Error add txt for domain:_acme-challenge

FMRC_Cheeky · May 26, 2022, 5:41 PM

Problem: Error add txt for domain:_acme-challenge

Description: when trying to use ACME to issue a certificate I get the error message that reads as above. I have seen a few posts that indicate that I can edit a file and resolve the problem, (Not sure what I need to edit in my case) I have read others that point to an issue with the service that they are trying to use. I have another that says I can patch ACME using https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
Has anyone seen this issue that knows if I can get it patched or what part I need to edit to get an SSL certificate issued to my pFsence?

2.6.0-RELEASE This is the public version running on an old Dell desktop,
ACME ver is 0.7.1_1
I use DYNDNS

This is most of the message

[Thu May 26 11:01:45 CDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu May 26 11:01:45 CDT 2022] Single domain='(DOMAIN NAME)'
[Thu May 26 11:01:46 CDT 2022] Getting domain auth token for each domain
[Thu May 26 11:01:47 CDT 2022] Getting webroot for domain='(DOMAIN NAME)'
[Thu May 26 11:01:48 CDT 2022] Adding txt value: (KEY STRING) for domain: _acme-challenge.(DOMAIN NAME)
[Thu May 26 11:01:48 CDT 2022] You must export variables: DYN_Customer, DYN_Username and DYN_Password
[Thu May 26 11:01:48 CDT 2022] Error add txt for domain:_acme-challenge.(DOMAIN NAME)
[Thu May 26 11:01:48 CDT 2022] Please check log file for more details: /tmp/acme/VPN/acme_issuecert.log

Thank you for any assistance

kevinbrown · May 27, 2022, 4:49 AM

@fmrc_cheeky Which DNS provider are you using for your domain?

Basically Let's Encrypt needs to verify that you control your domain. There are a bunch of ways to do this, but the recommended way is to let the ACME script manage a TXT record for your domain. To do that it uses the API of your provider where the zone file is and updates the challenge values there.

So if you were to want to add an A record, CNAME record, or similar for your domain, where would you log in to achieve that?

FMRC_Cheeky · May 30, 2022, 4:53 PM

@kevinbrown I use DYNDNS to create the "domain name" I am looking to see if I have the options there for what you have pointed out in your response. I do not see those as an option. I have tried to use CloudFlare, an add an A record, I get a similar problem different error and it tells me its an invalid domain. Now this may correct itself as I just made it and it may take tome to propagate through out the DNS servers.

Thanks for your time

kevinbrown · May 31, 2022, 6:55 AM

@fmrc_cheeky Fair enough. Sounds like a different issue, as this was a fix specifically with the Netlify DNS provider API script, but basically you'll need to figure out a DNS provider that works with ACME, or use a different validation mechanism in this list: https://github.com/acmesh-official/acme.sh#supported-modes