OPNsense Forum
English Forums => General Discussion => Topic started by: zulasch on September 09, 2022, 02:52:38 pm
-
Hi guys,
since a few weeks I am not able to automaticaly renew Letsencrypt certificates.
I have increased the loglevel to "debug 3" but this is all I can see in the logs:
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] 'www.mydomain.com' is not an issued domain, skip.
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] Renew: 'www.mydomain.com'
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] DOMAIN_PATH='/var/etc/acme-client/home/www.mydomain.com'
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] Using config home:/var/etc/acme-client/home
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] Running cmd: renew
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] Using server: letsencrypt
Very interessting is that the manual update with the button "issue or renew certificate" is working fine, Only the automated renew process is not working.
I have found some older similar issures, but the solution there was to update to the latest version witch is older that my version.
I there anything that I can do to analyze this deeper?
OPNsense 22.1.10-amd64
acme.sh 3.0.4 with DNS authentication
-
really no one with the same issue?
-
well, I do have exactly the same problem.
DNS-01 with Cloudflare
OPNsense 22.7.4
manual renewal works, automatic fails with the same error message
-
Dou you think this is a Bug? I have checked the known issues at the Github page, but i didn`t find anything about this.
https://github.com/opnsense/core/issues
Should I write a bug report?
-
Reported same https://github.com/opnsense/plugins/issues/3154
-
I could solve my issue by resetting the ACME Client like fraenki described on github.
https://github.com/opnsense/plugins/issues/3154
OpnSense -> Services -> ACME Client -> Settings -> Reset ACME Client
After that I could successfuly automaticaly renew all certs.
Thanks all :)