Ни кто не наблюдает проблем с получением сертов Let’s Encrypt через плагин ACME в PF?
-
PF 2.5.2-RELEASE (amd64)
ACME 0.6.10на нескольких доменах такое:
xxx.ru Renewing certificate account: xxx.ru server: letsencrypt-production-2 /usr/local/pkg/acme/acme.sh --issue --domain '*.xxx.ru' --dns 'dns_regru' --domain 'xxx.ru' --dns 'dns_regru' --home '/tmp/acme/xxx.ru/' --accountconf '/tmp/acme/xxx.ru/accountconf.conf' --force --reloadCmd '/tmp/acme/xxx.ru/reloadcmd.sh' --log-level 3 --log '/tmp/acme/xxx.ru/acme_issuecert.log' Array ( [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/ [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/ [REGRU_API_Username] => email [REGRU_API_Password] => pwd ) [Tue Nov 23 09:02:47 MSK 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory [Tue Nov 23 09:02:47 MSK 2021] Multi domain='DNS:*.xxx.ru,DNS:xxx.ru' [Tue Nov 23 09:02:47 MSK 2021] Getting domain auth token for each domain [Tue Nov 23 09:02:50 MSK 2021] Getting webroot for domain='*.xxx.ru' [Tue Nov 23 09:02:50 MSK 2021] Getting webroot for domain='xxx.ru' [Tue Nov 23 09:02:50 MSK 2021] Adding txt value: TopmH_SUEwgQXFEQIo8JK7LucrElby21KE_Lum26sSU for domain: _acme-challenge.xxx.ru [Tue Nov 23 09:02:50 MSK 2021] Adding TXT record to _acme-challenge.xxx.ru [Tue Nov 23 09:02:51 MSK 2021] The txt record is added: Success. [Tue Nov 23 09:02:51 MSK 2021] Adding txt value: tHHvnGWPubLEsYrtfvFo4coaWTECN-er3GnIVyhfiv4 for domain: _acme-challenge.xxx.ru [Tue Nov 23 09:02:51 MSK 2021] Adding TXT record to _acme-challenge.xxx.ru [Tue Nov 23 09:02:51 MSK 2021] The txt record is added: Success. [Tue Nov 23 09:02:51 MSK 2021] Let's check each DNS record now. Sleep 20 seconds first. [Tue Nov 23 09:03:11 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru [Tue Nov 23 09:03:12 MSK 2021] Domain xxx.ru '_acme-challenge.xxx.ru' success. [Tue Nov 23 09:03:12 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru [Tue Nov 23 09:03:12 MSK 2021] Not valid yet, let's wait 10 seconds and check next one. [Tue Nov 23 09:03:23 MSK 2021] Let's wait 10 seconds and check again. [Tue Nov 23 09:03:33 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru [Tue Nov 23 09:03:33 MSK 2021] Already success, continue next one. [Tue Nov 23 09:03:33 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru [Tue Nov 23 09:03:34 MSK 2021] Not valid yet, let's wait 10 seconds and check next one. [Tue Nov 23 09:03:45 MSK 2021] Let's wait 10 seconds and check again. [Tue Nov 23 09:03:55 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru [Tue Nov 23 09:03:55 MSK 2021] Already success, continue next one. [Tue Nov 23 09:03:55 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru [Tue Nov 23 09:03:55 MSK 2021] Not valid yet, let's wait 10 seconds and check next one. [Tue Nov 23 09:04:05 MSK 2021] Let's wait 10 seconds and check again. [Tue Nov 23 09:04:15 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru [Tue Nov 23 09:04:15 MSK 2021] Already success, continue next one. [Tue Nov 23 09:04:15 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru [Tue Nov 23 09:04:15 MSK 2021] Not valid yet, let's wait 10 seconds and check next one. [Tue Nov 23 09:04:25 MSK 2021] Let's wait 10 seconds and check again. [Tue Nov 23 09:04:35 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru [Tue Nov 23 09:04:35 MSK 2021] Already success, continue next one. [Tue Nov 23 09:04:35 MSK 2021] Checking xxx.ru for _acme-challenge.xxx.ru [Tue Nov 23 09:04:36 MSK 2021] Domain xxx.ru '_acme-challenge.xxx.ru' success. [Tue Nov 23 09:04:36 MSK 2021] All success, let's return [Tue Nov 23 09:04:36 MSK 2021] Verifying: *.xxx.ru [Tue Nov 23 09:04:36 MSK 2021] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds. [Tue Nov 23 09:04:41 MSK 2021] Removing DNS records. [Tue Nov 23 09:04:41 MSK 2021] Removing txt: TopmH_SUEwgQXFEQIo8JK7LucrElby21KE_Lum26sSU for domain: _acme-challenge.xxx.ru [Tue Nov 23 09:04:42 MSK 2021] Deleting resource record _acme-challenge.xxx.ru [Tue Nov 23 09:04:42 MSK 2021] Removed: Success [Tue Nov 23 09:04:42 MSK 2021] Removing txt: tHHvnGWPubLEsYrtfvFo4coaWTECN-er3GnIVyhfiv4 for domain: _acme-challenge.xxx.ru [Tue Nov 23 09:04:42 MSK 2021] Deleting resource record _acme-challenge.xxx.ru [Tue Nov 23 09:04:42 MSK 2021] Removed: Success [Tue Nov 23 09:03:55 MSK 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35 [Tue Nov 23 09:03:55 MSK 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35 [Tue Nov 23 09:04:15 MSK 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35 [Tue Nov 23 09:04:15 MSK 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35 [Tue Nov 23 09:04:41 MSK 2021] *.xxx.ru:Verify error:During secondary validation: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xxx.ru - check that a DNS record exists for this domain [Tue Nov 23 09:04:42 MSK 2021] Please check log file for more details: /tmp/acme/xxx.ru/acme_issuecert.log
Последний раз сертификаты получались в сентябре.
-
Проблему удалось локализовать. Дело в том что я получал сертификат на *.site.ru и на site.ru (все в пределах одного серта). В сентябре это работало, а вот видимо позже... Сейчас оставил только *.site.ru и все взлетело с первого раза. Поставил site.ru а потом *.site.ru и опять же все заработало.
Добавлю, что с сентября (как бы не в сентябре) я точно загружал конфиг. Есть вероятность что выгрузка-загрузка повлияла на очередность. Сейчас еще раз проверил. Последовательность *.site.ru - site.ru не сработала. А site.ru - *.site.ru да.