Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    acme and amazon route 53 chooses wrong DNS zone

    ACME
    2
    2
    132
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TheBigBear last edited by TheBigBear

      Hi folks,

      Thanks for having this nice ACME pkg included right in the pfSense GUI. Unfortunately I found that the ACME pkg unfortunately does a "bottom-up" or "right-to-left" search for Amazon zones when it should do a "top-down" or "left-to-right" search instead.

      And BTW it only does it in the wrong order for production in staging it get's the search order right.

      assume the following zones at amazon route53

      site.com zone abc1
      sub.site.com zone abc2
      level4.sub.site.com zone abc3
      _acme.challenge.level4.sub.site.com zone abc4

      So whilst trying to get an LE certificate for dns domain name 'level4.sub.site.com' it reports that the IAM restricted user does not have rights on zone abc1 when trying to issue a production certificate, when it should have checked rights for zone abc4 instead. But when using the staging LE servers it does properly check for rights on zone abc4.

      Can you please look into this behaviour and correct it, please?

      Thanks in advance.

      Please be in touch if I need to make some test domain(s) available for testing this and getting it fixed on amazon route 53.

      And if this is not the right place to report this, then please point me in the right direction.

      All the best and stay healthy.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        You would want to raise that issue with the acme.sh project directly, since we do not maintain the code which interacts with DNS providers, they do.

        https://github.com/acmesh-official/acme.sh/issues

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy