Auto Renewal Fails for DNS easyDNS

kiekar

Hello,

I'm running the latest version of ACME 0.6.9_3 and pfSense 2.4.5-p1. My last two production auto renewals and one staging test has failed to updated the cert using DNS challenge with easyDNS however each time I was able to issue a new cert by manually using
the issue/renew button on the certificates page.

Not sure if the issue resides on the pfSense side or the easyDNS api. Not sure where to look in the log file due to the amount of output lines.

below is the output from the end of the log file for the failure at 3:19 and success at 7:59

Any help would be much appreciated.

Thanks,

date: Sat, 30 Jan 2021 08:19:19 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 17817579
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0004joNGEgDnpJ32_bjutfo9buFQ8C7uTlJS8zAqtEaGaYU

'
[Sat Jan 30 03:19:19 EST 2021] code='400'
[Sat Jan 30 03:19:19 EST 2021] original='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[Sat Jan 30 03:19:19 EST 2021] response='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'

[Sat Jan 30 07:59:38 EST 2021] Found cert chain
[Sat Jan 30 07:59:38 EST 2021] _end_n='31'
[Sat Jan 30 07:59:38 EST 2021] Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fae1c038cade4c28b3bed1df12c5756e9d74'
[Sat Jan 30 07:59:38 EST 2021] OK
[Sat Jan 30 07:59:38 EST 2021] 12:Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fae1c038cade4c28b3bed1df12c5756e9d74'
[Sat Jan 30 07:59:38 EST 2021] Cert success.
[Sat Jan 30 07:59:38 EST 2021] Your cert is in  /tmp/acme/MyCert//www.mydomain.com/www.mydomain.com.cer 
[Sat Jan 30 07:59:38 EST 2021] Your cert key is in  /tmp/acme/MyCert//www.mydomain.com/www.mydomain.com.key 
[Sat Jan 30 07:59:38 EST 2021] APP
[Sat Jan 30 07:59:38 EST 2021] 7:USER_PATH='/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/'
[Sat Jan 30 07:59:38 EST 2021] v2 chain.
[Sat Jan 30 07:59:38 EST 2021] The intermediate CA cert is in  /tmp/acme/MyCert//www.mydomain.com/ca.cer 
[Sat Jan 30 07:59:38 EST 2021] And the full chain certs is there:  /tmp/acme/MyCert//www.mydomain.com/fullchain.cer 
[Sat Jan 30 07:59:38 EST 2021] OK
[Sat Jan 30 07:59:38 EST 2021] 13:Le_CertCreateTime='1612011578'
[Sat Jan 30 07:59:38 EST 2021] OK
[Sat Jan 30 07:59:38 EST 2021] 14:Le_CertCreateTimeStr='Sat Jan 30 12:59:38 UTC 2021'
[Sat Jan 30 07:59:38 EST 2021] OK
[Sat Jan 30 07:59:38 EST 2021] 15:Le_NextRenewTimeStr='Wed Mar 31 12:59:38 UTC 2021'
[Sat Jan 30 07:59:38 EST 2021] OK
[Sat Jan 30 07:59:38 EST 2021] 16:Le_NextRenewTime='1617109178'
[Sat Jan 30 07:59:38 EST 2021] OK
[Sat Jan 30 07:59:38 EST 2021] 17:Le_RealCertPath=''
[Sat Jan 30 07:59:38 EST 2021] OK
[Sat Jan 30 07:59:38 EST 2021] 18:Le_RealCACertPath=''
[Sat Jan 30 07:59:38 EST 2021] OK
[Sat Jan 30 07:59:38 EST 2021] 19:Le_RealKeyPath=''
[Sat Jan 30 07:59:38 EST 2021] base64 single line.
[Sat Jan 30 07:59:38 EST 2021] OK
[Sat Jan 30 07:59:38 EST 2021] 20:Le_ReloadCmd='__ACME_BASE64__START_L3RtcC9hY21lLzUyMjBkZXNzb3VyY2VzQ2VydC9yZWxvYWRjbWQuc2g=__ACME_BASE64__END_'
[Sat Jan 30 07:59:38 EST 2021] OK
[Sat Jan 30 07:59:38 EST 2021] 21:Le_RealFullChainPath=''
[Sat Jan 30 07:59:38 EST 2021] Run reload cmd: /tmp/acme/MyCert/reloadcmd.sh
[Sat Jan 30 07:59:38 EST 2021] Reload success
[Sat Jan 30 07:59:38 EST 2021] _on_issue_success
[Sat Jan 30 07:59:38 EST 2021] '' does not contain 'dns'