Problem with cert renew, NameSilo/DuckDNS (logs included) - Unable to add the DNS record.



  • My certificate is valid until 18.10.20 so I need to fix this in not so long.
    anyway.
    I have my new LetsEncrypt certificate working from when I made it in the summer, but now when I will have my first renewal it will not work. I have tried to reboot PFsense and I have altso tried to manualy delete the _acme-challenge that is made by pfSense on NameSilo.

    But renewal always fail

    General System Log: https://pastebin.com/hVDc28BX
    acme_issuecert.log https://pastebin.ubuntu.com/p/Z4RWx7hFff/

    ×LE_Root_Cert
    Renewing certificate 
    account: LE_Cert 
    server: letsencrypt-production-2 
    
    /usr/local/pkg/acme/acme.sh  --issue  -d '*.my_domain_name.top' --dns 'dns_namesilo'  --home '/tmp/acme/LE_Root_Cert/' --accountconf '/tmp/acme/LE_Root_Cert/accountconf.conf' --force --reloadCmd '/tmp/acme/LE_Root_Cert/reloadcmd.sh' --log-level 3 --log '/tmp/acme/LE_Root_Cert/acme_issuecert.log'
    Array
    (
        [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
        [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
        [Namesilo_Key] => 744***************fa30
    )
    [Sat Oct 10 16:04:54 CEST 2020] Single domain='*.my_domain_name.top'
    [Sat Oct 10 16:04:54 CEST 2020] Getting domain auth token for each domain
    [Sat Oct 10 16:04:56 CEST 2020] Getting webroot for domain='*.my_domain_name.top'
    [Sat Oct 10 16:04:56 CEST 2020] Adding txt value: E4WS7aqoxaCLbIw-uUb-uq-cprjpnh3U6UnoRQ_j4cs for domain:  _acme-challenge.my_domain_name.top
    [Sat Oct 10 16:04:57 CEST 2020] Unable to add the DNS record.
    [Sat Oct 10 16:04:57 CEST 2020] Error add txt for domain:_acme-challenge.my_domain_name.top
    [Sat Oct 10 16:04:57 CEST 2020] Please check log file for more details: /tmp/acme/LE_Root_Cert/acme_issuecert.log
    

    NameSilo:

    cert config:
    26c5a3c1-1414-45bc-ad7c-cac76fb59b59-image.png



  • encountering the same issue; @Flemmingss - have you had any more sucess with this?

    i noticed this happend for my last renew date in August however regenerated a new API key fom namesilo, and it resolved itself, put it down to a hiccup... not the case this time



  • Nop.

    I changed my DNS records to A records to my IP insted of CNAME to my duckdns.
    It still did not work for 3 days or somthing, but then just one morning I had a updated certificate. So i dont know if this change had anything to do with it or not.

    *	A	MY-IP	NA	7207*	3rd-party		
    www	A	MY-IP	NA	7207*	3rd-party
    


  • @Flemmingss Thanks for the info,

    every time ACME was able to successfully change the txt record in NameSilo, then was reporting a failure identical to yours, at this stage can only assume is related to DNS propegation and the script timing out.

    Had no issue renewing via DNS-Manual and waiting ~10min for the txt file update.

    will revist this in 2021 for the next renewal :)


Log in to reply