Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Error Updating Domain, Error Add Txt (Solved)

    Scheduled Pinned Locked Moved ACME
    4 Posts 1 Posters 3.5k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NollipfSenseN Offline
      NollipfSense
      last edited by NollipfSense

      I am using the latest ACME v 0.6.10_1 upgraded today...I used DNS-NSupdate method and here is a copy of the output:

      nollivoipserver_cert
      Renewing certificate
      account: nollivoipserver_key
      server: letsencrypt-production-2
      [Tue Feb 15 20:36:59 CST 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
      [Tue Feb 15 20:36:59 CST 2022] Single domain='nollivoipserver.nollicomm.net'
      [Tue Feb 15 20:36:59 CST 2022] Getting domain auth token for each domain
      [Tue Feb 15 20:37:01 CST 2022] Getting webroot for domain='nollivoipserver.nollicomm.net'
      [Tue Feb 15 20:37:01 CST 2022] Adding txt value: 7jo9LvRYJvtV06f3isoPhkb0O2wJXWEen6YO9sCnXPg for domain: _acme-challenge.nollivoipserver.nollicomm.net
      [Tue Feb 15 20:37:01 CST 2022] adding _acme-challenge.nollivoipserver.nollicomm.net. 60 in txt "7jo9LvRYJvtV06f3isoPhkb0O2wJXWEen6YO9sCnXPg"
      dns_request_getresponse: expected a TSIG or SIG(0)
      [Tue Feb 15 20:37:01 CST 2022] error updating domain
      [Tue Feb 15 20:37:01 CST 2022] Error add txt for domain:_acme-challenge.nollivoipserver.nollicomm.net
      [Tue Feb 15 20:37:01 CST 2022] Please check log file for more details: /tmp/acme/nollivoipserver_cert/acme_issuecert.log

      However, the log isn't clear what the problem is, so I am lost in understanding...should I have chosen a lower private key despite that I have the horsepower and memory on hardware? Where is it adding the txt? This post had a similar issue: https://forum.netgate.com/topic/145497/acme-dns-nsupdate-rfc-2136-issue/6 which according to Jimp, was a pfSense issue For server, I put registrar's nameserver and I left zone blank. Here is the log below:

      [Tue Feb 15 20:22:47 CST 2022] readlink exists=0
      [Tue Feb 15 20:22:47 CST 2022] dirname exists=0
      [Tue Feb 15 20:22:47 CST 2022] Lets find script dir.
      [Tue Feb 15 20:22:47 CST 2022] SCRIPT='/usr/local/pkg/acme/acme.sh'
      [Tue Feb 15 20:22:47 CST 2022] _script='/usr/local/pkg/acme/acme.sh'
      [Tue Feb 15 20:22:47 CST 2022] _script_home='/usr/local/pkg/acme'
      [Tue Feb 15 20:22:47 CST 2022] Using config home:/tmp/acme/nollivoipserver_cert/
      [Tue Feb 15 20:22:47 CST 2022] ACCOUNT_CONF_PATH='/tmp/acme/nollivoipserver_cert/accountconf.conf'
      [Tue Feb 15 20:22:47 CST 2022] APP
      [Tue Feb 15 20:22:47 CST 2022] 3:LOG_FILE='/tmp/acme/nollivoipserver_cert/acme_createdomainkey.log'
      [Tue Feb 15 20:22:48 CST 2022] APP
      [Tue Feb 15 20:22:48 CST 2022] 4:LOG_LEVEL='3'
      [Tue Feb 15 20:22:48 CST 2022] LE_WORKING_DIR='/tmp/acme/nollivoipserver_cert/'
      [Tue Feb 15 20:22:48 CST 2022] Running cmd: createDomainKey
      [Tue Feb 15 20:22:48 CST 2022] Creating domain key
      [Tue Feb 15 20:22:48 CST 2022] Using config home:/tmp/acme/nollivoipserver_cert/
      [Tue Feb 15 20:22:48 CST 2022] ACCOUNT_CONF_PATH='/tmp/acme/nollivoipserver_cert/accountconf.conf'
      [Tue Feb 15 20:22:48 CST 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
      [Tue Feb 15 20:22:48 CST 2022] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
      [Tue Feb 15 20:22:48 CST 2022] CA_CONF='/tmp/acme/nollivoipserver_cert//ca/acme-v02.api.letsencrypt.org/ca.conf'
      [Tue Feb 15 20:22:48 CST 2022] DOMAIN_PATH='/tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net'
      [Tue Feb 15 20:22:48 CST 2022] _createkey for file:/tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.key
      [Tue Feb 15 20:22:48 CST 2022] Use length 4096
      [Tue Feb 15 20:22:48 CST 2022] Using RSA: 4096
      [Tue Feb 15 20:22:48 CST 2022] APP
      [Tue Feb 15 20:22:48 CST 2022] 1:Le_Keylength='4096'
      [Tue Feb 15 20:22:48 CST 2022] The domain key is here: /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.key

      pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
      pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

      1 Reply Last reply Reply Quote 0
      • NollipfSenseN Offline
        NollipfSense
        last edited by

        The zone box states optional yet is it mandatory? Is the zone the domain name as here in my case nollicomm.net?

        Screen Shot 2022-02-16 at 12.20.25 PM.png

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • NollipfSenseN Offline
          NollipfSense
          last edited by

          @stephenw10 Please, is there a problem with the new ACME package as the thread above mentioned? I am getting similar errors, the latest: ; TSIG error with server: expected a TSIG or SIG(0)
          update failed: NOTIMP

          pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
          pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

          1 Reply Last reply Reply Quote 0
          • NollipfSenseN Offline
            NollipfSense
            last edited by NollipfSense

            It turned out that, after digging deeply into the issue, my domain registrar does not support DNS_NSupdate RFC2136. So, I switched name server to Cloudflare and after a few stumble, got my certificate...wipe off sweat for lots of reading, swearing, and more reading.

            [Fri Feb 18 13:04:37 CST 2022] Your cert is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.cer
            [Fri Feb 18 13:04:37 CST 2022] Your cert key is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.key
            [Fri Feb 18 13:04:37 CST 2022] The intermediate CA cert is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/ca.cer
            [Fri Feb 18 13:04:37 CST 2022] And the full chain certs is there: /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/fullchain.cer
            [Fri Feb 18 13:04:37 CST 2022] Run reload cmd: /tmp/acme/nollivoipserver_cert/reloadcmd.sh

            pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
            pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.