• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Error add txt for domain:_acme-challenge

Scheduled Pinned Locked Moved ACME
4 Posts 2 Posters 3.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    FMRC_Cheeky
    last edited by May 26, 2022, 5:41 PM

    Problem: Error add txt for domain:_acme-challenge

    Description: when trying to use ACME to issue a certificate I get the error message that reads as above. I have seen a few posts that indicate that I can edit a file and resolve the problem, (Not sure what I need to edit in my case) I have read others that point to an issue with the service that they are trying to use. I have another that says I can patch ACME using https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
    Has anyone seen this issue that knows if I can get it patched or what part I need to edit to get an SSL certificate issued to my pFsence?

    2.6.0-RELEASE This is the public version running on an old Dell desktop,
    ACME ver is 0.7.1_1
    I use DYNDNS

    This is most of the message

    [Thu May 26 11:01:45 CDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
    [Thu May 26 11:01:45 CDT 2022] Single domain='(DOMAIN NAME)'
    [Thu May 26 11:01:46 CDT 2022] Getting domain auth token for each domain
    [Thu May 26 11:01:47 CDT 2022] Getting webroot for domain='(DOMAIN NAME)'
    [Thu May 26 11:01:48 CDT 2022] Adding txt value: (KEY STRING) for domain: _acme-challenge.(DOMAIN NAME)
    [Thu May 26 11:01:48 CDT 2022] You must export variables: DYN_Customer, DYN_Username and DYN_Password
    [Thu May 26 11:01:48 CDT 2022] Error add txt for domain:_acme-challenge.(DOMAIN NAME)
    [Thu May 26 11:01:48 CDT 2022] Please check log file for more details: /tmp/acme/VPN/acme_issuecert.log

    Thank you for any assistance

    K 1 Reply Last reply May 27, 2022, 4:49 AM Reply Quote 0
    • K
      kevinbrown @FMRC_Cheeky
      last edited by May 27, 2022, 4:49 AM

      @fmrc_cheeky Which DNS provider are you using for your domain?

      Basically Let's Encrypt needs to verify that you control your domain. There are a bunch of ways to do this, but the recommended way is to let the ACME script manage a TXT record for your domain. To do that it uses the API of your provider where the zone file is and updates the challenge values there.

      So if you were to want to add an A record, CNAME record, or similar for your domain, where would you log in to achieve that?

      F 1 Reply Last reply May 30, 2022, 4:53 PM Reply Quote 1
      • F
        FMRC_Cheeky @kevinbrown
        last edited by May 30, 2022, 4:53 PM

        @kevinbrown I use DYNDNS to create the "domain name" I am looking to see if I have the options there for what you have pointed out in your response. I do not see those as an option. I have tried to use CloudFlare, an add an A record, I get a similar problem different error and it tells me its an invalid domain. Now this may correct itself as I just made it and it may take tome to propagate through out the DNS servers.

        Thanks for your time

        K 1 Reply Last reply May 31, 2022, 6:55 AM Reply Quote 0
        • K
          kevinbrown @FMRC_Cheeky
          last edited by May 31, 2022, 6:55 AM

          @fmrc_cheeky Fair enough. Sounds like a different issue, as this was a fix specifically with the Netlify DNS provider API script, but basically you'll need to figure out a DNS provider that works with ACME, or use a different validation mechanism in this list: https://github.com/acmesh-official/acme.sh#supported-modes

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received