Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNS-FreeDNS and ACME can't find the domain

    ACME
    2
    3
    327
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stefan Milev last edited by

      Hi guys,

      I have an issue with the FreeDNS validation method of the ACME package. It fails to find my domain.

      nas
      Renewing certificate 
      account: Home 
      server: letsencrypt-staging-2 
      
      /usr/local/pkg/acme/acme.sh  --issue  -d 'nas.mydomain.domain.com' --dns 'dns_freedns'  --home '/tmp/acme/nas/' --accountconf '/tmp/acme/nas/accountconf.conf' --force --reloadCmd '/tmp/acme/nas/reloadcmd.sh' --log-level 3 --log '/tmp/acme/nas/acme_issuecert.log'
      Array
      (
          [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
          [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
          [FREEDNS_User] => user
          [FREEDNS_Password] => password
      )
      [Sun Mar 22 19:36:43 CET 2020] Single domain='nas.mydomain.domain.com'
      [Sun Mar 22 19:36:43 CET 2020] Getting domain auth token for each domain
      [Sun Mar 22 19:36:45 CET 2020] Getting webroot for domain='nas.mydomain.domain.com'
      [Sun Mar 22 19:36:46 CET 2020] Adding txt value: 0nYbi4VXX_4gWSOI15g96KS3LMa200e-qbqRR1XmaX0 for domain:  _acme-challenge.nas.mydomain.domain.com
      [Sun Mar 22 19:36:46 CET 2020] Add TXT record using FreeDNS
      [Sun Mar 22 19:36:49 CET 2020] Domain nas.mydomain.domain.com not found at FreeDNS, try with next level of TLD
      [Sun Mar 22 19:36:51 CET 2020] Domain mydomain.domain.com not found at FreeDNS, try with next level of TLD
      [Sun Mar 22 19:36:52 CET 2020] Domain domain.com found at FreeDNS, domain_id 29
      [Sun Mar 22 19:36:53 CET 2020] FreeDNS failed to add TXT record for _acme-challenge.nas.mydomain as FreeDNS requested security code
      [Sun Mar 22 19:36:53 CET 2020] Note that you cannot use automatic DNS validation for FreeDNS public domains
      [Sun Mar 22 19:36:53 CET 2020] Error add txt for domain:_acme-challenge.mydomain.domain.com
      [Sun Mar 22 19:36:53 CET 2020] Please check log file for more details: /tmp/acme/nas/acme_issuecert.log
      

      The interesting part is that several days ago I was able to pull a valid cert with the same settings. I'm not sure what might be wrong. If I do a test with DuckDNS for example it works as expected. I'm curious if anyone using FreeDNS have it working correctly using the DNS validation method.

      Thanks in advance.

      1 Reply Last reply Reply Quote 1
      • P
        pf_humblebee last edited by

        @Stefan-Milev said in DNS-FreeDNS and ACME can't find the domain:

        FreeDNS failed to add TXT record for _acme-challenge.nas.mydomain as FreeDNS requested security code

        Where you able to solve this issue?

        I'm trying to setup a FreeDNS account in Pfsense and i'm running into the exact same problem.
        If you check the log you see :

        FreeDNS failed to add TXT record for _acme-challenge.nas.mydomain as FreeDNS requested security code
        

        So it seems that FreeDNS maybe asks for a Captcha to verify the change?
        Probbebly the Acme plugin needs to be updated to solve this issue? Any help would be welcome.

        1 Reply Last reply Reply Quote 0
        • S
          Stefan Milev last edited by

          Hi there,
          unfortunately I was not able to resolve the issue and switched to "Standalone HTTP server" method. This works, I would like to use the domain method, but all that I tried, failed.
          It seams strange to me that only we have this issue, or only we are trying to use this method with FreeDNS.
          I have another site for example that I can't open the necessary ports for the "Standalone HTTP server" to work. In that case I have to use the domain method. I'm still interested in this working but as nobody else reported an issue I doubt that it will be looked at soon. I hope I'm wrong though.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy