I am new to OPNSENSE and have spent a few hrs using Grock and Chatgpt. I have a Bind DNS on my lan. ACME is working fine with azure and the azure challenge. For a new domain hosted in my bind the a records are resolving to the world just fine. From OPNSENSE root command line i can write txt records into Bind on that other Bind server. but the ACME issue a certificate persists in exiting and not writing the txt file.
Is the correct path of least resistance to add a BIND plugin directly in opnsense and abandon the use of a dedicated server on my lan with bind on ubuntu?
The shell command returned exit code '1'
AcmeClient: AcmeClient: The shell command returned exit code '1': '/usr/local/sbin/acme.sh --issue --syslog 9 --debug 3 --server 'letsencrypt' --dns 'dns_nsupdate' --dnssleep '50' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/67dde95bc59958.46853282' --certpath '/var/etc/acme-client/certs/67dde95bc59958.46853282/cert.pem' --keypath '/var/etc/acme-client/keys/67dde95bc59958.46853282/private.key' --capath '/var/etc/acme-client/certs/67dde95bc59958.46853282/chain.pem' --fullchainpath '/var/etc/acme-client/certs/67dde95bc59958.46853282/fullchain.pem' --domain '*.enviroxxxxx.com' --domain 'enviroxxxxx.com' --days '1' --force --keylength '2048' --accountconf '/var/etc/acme-client/accounts/67af8006eb6ec0.25792757_prod/account.conf''
Solved by... hand editing: /var/etc/acme-client/home/dnsapi/dns_nsupdate.sh
The system var: NSUPDATE_KEY was retrieving /var/etc/acme-client/configs/67dde95bc59958.46853282//secret.key but in Secret Key i had placed a file on the server and used "/usr/local/etc/acme/acme-update.key" unsure what the right way to do it was but
# Comment out the dynamic NSUPDATE_KEY lookup
# NSUPDATE_KEY="${NSUPDATE_KEY:-$(_readaccountconf_mutable NSUPDATE_KEY)}"
# Hardcode the NSUPDATE_KEY path
NSUPDATE_KEY="/usr/local/etc/acme/acme-update.key"
Worked.