OPNsense Forum

English Forums => General Discussion => Topic started by: zulasch on September 09, 2022, 02:52:38 pm

Title: [SOLVED] acme.sh www.mydomain.com is not an issued domain, skip
Post by: zulasch on September 09, 2022, 02:52:38 pm

Hi guys,

since a few weeks I am not able to automaticaly renew Letsencrypt certificates.

I have increased the loglevel to "debug 3" but this is all I can see in the logs:

Code: [Select]

2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] 'www.mydomain.com' is not an issued domain, skip.
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] Renew: 'www.mydomain.com'
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] DOMAIN_PATH='/var/etc/acme-client/home/www.mydomain.com'
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] Using config home:/var/etc/acme-client/home
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] Running cmd: renew
2022-09-09T14:42:01 acme.sh [Fri Sep 9 14:42:01 CEST 2022] Using server: letsencrypt
Very interessting is that the manual update with the button "issue or renew certificate" is working fine, Only the automated renew process is not working.

I have found some older similar issures, but the solution there was to update to the latest version witch is older that my version.

I there anything that I can do to analyze this deeper?

OPNsense 22.1.10-amd64
acme.sh 3.0.4 with DNS authentication

Title: Re: acme.sh www.mydomain.com is not an issued domain, skip
Post by: zulasch on October 02, 2022, 12:31:41 pm

really no one with the same issue?

Title: Re: acme.sh www.mydomain.com is not an issued domain, skip
Post by: ThetaGamma on October 04, 2022, 12:01:28 pm

well, I do have exactly the same problem.
DNS-01 with Cloudflare
OPNsense 22.7.4
manual renewal works, automatic fails with the same error message

Title: Re: acme.sh www.mydomain.com is not an issued domain, skip
Post by: zulasch on October 07, 2022, 12:35:24 am

Dou you think this is a Bug? I have checked the known issues at the Github page, but i didn`t find anything about this. 

https://github.com/opnsense/core/issues

Should I write a bug report?

Title: Re: acme.sh www.mydomain.com is not an issued domain, skip
Post by: mnaim on October 07, 2022, 06:19:12 pm

Reported same https://github.com/opnsense/plugins/issues/3154

Title: Re: acme.sh www.mydomain.com is not an issued domain, skip
Post by: zulasch on October 12, 2022, 09:16:51 am

I could solve my issue by resetting the ACME Client like fraenki described on github.
https://github.com/opnsense/plugins/issues/3154

OpnSense -> Services -> ACME Client -> Settings -> Reset ACME Client

After that I could successfuly automaticaly renew all certs.

Thanks all  :)