Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Error add txt for domain:_acme-challenge

    Scheduled Pinned Locked Moved ACME
    4 Posts 2 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • FMRC_CheekyF
      FMRC_Cheeky
      last edited by

      Problem: Error add txt for domain:_acme-challenge

      Description: when trying to use ACME to issue a certificate I get the error message that reads as above. I have seen a few posts that indicate that I can edit a file and resolve the problem, (Not sure what I need to edit in my case) I have read others that point to an issue with the service that they are trying to use. I have another that says I can patch ACME using https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
      Has anyone seen this issue that knows if I can get it patched or what part I need to edit to get an SSL certificate issued to my pFsence?

      2.6.0-RELEASE This is the public version running on an old Dell desktop,
      ACME ver is 0.7.1_1
      I use DYNDNS

      This is most of the message

      [Thu May 26 11:01:45 CDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
      [Thu May 26 11:01:45 CDT 2022] Single domain='(DOMAIN NAME)'
      [Thu May 26 11:01:46 CDT 2022] Getting domain auth token for each domain
      [Thu May 26 11:01:47 CDT 2022] Getting webroot for domain='(DOMAIN NAME)'
      [Thu May 26 11:01:48 CDT 2022] Adding txt value: (KEY STRING) for domain: _acme-challenge.(DOMAIN NAME)
      [Thu May 26 11:01:48 CDT 2022] You must export variables: DYN_Customer, DYN_Username and DYN_Password
      [Thu May 26 11:01:48 CDT 2022] Error add txt for domain:_acme-challenge.(DOMAIN NAME)
      [Thu May 26 11:01:48 CDT 2022] Please check log file for more details: /tmp/acme/VPN/acme_issuecert.log

      Thank you for any assistance

      K 1 Reply Last reply Reply Quote 0
      • K
        kevinbrown @FMRC_Cheeky
        last edited by

        @fmrc_cheeky Which DNS provider are you using for your domain?

        Basically Let's Encrypt needs to verify that you control your domain. There are a bunch of ways to do this, but the recommended way is to let the ACME script manage a TXT record for your domain. To do that it uses the API of your provider where the zone file is and updates the challenge values there.

        So if you were to want to add an A record, CNAME record, or similar for your domain, where would you log in to achieve that?

        FMRC_CheekyF 1 Reply Last reply Reply Quote 1
        • FMRC_CheekyF
          FMRC_Cheeky @kevinbrown
          last edited by

          @kevinbrown I use DYNDNS to create the "domain name" I am looking to see if I have the options there for what you have pointed out in your response. I do not see those as an option. I have tried to use CloudFlare, an add an A record, I get a similar problem different error and it tells me its an invalid domain. Now this may correct itself as I just made it and it may take tome to propagate through out the DNS servers.

          Thanks for your time

          K 1 Reply Last reply Reply Quote 0
          • K
            kevinbrown @FMRC_Cheeky
            last edited by

            @fmrc_cheeky Fair enough. Sounds like a different issue, as this was a fix specifically with the Netlify DNS provider API script, but basically you'll need to figure out a DNS provider that works with ACME, or use a different validation mechanism in this list: https://github.com/acmesh-official/acme.sh#supported-modes

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.