Problem with cert renew, NameSilo/DuckDNS (logs included) - Unable to add the DNS record.
My certificate is valid until 18.10.20 so I need to fix this in not so long.
I have my new LetsEncrypt certificate working from when I made it in the summer, but now when I will have my first renewal it will not work. I have tried to reboot PFsense and I have altso tried to manualy delete the _acme-challenge that is made by pfSense on NameSilo.
But renewal always fail
×LE_Root_Cert Renewing certificate account: LE_Cert server: letsencrypt-production-2 /usr/local/pkg/acme/acme.sh --issue -d '*.my_domain_name.top' --dns 'dns_namesilo' --home '/tmp/acme/LE_Root_Cert/' --accountconf '/tmp/acme/LE_Root_Cert/accountconf.conf' --force --reloadCmd '/tmp/acme/LE_Root_Cert/reloadcmd.sh' --log-level 3 --log '/tmp/acme/LE_Root_Cert/acme_issuecert.log' Array ( [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/ [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/ [Namesilo_Key] => 744***************fa30 ) [Sat Oct 10 16:04:54 CEST 2020] Single domain='*.my_domain_name.top' [Sat Oct 10 16:04:54 CEST 2020] Getting domain auth token for each domain [Sat Oct 10 16:04:56 CEST 2020] Getting webroot for domain='*.my_domain_name.top' [Sat Oct 10 16:04:56 CEST 2020] Adding txt value: E4WS7aqoxaCLbIw-uUb-uq-cprjpnh3U6UnoRQ_j4cs for domain: _acme-challenge.my_domain_name.top [Sat Oct 10 16:04:57 CEST 2020] Unable to add the DNS record. [Sat Oct 10 16:04:57 CEST 2020] Error add txt for domain:_acme-challenge.my_domain_name.top [Sat Oct 10 16:04:57 CEST 2020] Please check log file for more details: /tmp/acme/LE_Root_Cert/acme_issuecert.log
encountering the same issue; @Flemmingss - have you had any more sucess with this?
i noticed this happend for my last renew date in August however regenerated a new API key fom namesilo, and it resolved itself, put it down to a hiccup... not the case this time
I changed my DNS records to A records to my IP insted of CNAME to my duckdns.
It still did not work for 3 days or somthing, but then just one morning I had a updated certificate. So i dont know if this change had anything to do with it or not.
* A MY-IP NA 7207* 3rd-party www A MY-IP NA 7207* 3rd-party
@Flemmingss Thanks for the info,
every time ACME was able to successfully change the txt record in NameSilo, then was reporting a failure identical to yours, at this stage can only assume is related to DNS propegation and the script timing out.
Had no issue renewing via DNS-Manual and waiting ~10min for the txt file update.
will revist this in 2021 for the next renewal :)