Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with ACME “Challenge-Alias” (AKA Alias mode)

    Scheduled Pinned Locked Moved ACME
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lrossi
      last edited by

      I have a domain and my DNS provider is hostgator who doesn’t have a DNS API.

      I use duckdns as my DDNS provider who happen to have an ACME DNS API.

      What I want to do is to use the ACME “Challenge Alias” so i can issue certificates for my subdomain by using my duckdns url for validation purposes only as described here https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode

      But i cannot get this to work for the life of me. Has any of you used this feature before?

      These are the CNAME DNS records for my subdomain
      CNAME1.jpg CNAME2.jpg

      This is the SAN list configuration in PFSense
      PFSense-SAN-list.jpg

      And this is the end result
      ACME Results.jpg

      I’m at lost here. Any suggestions on how to properly use the “Challenge-Alias” would be greatly appreciated.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @lrossi
        last edited by

        @lrossi
        Upfront, I never used Alias mode.

        But :

        28f7555a-80f6-4b7d-8dc1-c11355b1eed1-image.png

        when you want to use alias mode, shouldn't you have to check alias mode ??

        This looks strange :

        adeabbb3-9d62-4a38-9539-c02ddd2bc76a-image.png

        I have the same line in my logs, and I see :

        [Tue Jan 4 03:16:03 CET 2022] Multi domain='DNS:my-domaine.tld,DNS:*.my-domaine.tld'

        where I have "my-domaine.tld" as that is my domain.
        You are not "duckdns.org".

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        L 1 Reply Last reply Reply Quote 1
        • L
          lrossi @Gertjan
          last edited by

          @gertjan
          I was able to get it working thanks in part for your suggestion of checking the option “Enable DNS domain alias mode”.

          The other part of the problem was that I typed the wrong CNAME information in my DNS provider.

          I had:

          _acme-challenge.cloud.MYDOMAIN.com  -->   MYDDNS.duckdns.org
          

          The acme challenge Alias needs this CNAME to be

          _acme-challenge.cloud.MYDOMAIN.com  -->   _acme-challenge.MYDDNS.duckdns.org
          

          CNAME-corrected.jpg

          After making these corrections ACME was able to issue a certificate for my domain as expected.

          Thank you so much for the help.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.