Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME Certificate renewal failed - invalid domain - since pkg v0.7.5

    Scheduled Pinned Locked Moved ACME
    5 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bronko
      last edited by

      Hi,

      this is what I get for a cert renew:

      [Fri Sep 22 19:44:10 CEST 2023] _postContentType
      [Fri Sep 22 19:44:10 CEST 2023] Http already initialized.
      [Fri Sep 22 19:44:10 CEST 2023] _CURL='curl --silent --dump-header /tmp/acme/mydomain.org/http.header  -L  -g '
      [Fri Sep 22 19:44:10 CEST 2023] _ret='0'
      [Fri Sep 22 19:44:10 CEST 2023] h='mydomain.org'
      [Fri Sep 22 19:44:10 CEST 2023] h='org'
      [Fri Sep 22 19:44:10 CEST 2023] h
      [Fri Sep 22 19:44:10 CEST 2023] invalid domain
      [Fri Sep 22 19:44:10 CEST 2023] Error add txt for domain:_acme-challenge.mydomain.org
      [Fri Sep 22 19:44:10 CEST 2023] _on_issue_err
      [Fri Sep 22 19:44:10 CEST 2023] Please check log file for more details: /tmp/acme/mydomain.org/acme_issuecert.log
      

      Trying to wait a while by DNS-Sleep = 180 but doesn't changed the behavior.
      Configured Method is DNS-INWX.de .

      It's failing on two different installations booth working before.
      Some weeks ago I was updating to ACME pkg v0.7.5 but doesn't checked cert renewing immediately after.

      Any hints for me here...?

      Best!

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Bronko
        last edited by Gertjan

        @Bronko said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:

        Any hints for me here...?

        You tell us ^^ :

        Please check log file for more details: /tmp/acme/mydomain.org/acme_issuecert.log

        There was an edit last month in the dns method you use : look here : https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_inwx.sh
        Update your file (here : /usr/local/pkg/acme/dnsapi/dns_inwx.sh) with that more recent one.
        Before overwriting it, make a copy.

        edit : for what it's worth : I'm using 0.7.5 also, using the 'default' DNS method (dns_)nsupdate.sh.
        Works fine for me, it updated September 19, last week.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        B 1 Reply Last reply Reply Quote 1
        • B
          Bronko @Gertjan
          last edited by Bronko

          @Gertjan said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:

          You tell us ^^ :

          Sorry, forgot to mention it was already from /tmp/acme/mydomain.org/acme_issuecert.log

          There was an edit last month in the dns method you use : look here : https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_inwx.sh
          Update your file (here : /usr/local/pkg/acme/dnsapi/dns_inwx.sh) with that more recent one.
          Before overwriting it, make a copy.

          Thanks a lot, this solved the problem!
          (Change grep to be case-insensitive when looking for Set-Cookie header)

          edit : for what it's worth : I'm using 0.7.5 also, using the 'default' DNS method (dns_)nsupdate.sh.
          Works fine for me, it updated September 19, last week.

          Will check this soon, doesn't noticed standard before...
          (Pro: no password in pfsense config)

          Best!

          GertjanG 1 Reply Last reply Reply Quote 1
          • GertjanG
            Gertjan @Bronko
            last edited by

            @Bronko said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:

            (Pro: no password in pfsense config)

            You still need to ID, using a 'key' :

            da292fe7-93e2-4dfe-9395-4b0fee921e8f-image.png

            RFC 2136 is what bind (named) is using.
            It was created decades ago to do just that : remotely editing zone info.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            B 1 Reply Last reply Reply Quote 0
            • B
              Bronko @Gertjan
              last edited by

              @Gertjan said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:

              You still need to ID, using a 'key'

              Yes, but's not a secret do you have at your DNS registrar as user login.
              To not leave the pfsense world we can find here BIND configuration steps.

              Thanks for your mentions.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.