries but every place get an error.what is the problem we did not recognize is there any global issues.with ACME?

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            Why acme ( acme.sh ) doesn't work can have many reasons.

            One of them might be what they chaned on "February 19, 2020". You should have received a mail from them btw.
            They, that is LetEnscrypt, did change something on that date. A rather a logic step, but it tend to "break" the issuing or renewal more often.

            Go to their main support page, and discover why ^^
            Here : https://letsencrypt.org/ and check out "Multi-Perspective Validation Improves Domain Validation Security".
            A lot of rather technical info, but one should be able to read between the lines.
            It's because multiple 'test-check' servers are used now (clouds are everywhere), and all your domain name servers can get tested. The master, probably, but also one (at least one) of the slave domain server(s). So, if the slave domain name servers didn't sync yet with the master, it's game over right away. The usual ".well-known/acme-challenge/" wasn't found (on the salve) so NXDOMAIN, so it's a no-go.
            Solution : convince that you use fast syncing slave domain servers - and to be sure, add a 'DNS sleep' at a high(er) value, like 10 minutes or 600 seconds. Up to you to test and find the right delay.

            This could be an explanation for a known recent reason.
            Many other reasons exist of course.

            But hey, you didn't showed the acme.sh log, neither any other detail except the word "problem" so how could I know ? ;)

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            ejajE 1 Reply Last reply Reply Quote 0
            • ejajE
              ejaj @Gertjan
              last edited by ejaj

              @Gertjan Thanks again Sir, yes we got an email we did not know that what is saying.is there any way we can fix it?

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @ejaj
                last edited by

                @ejaj said in ACME:

                there any way we can fix it?

                For the issue I mentioned above : choose you Registrar wisely. Quality (fast sale domain name synchronisation) is more important as price.

                The fast solution :

                7136f4b6-17ad-480d-953d-4f7132f37746-image.png

                ( the 120 seconds might not be enough, make it more ...)

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                ejajE 2 Replies Last reply Reply Quote 0
                • ejajE
                  ejaj @Gertjan
                  last edited by ejaj

                  This post is deleted!
                  1 Reply Last reply Reply Quote 0
                  • ejajE
                    ejaj @Gertjan
                    last edited by

                    @Gertjan

                    giving me an erroe while set 1800000

                    38b253a6-febe-4465-b193-c03bef0877fb-image.png

                    so i set 1800 but giving me below error while renewing

                    6e04920b-33e2-4be0-9e8e-5a472585f82c-image.png

                    ejajE 1 Reply Last reply Reply Quote 0
                    • ejajE
                      ejaj
                      last edited by

                      it would be great help if any one can reply

                      1 Reply Last reply Reply Quote 0
                      • ejajE
                        ejaj @ejaj
                        last edited by

                        @Gertjan Sir i am waiting for your reply please

                        1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan
                          last edited by

                          The resulat (green text) said already to you :

                          d643c3b0-666f-4b89-b9a5-843a3984ed7a-image.png

                          But this could be an important indication :

                          bc053a13-aa12-496d-92a6-bf53421a2632-image.png

                          Let me rephrase that message : the acme.sh couldn't add the "_acme-challenge.............." to your domain.
                          A problem with the domain ? An API error ? The registrar that hosts the API has problems ?
                          Can't tell much more.

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.