Help with ACME “Challenge-Alias” (AKA Alias mode)
-
I have a domain and my DNS provider is hostgator who doesn’t have a DNS API.
I use duckdns as my DDNS provider who happen to have an ACME DNS API.
What I want to do is to use the ACME “Challenge Alias” so i can issue certificates for my subdomain by using my duckdns url for validation purposes only as described here https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
But i cannot get this to work for the life of me. Has any of you used this feature before?
These are the CNAME DNS records for my subdomain
This is the SAN list configuration in PFSense
And this is the end result
I’m at lost here. Any suggestions on how to properly use the “Challenge-Alias” would be greatly appreciated.
-
@lrossi
Upfront, I never used Alias mode.But :
when you want to use alias mode, shouldn't you have to check alias mode ??
This looks strange :
I have the same line in my logs, and I see :
[Tue Jan 4 03:16:03 CET 2022] Multi domain='DNS:my-domaine.tld,DNS:*.my-domaine.tld'
where I have "my-domaine.tld" as that is my domain.
You are not "duckdns.org". -
@gertjan
I was able to get it working thanks in part for your suggestion of checking the option “Enable DNS domain alias mode”.The other part of the problem was that I typed the wrong CNAME information in my DNS provider.
I had:
_acme-challenge.cloud.MYDOMAIN.com --> MYDDNS.duckdns.orgThe acme challenge Alias needs this CNAME to be
_acme-challenge.cloud.MYDOMAIN.com --> _acme-challenge.MYDDNS.duckdns.org
After making these corrections ACME was able to issue a certificate for my domain as expected.
Thank you so much for the help.
