NOT working with OVH end point since 2025

zimnysbrain

This package is not working with OVH since updates from beginning of 2026. Is not updated with latest OVH api. From the developer you can only gets something like "must work because nothing changed in my script" and this answer is also the answer NOT updated OVH api which changed from the beginning of 2026.

Gertjan

@zimnysbrain

The bad news : Setting up acme.sh with the correct settings is close to rocket science.

And the good news : the pfSense acme.sh packages is used daily by the thousands. If it didn't work, people wouldn't have their certificates, and then things will go bad very fast.

Have a look for yourself here : you saw some one mentioning something ?

I have many domain names with OVH (EU), so I decided to ask for a certificate for a domain name "test.test-domaine.fr" - I do own => rent "test-domaine.fr" from OVH.
First, after reading the official OVH acme.sh notice : https://github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api#3-authentication-the-api-key I quickly created/found the 3 things needed :

and I hit 'Issue'.

As I'm a bit more stupid then avarrage today, I totall forgot that, although I rent the domain name 'test-domaine.fr' from them, I removed all the extras, like : they don't do my DNS, I do my own DNS.
Which means I have to talk:negocaite to my own domain name server, not OVH ...

So the isseuing failed with a "invalid domain" which I should read as : "domain ok - but can't do DNS zone modification for you". So it couldn't add the TXT challenge, etc
But : no authorization issues.

Btw : the DNS-OVH API script, the official source file here was last modified 6 month ago.
The pfSense version was synced like yesterday - PfSense acme.sh package version 1.2.
I presume you use the same version.

Do you mind telling what your issue is, give details ?
With all the juicy details, andf you can find them here /tmp/acme/test-domaine.fr/acme_issuecert.log (where test-domaine.fr has to be changed with your domaine name)

@zimnysbrain said in NOT working with OVH end point since 2025:

is also the answer NOT updated OVH api which changed from the beginning of 2026

I copied this file, the original dns_ovh.sh on my pfSense, in the /root/ folder.
Then :

[26.03-RELEASE][root@pfSense.bhf.tld]/root: ll dns_ovh.sh
-rw-r--r--  1 root wheel 8324 Apr 15 13:15 dns_ovh.sh
[26.03-RELEASE][root@pfSense.bhf.tld]/root: ll /usr/local/pkg/acme/dnsapi/dns_ovh.sh
-r-xr-xr-x  1 root wheel 8324 Apr 13 15:48 /usr/local/pkg/acme/dnsapi/dns_ovh.sh*
[26.03-RELEASE][root@pfSense.bhf.tld]/root: diff dns_ovh.sh /usr/local/pkg/acme/dnsapi/dns_ovh.sh
[26.03-RELEASE][root@pfSense.bhf.tld]/root:

conclusion : the pfSense acme.sh package contains the latest - identical 'official' "dns_ovh.sh" file.

Also :
In the past, when things were 'manual', I could use the instructions and get a certificate 'by hand' == using command line.
acme.sh is a command line tool after all.
Goto /usr/local/pkg/acme/ and start from there.
That should work, and I have an indirect proof : if it didn't you would have found others here talking about it.

zimnysbrain

Hi there,

Sorry for late answer.
All my domains have dns zone in OVH where I manage them.

I'm getting exactly the same error like you got.
Kays and secrets are valid and in pF/acme log I have the same error regarding adding TXT record.

pF ver is 2.8.1 and pF/acme ver is 1.2

I have been using pF/acme from several years and worked like a charm. Also nothing changed in it's setup on my end and nothing changed on my dns zone in OVH.

This plugin simple stop working since beginning of 2026. It's stoped after upgrading it on my pF.

Thank you for getting involved.