Problem with cert renew, NameSilo/DuckDNS (logs included) - Unable to add the DNS record.
-
My certificate is valid until 18.10.20 so I need to fix this in not so long.
anyway.
I have my new LetsEncrypt certificate working from when I made it in the summer, but now when I will have my first renewal it will not work. I have tried to reboot PFsense and I have altso tried to manualy delete the _acme-challenge that is made by pfSense on NameSilo.But renewal always fail
General System Log: https://pastebin.com/hVDc28BX
acme_issuecert.log https://pastebin.ubuntu.com/p/Z4RWx7hFff/×LE_Root_Cert Renewing certificate account: LE_Cert server: letsencrypt-production-2 /usr/local/pkg/acme/acme.sh --issue -d '*.my_domain_name.top' --dns 'dns_namesilo' --home '/tmp/acme/LE_Root_Cert/' --accountconf '/tmp/acme/LE_Root_Cert/accountconf.conf' --force --reloadCmd '/tmp/acme/LE_Root_Cert/reloadcmd.sh' --log-level 3 --log '/tmp/acme/LE_Root_Cert/acme_issuecert.log' Array ( [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/ [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/ [Namesilo_Key] => 744***************fa30 ) [Sat Oct 10 16:04:54 CEST 2020] Single domain='*.my_domain_name.top' [Sat Oct 10 16:04:54 CEST 2020] Getting domain auth token for each domain [Sat Oct 10 16:04:56 CEST 2020] Getting webroot for domain='*.my_domain_name.top' [Sat Oct 10 16:04:56 CEST 2020] Adding txt value: E4WS7aqoxaCLbIw-uUb-uq-cprjpnh3U6UnoRQ_j4cs for domain: _acme-challenge.my_domain_name.top [Sat Oct 10 16:04:57 CEST 2020] Unable to add the DNS record. [Sat Oct 10 16:04:57 CEST 2020] Error add txt for domain:_acme-challenge.my_domain_name.top [Sat Oct 10 16:04:57 CEST 2020] Please check log file for more details: /tmp/acme/LE_Root_Cert/acme_issuecert.log
NameSilo:
- CNAME flemmingss.duckdns.org NA 7207* 3rd-party
www CNAME flemmingss.duckdns.org
cert config:
- CNAME flemmingss.duckdns.org NA 7207* 3rd-party
-
encountering the same issue; @Flemmingss - have you had any more sucess with this?
i noticed this happend for my last renew date in August however regenerated a new API key fom namesilo, and it resolved itself, put it down to a hiccup... not the case this time
-
Nop.
I changed my DNS records to A records to my IP insted of CNAME to my duckdns.
It still did not work for 3 days or somthing, but then just one morning I had a updated certificate. So i dont know if this change had anything to do with it or not.* A MY-IP NA 7207* 3rd-party www A MY-IP NA 7207* 3rd-party
-
@Flemmingss Thanks for the info,
every time ACME was able to successfully change the txt record in NameSilo, then was reporting a failure identical to yours, at this stage can only assume is related to DNS propegation and the script timing out.
Had no issue renewing via DNS-Manual and waiting ~10min for the txt file update.
will revist this in 2021 for the next renewal :)
-
Anyone found a solution?
I have the same issue.LE_Root_Cert
Renewing certificate
account: LE_Cert
server: letsencrypt-production-2/usr/local/pkg/acme/acme.sh --issue --domain '.domain.cloud' --dns 'dns_namesilo' --home '/tmp/acme/LE_Root_Cert/' --accountconf '/tmp/acme/LE_Root_Cert/accountconf.conf' --force --reloadCmd '/tmp/acme/LE_Root_Cert/reloadcmd.sh' --log-level 3 --log '/tmp/acme/LE_Root_Cert/acme_issuecert.log'
Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[Namesilo_Key] => Token_Key
)
[Tue Feb 16 17:43:50 UTC 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Feb 16 17:43:50 UTC 2021] Single domain='.domain.cloud'
[Tue Feb 16 17:43:50 UTC 2021] Getting domain auth token for each domain
[Tue Feb 16 17:43:55 UTC 2021] Getting webroot for domain='*.domain.cloud'
[Tue Feb 16 17:43:55 UTC 2021] Adding txt value: pfH4ZsfW_6Xf5gjQTX6tJ-Jkq1YhmaA43L0JLizMZ_I for domain: _acme-challenge.domain.cloud
[Tue Feb 16 17:43:58 UTC 2021] Unable to add the DNS record.
[Tue Feb 16 17:43:58 UTC 2021] Error add txt for domain:_acme-challenge.domain.cloud
[Tue Feb 16 17:43:58 UTC 2021] Please check log file for more details: /tmp/acme/LE_Root_Cert/acme_issuecert.log -
@ngui1975
Hey Ngui,co-incidently i replaced my firewall a couple of months ago, yesterday morning was its first auto renew which worked without intervention;
i can only put it down to the script timing out before the updated record could propegate;
-
I never got this working
I did a workaround without duckdnsI ACME i added *.mydomain.com and DNS-Namesilo
And in namesilo I have:HOSTNAME TYPE ADDRESS / VALUE DISTANCE/PRIO TTL SERVICE EDIT DELETE * A MY_IP_HERE NA 7207* 3rd-party www A MY_IP_HERE NA 7207* 3rd-party
-
New .sh for duckdns released 4 days ago, try that to confirm if it's going to work for you.
ssh to your pfsense
cd /usr/local/pkg/acme/dnsapi mv dns_duckdns.sh dns_duckdns.sh.backup vi dns_duckdns.sh copy the code from github and save chmod 555 dns_duckdns.sh
then try again.
This worked for me 12th Jan 2021
https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_duckdns.sh
Tested today, working!
-
Hi Flemmings,
I do the same and worked.
After you can change again to cname *.duckdns.org and renew certificate again.
now is working fine.thanks to all