Failure updating ACME certificate - 2

lucas1

Good afternoon.

2.5.0-RELEASE (amd64) FreeBSD 12.2-STABLE (isn't that the reason?)

The service stopped Services\Acme certificate renewal issue.

In file acme_issuecert.log error:

[Tue May 28 03:37:04 EEST 2024] _p_txtdomain='_acme-challenge.mydomain.pp.ua'
[Tue May 28 03:37:04 EEST 2024] Cloudflare purge TXT record for domain _acme-challenge.mydomain.pp.ua
[Tue May 28 03:37:04 EEST 2024] POST
[Tue May 28 03:37:04 EEST 2024] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.mydomain.pp.ua&type=TXT'
[Tue May 28 03:37:04 EEST 2024] body
[Tue May 28 03:37:04 EEST 2024] _postContentType
[Tue May 28 03:37:04 EEST 2024] Http already initialized.
[Tue May 28 03:37:04 EEST 2024] _CURL='curl --silent --dump-header /tmp/acme/mydomain/http.header -L -g '
[Tue May 28 03:37:05 EEST 2024] _ret='0'
[Tue May 28 03:37:05 EEST 2024] response='{"msg":"Purge request queued. Please wait a few seconds and verify the request was successful."}'
[Tue May 28 03:37:15 EEST 2024] Let's wait 10 seconds and check again.
[Tue May 28 03:37:25 EEST 2024] Timed out waiting for DNS.
[Tue May 28 03:37:25 EEST 2024] check dns error.
[Tue May 28 03:37:25 EEST 2024] _on_issue_err
[Tue May 28 03:37:25 EEST 2024] Please check log file for more details: /tmp/acme/mydomain/acme_issuecert.log
[Tue May 28 03:37:25 EEST 2024] _chk_vlist
[Tue May 28 03:37:25 EEST 2024] pid
[Tue May 28 03:37:25 EEST 2024] No need to restore nginx, skip.
[Tue May 28 03:37:25 EEST 2024] _clearupdns
[Tue May 28 03:37:25 EEST 2024] dns_entries='mydomain.com,_acme-challenge.mydomain.com,_acme-challenge.mydomain.pp.ua,dns_he,U1xBjPOAdA1YXcQBu2CFxypNIgfK-5cgatf8nSESmHg,/usr/local/pkg/acme/dnsapi/dns_he.sh
mydomain.com,_acme-challenge.mydomain.com,_acme-challenge.mydomain.pp.ua,dns_he,tej0iIil1sFdZ1DpiAt2HBz0DU147BqqWf6bLa1ChEg,/usr/local/pkg/acme/dnsapi/dns_he.sh

Gertjan

@lucas1

You've locked yourself up in a corner.
For example : I don't recall how things were done several version ago, and I'm pretty sure very few will be able to do so.

You can't upgrade the acme package, as you can only install/upgrade pfSense packages if you use the latest pfSense version : that 2.7.2. pfSense 2.5.0 was from 2019 / 2020 ?

The thing is : Cloudflare can update (change) the way the DNS api works.
Accordingly, the acme.sh pfSense will get updated also ....

So, get the current pfSense version first. Install the latest acme pfSense package. Then try again.

@lucas1 said in Failure updating ACME certificate - 2:

Please check log file for more details: /tmp/acme/mydomain/acme_issuecert.log

You've checked ?