Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ни кто не наблюдает проблем с получением сертов Let’s Encrypt через плагин ACME в PF?

    Scheduled Pinned Locked Moved Russian
    2 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sirota
      last edited by

      PF 2.5.2-RELEASE (amd64)
      ACME 0.6.10

      на нескольких доменах такое:

      xxx.ru
Renewing certificate 
account: xxx.ru 
server: letsencrypt-production-2 

/usr/local/pkg/acme/acme.sh  --issue  --domain '*.xxx.ru' --dns 'dns_regru'  --domain 'xxx.ru' --dns 'dns_regru'  --home '/tmp/acme/xxx.ru/' --accountconf '/tmp/acme/xxx.ru/accountconf.conf' --force --reloadCmd '/tmp/acme/xxx.ru/reloadcmd.sh' --log-level 3 --log '/tmp/acme/xxx.ru/acme_issuecert.log'
Array
(
    [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
    [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
    [REGRU_API_Username] => email
    [REGRU_API_Password] => pwd
)
[Tue Nov 23 09:02:47 MSK 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Nov 23 09:02:47 MSK 2021] Multi domain='DNS:*.xxx.ru,DNS:xxx.ru'
[Tue Nov 23 09:02:47 MSK 2021] Getting domain auth token for each domain
[Tue Nov 23 09:02:50 MSK 2021] Getting webroot for domain='*.xxx.ru'
[Tue Nov 23 09:02:50 MSK 2021] Getting webroot for domain='xxx.ru'
[Tue Nov 23 09:02:50 MSK 2021] Adding txt value: TopmH_SUEwgQXFEQIo8JK7LucrElby21KE_Lum26sSU for domain:  _acme-challenge.xxx.ru
[Tue Nov 23 09:02:50 MSK 2021] Adding TXT record to _acme-challenge.xxx.ru
[Tue Nov 23 09:02:51 MSK 2021] The txt record is added: Success.
[Tue Nov 23 09:02:51 MSK 2021] Adding txt value: tHHvnGWPubLEsYrtfvFo4coaWTECN-er3GnIVyhfiv4 for domain:  _acme-challenge.xxx.ru
[Tue Nov 23 09:02:51 MSK 2021] Adding TXT record to _acme-challenge.xxx.ru
[Tue Nov 23 09:02:51 MSK 2021] The txt record is added: Success.
[Tue Nov 23 09:02:51 MSK 2021] Let's check each DNS record now. Sleep 20 seconds first.
[Tue Nov 23 09:03:11 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru
[Tue Nov 23 09:03:12 MSK 2021] Domain xxx.ru '_acme-challenge.xxx.ru' success.
[Tue Nov 23 09:03:12 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru
[Tue Nov 23 09:03:12 MSK 2021] Not valid yet, let's wait 10 seconds and check next one.
[Tue Nov 23 09:03:23 MSK 2021] Let's wait 10 seconds and check again.
[Tue Nov 23 09:03:33 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru
[Tue Nov 23 09:03:33 MSK 2021] Already success, continue next one.
[Tue Nov 23 09:03:33 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru
[Tue Nov 23 09:03:34 MSK 2021] Not valid yet, let's wait 10 seconds and check next one.
[Tue Nov 23 09:03:45 MSK 2021] Let's wait 10 seconds and check again.
[Tue Nov 23 09:03:55 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru
[Tue Nov 23 09:03:55 MSK 2021] Already success, continue next one.
[Tue Nov 23 09:03:55 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru
[Tue Nov 23 09:03:55 MSK 2021] Not valid yet, let's wait 10 seconds and check next one.
[Tue Nov 23 09:04:05 MSK 2021] Let's wait 10 seconds and check again.
[Tue Nov 23 09:04:15 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru
[Tue Nov 23 09:04:15 MSK 2021] Already success, continue next one.
[Tue Nov 23 09:04:15 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru
[Tue Nov 23 09:04:15 MSK 2021] Not valid yet, let's wait 10 seconds and check next one.
[Tue Nov 23 09:04:25 MSK 2021] Let's wait 10 seconds and check again.
[Tue Nov 23 09:04:35 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru
[Tue Nov 23 09:04:35 MSK 2021] Already success, continue next one.
[Tue Nov 23 09:04:35 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru
[Tue Nov 23 09:04:36 MSK 2021] Domain xxx.ru '_acme-challenge.xxx.ru' success.
[Tue Nov 23 09:04:36 MSK 2021] All success, let's return
[Tue Nov 23 09:04:36 MSK 2021] Verifying: *.xxx.ru
[Tue Nov 23 09:04:36 MSK 2021] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Tue Nov 23 09:04:41 MSK 2021] Removing DNS records.
[Tue Nov 23 09:04:41 MSK 2021] Removing txt: TopmH_SUEwgQXFEQIo8JK7LucrElby21KE_Lum26sSU for domain: _acme-challenge.xxx.ru
[Tue Nov 23 09:04:42 MSK 2021] Deleting resource record _acme-challenge.xxx.ru
[Tue Nov 23 09:04:42 MSK 2021] Removed: Success
[Tue Nov 23 09:04:42 MSK 2021] Removing txt: tHHvnGWPubLEsYrtfvFo4coaWTECN-er3GnIVyhfiv4 for domain: _acme-challenge.xxx.ru
[Tue Nov 23 09:04:42 MSK 2021] Deleting resource record _acme-challenge.xxx.ru
[Tue Nov 23 09:04:42 MSK 2021] Removed: Success
[Tue Nov 23 09:03:55 MSK 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Tue Nov 23 09:03:55 MSK 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Tue Nov 23 09:04:15 MSK 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Tue Nov 23 09:04:15 MSK 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Tue Nov 23 09:04:41 MSK 2021] *.xxx.ru:Verify error:During secondary validation: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xxx.ru - check that a DNS record exists for this domain
[Tue Nov 23 09:04:42 MSK 2021] Please check log file for more details: /tmp/acme/xxx.ru/acme_issuecert.log

      Последний раз сертификаты получались в сентябре.

      1 Reply Last reply Reply Quote 0
      • S
        sirota
        last edited by sirota

        Проблему удалось локализовать. Дело в том что я получал сертификат на *.site.ru и на site.ru (все в пределах одного серта). В сентябре это работало, а вот видимо позже... Сейчас оставил только *.site.ru и все взлетело с первого раза. Поставил site.ru а потом *.site.ru и опять же все заработало.
        Добавлю, что с сентября (как бы не в сентябре) я точно загружал конфиг. Есть вероятность что выгрузка-загрузка повлияла на очередность. Сейчас еще раз проверил. Последовательность *.site.ru - site.ru не сработала. А site.ru - *.site.ru да.

        1 Reply Last reply Reply Quote 3
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.