• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Help with ACME “Challenge-Alias” (AKA Alias mode)

Scheduled Pinned Locked Moved ACME
3 Posts 2 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    lrossi
    last edited by Jan 26, 2022, 10:48 AM

    I have a domain and my DNS provider is hostgator who doesn’t have a DNS API.

    I use duckdns as my DDNS provider who happen to have an ACME DNS API.

    What I want to do is to use the ACME “Challenge Alias” so i can issue certificates for my subdomain by using my duckdns url for validation purposes only as described here https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode

    But i cannot get this to work for the life of me. Has any of you used this feature before?

    These are the CNAME DNS records for my subdomain
    CNAME1.jpg CNAME2.jpg

    This is the SAN list configuration in PFSense
    PFSense-SAN-list.jpg

    And this is the end result
    ACME Results.jpg

    I’m at lost here. Any suggestions on how to properly use the “Challenge-Alias” would be greatly appreciated.

    G 1 Reply Last reply Jan 26, 2022, 11:58 AM Reply Quote 0
    • G
      Gertjan @lrossi
      last edited by Jan 26, 2022, 11:58 AM

      @lrossi
      Upfront, I never used Alias mode.

      But :

      28f7555a-80f6-4b7d-8dc1-c11355b1eed1-image.png

      when you want to use alias mode, shouldn't you have to check alias mode ??

      This looks strange :

      adeabbb3-9d62-4a38-9539-c02ddd2bc76a-image.png

      I have the same line in my logs, and I see :

      [Tue Jan 4 03:16:03 CET 2022] Multi domain='DNS:my-domaine.tld,DNS:*.my-domaine.tld'

      where I have "my-domaine.tld" as that is my domain.
      You are not "duckdns.org".

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      L 1 Reply Last reply Jan 27, 2022, 9:40 AM Reply Quote 1
      • L
        lrossi @Gertjan
        last edited by Jan 27, 2022, 9:40 AM

        @gertjan
        I was able to get it working thanks in part for your suggestion of checking the option “Enable DNS domain alias mode”.

        The other part of the problem was that I typed the wrong CNAME information in my DNS provider.

        I had:

        _acme-challenge.cloud.MYDOMAIN.com  -->   MYDDNS.duckdns.org
        

        The acme challenge Alias needs this CNAME to be

        _acme-challenge.cloud.MYDOMAIN.com  -->   _acme-challenge.MYDDNS.duckdns.org
        

        CNAME-corrected.jpg

        After making these corrections ACME was able to issue a certificate for my domain as expected.

        Thank you so much for the help.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received