• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Error Updating Domain, Error Add Txt (Solved)

Scheduled Pinned Locked Moved ACME
4 Posts 1 Posters 3.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    NollipfSense
    last edited by NollipfSense Feb 18, 2022, 7:53 PM Feb 16, 2022, 3:40 AM

    I am using the latest ACME v 0.6.10_1 upgraded today...I used DNS-NSupdate method and here is a copy of the output:

    nollivoipserver_cert
    Renewing certificate
    account: nollivoipserver_key
    server: letsencrypt-production-2
    [Tue Feb 15 20:36:59 CST 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
    [Tue Feb 15 20:36:59 CST 2022] Single domain='nollivoipserver.nollicomm.net'
    [Tue Feb 15 20:36:59 CST 2022] Getting domain auth token for each domain
    [Tue Feb 15 20:37:01 CST 2022] Getting webroot for domain='nollivoipserver.nollicomm.net'
    [Tue Feb 15 20:37:01 CST 2022] Adding txt value: 7jo9LvRYJvtV06f3isoPhkb0O2wJXWEen6YO9sCnXPg for domain: _acme-challenge.nollivoipserver.nollicomm.net
    [Tue Feb 15 20:37:01 CST 2022] adding _acme-challenge.nollivoipserver.nollicomm.net. 60 in txt "7jo9LvRYJvtV06f3isoPhkb0O2wJXWEen6YO9sCnXPg"
    dns_request_getresponse: expected a TSIG or SIG(0)
    [Tue Feb 15 20:37:01 CST 2022] error updating domain
    [Tue Feb 15 20:37:01 CST 2022] Error add txt for domain:_acme-challenge.nollivoipserver.nollicomm.net
    [Tue Feb 15 20:37:01 CST 2022] Please check log file for more details: /tmp/acme/nollivoipserver_cert/acme_issuecert.log

    However, the log isn't clear what the problem is, so I am lost in understanding...should I have chosen a lower private key despite that I have the horsepower and memory on hardware? Where is it adding the txt? This post had a similar issue: https://forum.netgate.com/topic/145497/acme-dns-nsupdate-rfc-2136-issue/6 which according to Jimp, was a pfSense issue For server, I put registrar's nameserver and I left zone blank. Here is the log below:

    [Tue Feb 15 20:22:47 CST 2022] readlink exists=0
    [Tue Feb 15 20:22:47 CST 2022] dirname exists=0
    [Tue Feb 15 20:22:47 CST 2022] Lets find script dir.
    [Tue Feb 15 20:22:47 CST 2022] SCRIPT='/usr/local/pkg/acme/acme.sh'
    [Tue Feb 15 20:22:47 CST 2022] _script='/usr/local/pkg/acme/acme.sh'
    [Tue Feb 15 20:22:47 CST 2022] _script_home='/usr/local/pkg/acme'
    [Tue Feb 15 20:22:47 CST 2022] Using config home:/tmp/acme/nollivoipserver_cert/
    [Tue Feb 15 20:22:47 CST 2022] ACCOUNT_CONF_PATH='/tmp/acme/nollivoipserver_cert/accountconf.conf'
    [Tue Feb 15 20:22:47 CST 2022] APP
    [Tue Feb 15 20:22:47 CST 2022] 3:LOG_FILE='/tmp/acme/nollivoipserver_cert/acme_createdomainkey.log'
    [Tue Feb 15 20:22:48 CST 2022] APP
    [Tue Feb 15 20:22:48 CST 2022] 4:LOG_LEVEL='3'
    [Tue Feb 15 20:22:48 CST 2022] LE_WORKING_DIR='/tmp/acme/nollivoipserver_cert/'
    [Tue Feb 15 20:22:48 CST 2022] Running cmd: createDomainKey
    [Tue Feb 15 20:22:48 CST 2022] Creating domain key
    [Tue Feb 15 20:22:48 CST 2022] Using config home:/tmp/acme/nollivoipserver_cert/
    [Tue Feb 15 20:22:48 CST 2022] ACCOUNT_CONF_PATH='/tmp/acme/nollivoipserver_cert/accountconf.conf'
    [Tue Feb 15 20:22:48 CST 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Tue Feb 15 20:22:48 CST 2022] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
    [Tue Feb 15 20:22:48 CST 2022] CA_CONF='/tmp/acme/nollivoipserver_cert//ca/acme-v02.api.letsencrypt.org/ca.conf'
    [Tue Feb 15 20:22:48 CST 2022] DOMAIN_PATH='/tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net'
    [Tue Feb 15 20:22:48 CST 2022] _createkey for file:/tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.key
    [Tue Feb 15 20:22:48 CST 2022] Use length 4096
    [Tue Feb 15 20:22:48 CST 2022] Using RSA: 4096
    [Tue Feb 15 20:22:48 CST 2022] APP
    [Tue Feb 15 20:22:48 CST 2022] 1:Le_Keylength='4096'
    [Tue Feb 15 20:22:48 CST 2022] The domain key is here: /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.key

    pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
    pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

    1 Reply Last reply Reply Quote 0
    • N
      NollipfSense
      last edited by Feb 16, 2022, 6:27 PM

      The zone box states optional yet is it mandatory? Is the zone the domain name as here in my case nollicomm.net?

      Screen Shot 2022-02-16 at 12.20.25 PM.png

      pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
      pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

      1 Reply Last reply Reply Quote 0
      • N
        NollipfSense
        last edited by Feb 16, 2022, 7:09 PM

        @stephenw10 Please, is there a problem with the new ACME package as the thread above mentioned? I am getting similar errors, the latest: ; TSIG error with server: expected a TSIG or SIG(0)
        update failed: NOTIMP

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • N
          NollipfSense
          last edited by NollipfSense Feb 18, 2022, 7:54 PM Feb 18, 2022, 7:26 PM

          It turned out that, after digging deeply into the issue, my domain registrar does not support DNS_NSupdate RFC2136. So, I switched name server to Cloudflare and after a few stumble, got my certificate...wipe off sweat for lots of reading, swearing, and more reading.

          [Fri Feb 18 13:04:37 CST 2022] Your cert is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.cer
          [Fri Feb 18 13:04:37 CST 2022] Your cert key is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.key
          [Fri Feb 18 13:04:37 CST 2022] The intermediate CA cert is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/ca.cer
          [Fri Feb 18 13:04:37 CST 2022] And the full chain certs is there: /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/fullchain.cer
          [Fri Feb 18 13:04:37 CST 2022] Run reload cmd: /tmp/acme/nollivoipserver_cert/reloadcmd.sh

          pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
          pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received