but I can obtain Let's Encrypt staging certificates.
Very strange issue. Any help appreciated
Here's my error logs:
2024-03-02T18:57:52 opnsense AcmeClient: validation for certificate failed: oceanos.XXXX.fr
2024-03-02T18:57:52 opnsense AcmeClient: domain validation failed (dns01)
2024-03-02T18:57:52 opnsense /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php: AcmeClient: The shell command returned exit code '1': '/usr/local/sbin/acme.sh --issue --syslog 6 --log-level 1 --server 'letsencrypt' --dns 'dns_gandi_livedns' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/65da763b0ae855.58243047' --certpath '/var/etc/acme-client/certs/65da763b0ae855.58243047/cert.pem' --keypath '/var/etc/acme-client/keys/65da763b0ae855.58243047/private.key' --capath '/var/etc/acme-client/certs/65da763b0ae855.58243047/chain.pem' --fullchainpath '/var/etc/acme-client/certs/65da763b0ae855.58243047/fullchain.pem' --domain 'oceanos.XXXX.fr' --domain 'oceanos.XXXX.fr' --days '1' --force --ocsp --keylength '4096' --accountconf '/var/etc/acme-client/accounts/65da74b1412297.72803520_prod/account.conf''
2024-03-02T18:57:47 opnsense AcmeClient: using challenge type: DNS-challenge
2024-03-02T18:57:47 opnsense AcmeClient: account is registered: ACME
2024-03-02T18:57:47 opnsense AcmeClient: using CA: letsencrypt
2024-03-02T18:57:47 opnsense AcmeClient: issue certificate: oceanos.XXXX.fr
And
2024-03-02T18:57:51 acme.sh [Sat Mar 2 18:57:51 CET 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2024-03-02T18:57:51 acme.sh [Sat Mar 2 18:57:51 CET 2024] Please add '--debug' or '--log' to check more details.
2024-03-02T18:57:51 acme.sh [Sat Mar 2 18:57:51 CET 2024] Error add txt for domain:_acme-challenge.oceanos.XXXX.fr
2024-03-02T18:57:50 acme.sh [Sat Mar 2 18:57:50 CET 2024] Adding txt value: SHslfCqq9nxoy4A_rKvmsJp4LF_anCWl0iluEB3jU_Y for domain: _acme-challenge.oceanos.XXXX.fr
2024-03-02T18:57:50 acme.sh [Sat Mar 2 18:57:50 CET 2024] Getting webroot for domain='oceanos.XXXX.fr'
2024-03-02T18:57:50 acme.sh [Sat Mar 2 18:57:50 CET 2024] Getting webroot for domain='oceanos.XXXX.fr'
2024-03-02T18:57:48 acme.sh [Sat Mar 2 18:57:48 CET 2024] Getting domain auth token for each domain
2024-03-02T18:57:48 acme.sh [Sat Mar 2 18:57:48 CET 2024] Multi domain='DNS:oceanos.XXXX.fr,DNS:oceanos.XXXX.fr'
2024-03-02T18:57:48 acme.sh [Sat Mar 2 18:57:48 CET 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
Issue logged here https://github.com/opnsense/plugins/issues/3844
I'm having the same issue
AcmeClient: validation for certificate failed: XXX.XXX.XXX
2024-06-05T14:42:54 opnsense AcmeClient: domain validation failed (dns01)
2024-06-05T14:42:54 opnsense /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php: AcmeClient: The shell command returned exit code '2': '/usr/local/sbin/acme.sh --renew --syslog 6 --log-level 1 --server 'letsencrypt' --dns 'dns_cf' --dnssleep '120' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/6244690401b582.96545326' --certpath '/var/etc/acme-client/certs/6244690401b582.96545326/cert.pem' --keypath '/var/etc/acme-client/keys/6244690401b582.96545326/private.key' --capath '/var/etc/acme-client/certs/6244690401b582.96545326/chain.pem' --fullchainpath '/var/etc/acme-client/certs/6244690401b582.96545326/fullchain.pem' --domain 'XXX.XXX.XXX' --days '1' --keylength '4096' --accountconf '/var/etc/acme-client/accounts/624465c1ebd1a0.95366960_prod/account.conf''
2024-06-05T14:42:53 opnsense AcmeClient: using challenge type: Cloudflare DNS Validation
2024-06-05T14:42:53 opnsense AcmeClient: account is registered: YYY WEB GUI Cert Accoiunt
2024-06-05T14:42:53 opnsense AcmeClient: using CA: letsencrypt
Cloudflare:
https://forum.opnsense.org/index.php?topic=39669.msg200187#msg200187