Cannot renew or create new cert Godaddy API

cougarmaster · Feb 5, 2025, 5:47 AM

I am using pfSense 2.7.2 and ACME 0.9_1. My domain is on Godaddy and have no connection to cloudflare but it keeps going there to purge.

Not valid yet, let's wait for 10 seconds then check the next one.
[Wed Feb 5 13:44:31 HKT 2025] _p_txtdomain='_acme-challenge.oneiricts.com'
[Wed Feb 5 13:44:31 HKT 2025] Purging Cloudflare TXT record for domain _acme-challenge.oneiricts.com
[Wed Feb 5 13:44:31 HKT 2025] POST
[Wed Feb 5 13:44:31 HKT 2025] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.oneiricts.com&type=TXT'
[Wed Feb 5 13:44:31 HKT 2025] body
[Wed Feb 5 13:44:31 HKT 2025] _postContentType
[Wed Feb 5 13:44:31 HKT 2025] Http already initialized.
[Wed Feb 5 13:44:31 HKT 2025] _CURL='curl --silent --dump-header /tmp/acme/Blackwall/http.header -L -g '
[Wed Feb 5 13:44:32 HKT 2025] _ret='0'
[Wed Feb 5 13:44:32 HKT 2025] response='{"msg":"Purge request queued. Please wait a few seconds and verify the request was successful."}'
[Wed Feb 5 13:44:40 HKT 2025] Let's wait for 10 seconds and check again.

I could not renew so I deleted all CA for letencrypt it still could not renew. Then I deleted all certs and CA and tried to create new and now it would not. Do I have to reinstall the whole firewall?

cougarmaster · Feb 5, 2025, 6:25 AM

I think its working now but it will not show starting and expire time nor any indications it is done. Also there are no CA used to make the cert and its private now. The cert works but visually no indication whatsoever.

Gertjan · Feb 5, 2025, 7:37 AM

@cougarmaster said in Cannot renew or create new cert Godaddy API:

The cert works but visually no indication whatsoever.

So you didn't see this ? :

🔒 Log in to view

@cougarmaster said in Cannot renew or create new cert Godaddy API:

Do I have to reinstall the whole firewall?

Never. Just check the settings you've entered. If it doesn't work, there is an error some where. Because you can't see it, this doesn't mean the error isn't there. It is.
The acme package, or certificate renewal works fine.
But, the info you've entered must be 100 % correct.
Also, you have to give the other side (cloudflare, etc) some time so the DNS gets settled.

Use, for example : 5 minutes :

🔒 Log in to view

Here : a nice example of 'doesn't work' : Unable to delete TXT record - and read until the end ^^

cougarmaster · Feb 5, 2025, 8:31 AM

@Gertjan Thank you yes it shows now was used to being more immediate sorry for the trouble thanks again.

Gertjan · Feb 5, 2025, 8:36 AM

@cougarmaster

It is immediate.
If you use the certificate for the pfSense GUI, and you have the default :

🔒 Log in to view

then, after a GUI page reload, you can see - by clicking on the pad lock that indicates a https connection, and you can look at the cert details - that the new certificate is now used.

edit :

Or go straight to System > Certificates > Certificates and you see it.

cougarmaster · Feb 5, 2025, 8:37 AM

@Gertjan Yes it is but the GUI still laggs so at least now I know I can use the cert without waiting for GUI to update.