ACME Certificate renewal failed - invalid domain - since pkg v0.7.5

Bronko

Hi,

this is what I get for a cert renew:

[Fri Sep 22 19:44:10 CEST 2023] _postContentType
[Fri Sep 22 19:44:10 CEST 2023] Http already initialized.
[Fri Sep 22 19:44:10 CEST 2023] _CURL='curl --silent --dump-header /tmp/acme/mydomain.org/http.header  -L  -g '
[Fri Sep 22 19:44:10 CEST 2023] _ret='0'
[Fri Sep 22 19:44:10 CEST 2023] h='mydomain.org'
[Fri Sep 22 19:44:10 CEST 2023] h='org'
[Fri Sep 22 19:44:10 CEST 2023] h
[Fri Sep 22 19:44:10 CEST 2023] invalid domain
[Fri Sep 22 19:44:10 CEST 2023] Error add txt for domain:_acme-challenge.mydomain.org
[Fri Sep 22 19:44:10 CEST 2023] _on_issue_err
[Fri Sep 22 19:44:10 CEST 2023] Please check log file for more details: /tmp/acme/mydomain.org/acme_issuecert.log

Trying to wait a while by DNS-Sleep = 180 but doesn't changed the behavior.
Configured Method is DNS-INWX.de .

It's failing on two different installations booth working before.
Some weeks ago I was updating to ACME pkg v0.7.5 but doesn't checked cert renewing immediately after.

Any hints for me here...?

Best!

Gertjan

@Bronko said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:

Any hints for me here...?

You tell us ^^ :

Please check log file for more details: /tmp/acme/mydomain.org/acme_issuecert.log

There was an edit last month in the dns method you use : look here : https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_inwx.sh
Update your file (here : /usr/local/pkg/acme/dnsapi/dns_inwx.sh) with that more recent one.
Before overwriting it, make a copy.

edit : for what it's worth : I'm using 0.7.5 also, using the 'default' DNS method (dns_)nsupdate.sh.
Works fine for me, it updated September 19, last week.

Bronko

@Gertjan said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:

You tell us ^^ :

Sorry, forgot to mention it was already from /tmp/acme/mydomain.org/acme_issuecert.log

There was an edit last month in the dns method you use : look here : https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_inwx.sh
Update your file (here : /usr/local/pkg/acme/dnsapi/dns_inwx.sh) with that more recent one.
Before overwriting it, make a copy.

Thanks a lot, this solved the problem!
(Change grep to be case-insensitive when looking for Set-Cookie header)

edit : for what it's worth : I'm using 0.7.5 also, using the 'default' DNS method (dns_)nsupdate.sh.
Works fine for me, it updated September 19, last week.

Will check this soon, doesn't noticed standard before...
(Pro: no password in pfsense config)

Best!

Gertjan

@Bronko said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:

(Pro: no password in pfsense config)

You still need to ID, using a 'key' :

RFC 2136 is what bind (named) is using.
It was created decades ago to do just that : remotely editing zone info.

Bronko

@Gertjan said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:

You still need to ID, using a 'key'

Yes, but's not a secret do you have at your DNS registrar as user login.
To not leave the pfsense world we can find here BIND configuration steps.

Thanks for your mentions.