0.7.3_1 nsupdate method : issue with the $NSUPDATE_KEY
-
A certificate renew kicked in last night, as the '60 days' were over.
It failed.
The why part is easy to spot : see the NSUPDATE_KEY file path : it is wrong.ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' ACCOUNT_EMAIL='gw.kroeb@gmail.com' LOG_FILE='/tmp/acme/V2_mydomain.tld/acme_issuecert.log' LOG_LEVEL='3' NSUPDATE_SERVER='ns1.mydomain.tld' NSUPDATE_SERVER_PORT='' NSUPDATE_KEY='/tmp/acme/V2_mydomain.tld/mydomain.tldnsupdate_acme-challenge.mydomain.tld.key' NSUPDATE_ZONE='mydomain.tld'
That nsupdate key file didn't exist ....
It's probably a file with the access credentials like :key "secret." { algorithm HMAC-SHA512; secret "eYQiVAutEEAFO......EPeE7vwEdFT11QYs1YhO9zDCaJwzkuZp0w=="; };
The "nsupdate_acme-challenge." part is added here : /usr/local/pkg/acme/acme_sh.inc line 259 :
// $nsupdatefileprefix = "{$certpath}nsupdate"; $nsupdatefileprefix = "{$certpath}/";
I removed the line where "nsupdate" is added,
That did it :
the cert was renewed.
But now I feel more lucky then smart ....I'm using acme 0.7.3_1 on on "RC 20230202"
I'll be updating to the latest "RC 20230207.0600" later on this day.
Btw : The RC : so far, so good.
Using pfSense plus RC on a "SG 4100", added Radius (using it, but it's not essential) and Avahi (neither essential).
Using the captive portal : did not find any issues.Also using the packages Notes, NUT, Filer, CRON, Shellcmd and System_patches.