Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Dynamic DNS support for EuroDNS not working

    DHCP and DNS
    2
    4
    232
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mamsds last edited by

      Hi everyone,

      I am not sure if this is a bug: Basically, I set up an EuroDNS profile in the Dynamic DNS section of pfSense's WebUI. It has been working correctly for a long time but recently it just stopped working. I examined the log and the error is:

      Jun 26 20:04:37 php-fpm /services_dyndns.php: Curl error occurred: SSL certificate problem: certificate has expired
      Jun 26 20:04:37 php-fpm /services_dyndns.php: Dynamic DNS eurodns ([my-domain]): _checkStatus() starting.
      Jun 26 20:04:32 php-fpm /services_dyndns.php: Dynamic DNS eurodns ([my-domain]): _update() starting.
      Jun 26 20:04:32 php-fpm /services_dyndns.php: DynDns ([my-domain]): Dynamic Dns: More than 25 days. Updating. 1593173072 - 1590825842 > 2160000

      I believe the problem is "SSL certificate problem: certificate has expired" as indicated in the log. However, I also checked file /etc/inc/dyndns.class in pfSense's filesystem and the definition of EuroDNS is follows:

      case 'eurodns':
          $needsIP = TRUE;
          curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass);
          $server = "https://update.eurodyndns.org/update/";
          $port = "";
          if ($this->_dnsPort) {
              $port = ":" . $this->_dnsPort;
          }
          curl_setopt($ch, CURLOPT_URL, $server .$port . '?hostname=' . $this->_dnsHost . '&myip=' . $this->_dnsIP);
          break;
      

      It appears to me that the ssl certificate of the update server of EuroDNS is in fact valid if you just open it in a browser and I am not sure why it happens or if it is a bug.

      (If I change "https://update.eurodyndns.org/update/" to "http://update.eurodyndns.org/update/" in /etc/inc/dyndns.class, the update works again. But I guess it is just a walkaround and some permanent solutions are still needed.)

      Also, if I wan

      Thanks!

      fireodo 1 Reply Last reply Reply Quote 0
      • fireodo
        fireodo @mamsds last edited by

        @mamsds said in Dynamic DNS support for EuroDNS not working:

        Hi everyone,

        I am not sure if this is a bug: Basically, I set up an EuroDNS profile in the Dynamic DNS section of pfSense's WebUI. It has been working correctly for a long time but recently it just stopped working. I examined the log and the error is:
        I believe the problem is "SSL certificate problem: certificate has expired" as indicated in the log. However, I also checked file /etc/inc/dyndns.class in pfSense's filesystem and the definition of EuroDNS is follows:

        Indeed this is the root cause of the problem.

        It appears to me that the ssl certificate of the update server of EuroDNS is in fact valid if you just open it in a browser and I am not sure why it happens or if it is a bug.

        I had the same problem with freeDNS (you can read this: http://freedns.afraid.org/news/ )

        (If I change "https://update.eurodyndns.org/update/" to "http://update.eurodyndns.org/update/" in /etc/inc/dyndns.class, the update works again. But I guess it is just a walkaround and some permanent solutions are still needed.)

        You have to wait until you provider (EuroDNS) is resolving his certificate problem or you have to live (for the moment) with the solution you already have found.

        Regards,
        fireodo

        Kettop Mi4300YL, CPU: i5-4300Y @ 1.60GHz, RAM: 8GB, 4Ports
        SanDisk pSSD-S2 16GB (ZFS), WLE200NX (WiFi)
        Pfsense 2.6.0
        PKGs: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG-devel, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

        M 1 Reply Last reply Reply Quote 0
        • M
          mamsds @fireodo last edited by

          @fireodo said in Dynamic DNS support for EuroDNS not working:

          freeDNS

          @fireodo Hi, yes your answer explains it. However, I just checked the link you posted and it said that:

          "if you have an out of date CA root store in your TLS client, automatic dynamic updates (over TLS only) may not be working for you starting today due to a upstream TLS provider chain key change."

          As I understand, does it mean that it is pfSense which is not updating the certificate repository correctly so curl failed to recognized the updated certificate of EuroDNS? Also, my Firefox thinks the ssl certificate of EuroDNS server is valid.

          fireodo 1 Reply Last reply Reply Quote 0
          • fireodo
            fireodo @mamsds last edited by

            @mamsds said in Dynamic DNS support for EuroDNS not working:

            As I understand, does it mean that it is pfSense which is not updating the certificate repository correctly so curl failed to recognized the updated certificate of EuroDNS? Also, my Firefox thinks the ssl certificate of EuroDNS server is valid.

            You may search the pfsense forum there is a post where a user has modified the pfsense certificates. (/usr/local/share/certs/ca-root-nss.crt)
            He has eliminated a expired certificate - be careful and make a backup before!

            Kettop Mi4300YL, CPU: i5-4300Y @ 1.60GHz, RAM: 8GB, 4Ports
            SanDisk pSSD-S2 16GB (ZFS), WLE200NX (WiFi)
            Pfsense 2.6.0
            PKGs: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG-devel, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post