DNS-MadeEasy update option not working

cjbujold

When trying to update my certificates using the DNSMadeEasy option I get nothing in DNSMadeeasy DNS txt section and I get a copy of the certificate in the response. It looks like it is using WEBroot option by default and not the DNSMadeEasy option.

Community Edition

System
Interfaces
Firewall
Services
VPN
Status
Diagnostics
Help

ServicesAcmeCertificates

accra
Renewing certificate
account: accra
server: letsencrypt-production-2

/usr/local/pkg/acme/acme.sh --issue --domain 'accra.ca' --dns 'dns_me' --domain 'protector.accra.ca' --dns 'dns_me' --domain 'geneabujold.accra.ca' --dns 'dns_me' --domain 'famille.accra.ca' --dns 'dns_me' --domain 'remotehelp.accra.ca' --dns 'dns_me' --domain 'ftpweb.accra.ca' --dns 'dns_me' --domain 'securebackup.accra.ca' --dns 'dns_me' --domain 'support.accra.ca' --dns 'dns_me' --home '/tmp/acme/accra/' --accountconf '/tmp/acme/accra/accountconf.conf' --force --reloadCmd '/tmp/acme/accra/reloadcmd.sh' --log-level 3 --log '/tmp/acme/accra/acme_issuecert.log'
Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[ME_Key] => 0A..........
[ME_Secret] => e00.............
)
[Wed Oct 28 10:24:46 ADT 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Oct 28 10:24:47 ADT 2020] Multi domain='DNS:accra.ca,DNS:protector.accra.ca,DNS:geneabujold.accra.ca,DNS:famille.accra.ca,DNS:remotehelp.accra.ca,DNS:ftpweb.accra.ca,DNS:securebackup.accra.ca,DNS:support.accra.ca'
[Wed Oct 28 10:24:47 ADT 2020] Getting domain auth token for each domain
[Wed Oct 28 10:24:50 ADT 2020] Getting webroot for domain='accra.ca'
[Wed Oct 28 10:24:50 ADT 2020] Getting webroot for domain='protector.accra.ca'
[Wed Oct 28 10:24:50 ADT 2020] Getting webroot for domain='geneabujold.accra.ca'
[Wed Oct 28 10:24:50 ADT 2020] Getting webroot for domain='famille.accra.ca'
[Wed Oct 28 10:24:50 ADT 2020] Getting webroot for domain='remotehelp.accra.ca'
[Wed Oct 28 10:24:50 ADT 2020] Getting webroot for domain='ftpweb.accra.ca'
[Wed Oct 28 10:24:50 ADT 2020] Getting webroot for domain='securebackup.accra.ca'
[Wed Oct 28 10:24:50 ADT 2020] Getting webroot for domain='support.accra.ca'
[Wed Oct 28 10:24:50 ADT 2020] accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] protector.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] geneabujold.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] famille.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] remotehelp.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] ftpweb.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] securebackup.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] support.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:51 ADT 2020] Verify finished, start to sign.
[Wed Oct 28 10:24:51 ADT 2020] Lets finalize the order.
[Wed Oct 28 10:24:51 ADT 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/14023716/5910747980'
[Wed Oct 28 10:24:51 ADT 2020] Downloading cert.
[Wed Oct 28 10:24:51 ADT 2020] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03714be44409f115badb10970afd5e33679b'
[Wed Oct 28 10:24:52 ADT 2020] Cert success.
-----BEGIN CERTIFICATE-----
MIIF1TCCBL2gAwIB.....................
-----END CERTIFICATE-----
[Wed Oct 28 10:24:52 ADT 2020] Your cert is in /tmp/acme/accra//accra.ca/accra.ca.cer
[Wed Oct 28 10:24:52 ADT 2020] Your cert key is in /tmp/acme/accra//accra.ca/accra.ca.key
[Wed Oct 28 10:24:52 ADT 2020] The intermediate CA cert is in /tmp/acme/accra//accra.ca/ca.cer
[Wed Oct 28 10:24:52 ADT 2020] And the full chain certs is there: /tmp/acme/accra//accra.ca/fullchain.cer
[Wed Oct 28 10:24:52 ADT 2020] Run reload cmd: /tmp/acme/accra/reloadcmd.sh

IMPORT CERT accra, /tmp/acme/accra/accra.ca/accra.ca.key, /tmp/acme/accra/accra.ca/accra.ca.cer
update cert![Wed Oct 28 10:24:54 ADT 2020] Reload success

General settings
Certificates
Account keys

Search
Search term
Enter a search string or *nix regular expression to search certificate names and distinguished names.
Certificates
Renew Actions
accra accra certificate accra Fri, 28 Aug 2020 08:48:16 -0300
Use the search box to filter the list and show only matching entries.
Click table column headers to sort table entries. Do not use the movement/reordering controls after sorting the table.

pfSense is developed and maintained by Netgate. ESF 2004 - 2020 View license.

jimp

@cjbujold said in DNS-MadeEasy update option not working:

[Wed Oct 28 10:24:50 ADT 2020] accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] protector.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] geneabujold.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] famille.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] remotehelp.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] ftpweb.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] securebackup.accra.ca is already verified, skip dns-01.
[Wed Oct 28 10:24:50 ADT 2020] support.accra.ca is already verified, skip dns-01.

The cert was already renewed recently, so it skipped the DNS check since it was still verified. The verification lasts a while, I think it's a week. So if you created or renewed the certificate in the last few days then it won't need to make the TXT records again yet.