ACME error when trying to issue new certificates for own Host Overridden Domain
-
Error code when I try to issue the created Certificate: "DNS problem: NXDOMAIN looking up A for [...] - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for [...] - check that a DNS record exists for this domain"
I went to DNS Resolver and created my host overridden Domain. It tells me before the error code appears: "Pending, The CA is processing your order, please just wait. (1/30)". Even though the explanation of the error code is fairly self-explanatory, I don't know what I've done wrong. Please explain/help me understand/fix this problem as I want to access my pfsense through that domain over https.
-
The chosen domain address should be valid.
Here is the full error code from the tmp file:[Sat Aug 31 20:27:37 CEST 2024] code='200' [Sat Aug 31 20:27:37 CEST 2024] original='{ "identifier": { "type": "dns", "value": "[...]" }, "status": "invalid", "expires": "2024-09-07T18:27:32Z", "challenges": [ { "type": "http-01", "url": "[...]", "status": "invalid", "validated": "2024-08-31T18:27:34Z", "error": { "type": "urn:ietf:params:acme:error:dns", "detail": "DNS problem: NXDOMAIN looking up A for [...] - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for [...] - check that a DNS record exists for this domain", "status": 400 }, "token": "[...]" } ] }' [Sat Aug 31 20:27:37 CEST 2024] _json_decode [Sat Aug 31 20:27:37 CEST 2024] _j_str='{ "identifier": { "type": "dns", "value": "[...]" }, "status": "invalid", "expires": "2024-09-07T18:27:32Z", "challenges": [ { "type": "http-01", "url": "[...]", "status": "invalid", "validated": "2024-08-31T18:27:34Z", "error": { "type": "urn:ietf:params:acme:error:dns", "detail": "DNS problem: NXDOMAIN looking up A for [...] - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for [...] - check that a DNS record exists for this domain", "status": 400 }, "token": "[...]" } ] }' [Sat Aug 31 20:27:37 CEST 2024] response='{"identifier":{"type":"dns","value":"[...]"},"status":"invalid","expires":"2024-09-07T18:27:32Z","challenges":[{"type":"http-01","url":"[...]","status":"invalid","validated":"2024-08-31T18:27:34Z","error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up A for [...] - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for [...] - check that a DNS record exists for this domain","status": 400},"token":"[...]"}]}' {same error message for like 5 times in a row...} [Sat Aug 31 20:27:37 CEST 2024] h_api [Sat Aug 31 20:27:37 CEST 2024] pid='[...]' [Sat Aug 31 20:27:37 CEST 2024] No need to restore nginx, skip.
-
@owner-of-a_BAKERY said in ACME error when trying to issue new certificates for own Host Overridden Domain:
I went to DNS Resolver and created my host overridden Domain
At that moment the resolver knows about this host override, so if a device on one of your LANs asks info about it, the resolver can answer.
Nice, but Letsencrypt doesn't live on your LANs and has no access to your pfSense resolver.
How should I, some one else or Letsencrypt know what or who to access to resolve that host name override that is only known to you locally on your LANs ?This boils down to : you need to use a domain name that 'exist' on the Internet. In short, you have to rent one.
Then : test it : https://www.zonemaster.net/en/run-test so you'll be sure that if 'zonemaster', can find it, Letsencrypt can also find it.
And don't pick any registrar to rent your host name, be sure it compatible with 'Letsencrypt'.@owner-of-a_BAKERY said in ACME error when trying to issue new certificates for own Host Overridden Domain:
[...]
Doesn't exist on the Internet. So Letsencrypt can't check.
-
@Gertjan all good, screw ACME i just signed a cert myself and works fine