ACME Certificate renewal failed - invalid domain - since pkg v0.7.5
-
Hi,
this is what I get for a cert renew:
[Fri Sep 22 19:44:10 CEST 2023] _postContentType [Fri Sep 22 19:44:10 CEST 2023] Http already initialized. [Fri Sep 22 19:44:10 CEST 2023] _CURL='curl --silent --dump-header /tmp/acme/mydomain.org/http.header -L -g ' [Fri Sep 22 19:44:10 CEST 2023] _ret='0' [Fri Sep 22 19:44:10 CEST 2023] h='mydomain.org' [Fri Sep 22 19:44:10 CEST 2023] h='org' [Fri Sep 22 19:44:10 CEST 2023] h [Fri Sep 22 19:44:10 CEST 2023] invalid domain [Fri Sep 22 19:44:10 CEST 2023] Error add txt for domain:_acme-challenge.mydomain.org [Fri Sep 22 19:44:10 CEST 2023] _on_issue_err [Fri Sep 22 19:44:10 CEST 2023] Please check log file for more details: /tmp/acme/mydomain.org/acme_issuecert.log
Trying to wait a while by DNS-Sleep = 180 but doesn't changed the behavior.
Configured Method is DNS-INWX.de .It's failing on two different installations booth working before.
Some weeks ago I was updating to ACME pkg v0.7.5 but doesn't checked cert renewing immediately after.Any hints for me here...?
Best!
-
@Bronko said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:
Any hints for me here...?
You tell us ^^ :
Please check log file for more details: /tmp/acme/mydomain.org/acme_issuecert.log
There was an edit last month in the dns method you use : look here : https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_inwx.sh
Update your file (here : /usr/local/pkg/acme/dnsapi/dns_inwx.sh) with that more recent one.
Before overwriting it, make a copy.edit : for what it's worth : I'm using 0.7.5 also, using the 'default' DNS method (dns_)nsupdate.sh.
Works fine for me, it updated September 19, last week. -
@Gertjan said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:
You tell us ^^ :
Sorry, forgot to mention it was already from /tmp/acme/mydomain.org/acme_issuecert.log
There was an edit last month in the dns method you use : look here : https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_inwx.sh
Update your file (here : /usr/local/pkg/acme/dnsapi/dns_inwx.sh) with that more recent one.
Before overwriting it, make a copy.Thanks a lot, this solved the problem!
(Change grep to be case-insensitive when looking for Set-Cookie header)edit : for what it's worth : I'm using 0.7.5 also, using the 'default' DNS method (dns_)nsupdate.sh.
Works fine for me, it updated September 19, last week.Will check this soon, doesn't noticed standard before...
(Pro: no password in pfsense config)Best!
-
@Bronko said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:
(Pro: no password in pfsense config)
You still need to ID, using a 'key' :
RFC 2136 is what bind (named) is using.
It was created decades ago to do just that : remotely editing zone info. -
@Gertjan said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:
You still need to ID, using a 'key'
Yes, but's not a secret do you have at your DNS registrar as user login.
To not leave the pfsense world we can find here BIND configuration steps.Thanks for your mentions.