OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: amp on January 06, 2022, 04:58:12 pm

Title: ACME Client Migration failed Upgrade to 21.7.7 / cert renews fails
Post by: amp on January 06, 2022, 04:58:12 pm

Hi all,

the renewal of certs is not working anymore since a couple of days when i upgraded Opnsense to 21.7.7.

During the Upgrade the log gave the following error:

Code: [Select]

*** OPNsense\AcmeClient\AcmeClient Migration failed, check log for details
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/AcmeClient: OK
=====
Message from acme.sh-3.0.1:

--
This script will create the following directories if they do not exist:

 ~acme/.acme.sh
 ~acme/certs

The script will also install ~acme/.acme.sh/account.conf.sample which has
sane defaults.  Copy this to ~acme/.acme.sh/account.conf and edit contents
to suit.

In the /usr/local/share/examples/acme.sh directory, you can find the dnsapi
scripts which will be useful if you decide to use dns-01 challenges. Also
included are the deploy scripts.

A newsyslog.conf sample file is provided at /usr/local/share/examples/acme.sh/acme.sh.conf
and you could create a symlink from that to /usr/local/etc/newsyslog.conf.d/

Your sample cronjob looks like this:

############################################################################
$ sudo crontab -l -u acme
# use /bin/sh to run commands, overriding the default set by cron
SHELL=/bin/sh
# mail any output to here, no matter whose crontab this is
MAILTO=dan@example.org

7 22 * * * /usr/local/sbin/acme.sh --cron --home /var/db/acme/.acme.sh > /dev/null
############################################################################

Change x & y to some minute and hour of the day.

The first errors i had after the upgrade
https://forum.opnsense.org/index.php?topic=26072.0 (https://forum.opnsense.org/index.php?topic=26072.0)
i was able to solve with applying the patch
https://github.com/opnsense/plugins/issues/2712#issuecomment-997464895 (https://github.com/opnsense/plugins/issues/2712#issuecomment-997464895)

Renewal of the certs fails now. Syslog (my domain is masked)

Code: [Select]

Jan  3 11:44:43 opnsense opnsense[87820]: AcmeClient: issue certificate: foo.bar.net
Jan  3 11:44:43 opnsense opnsense[87820]: AcmeClient: using CA: letsencrypt
Jan  3 11:44:43 opnsense opnsense[87820]: AcmeClient: account is registered: rendertaxi
Jan  3 11:44:44 opnsense opnsense[87820]: AcmeClient: using challenge type: DNS Validation
Jan  3 11:44:44 opnsense opnsense[87820]: AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --syslog 7 --debug --server 'letsencrypt' --dns 'dns_hostingde' --dnssleep '120' --home '/var/etc/acme-client/home' --certpath '/var/etc/acme-client/certs/5d2e0e947b3a33.66367275/cert.pem' --keypath '/var/etc/acme-client/keys/5d2e0e947b3a33.66367275/private.key' --capath '/var/etc/acme-client/certs/5d2e0e947b3a33.66367275/chain.pem' --fullchainpath '/var/etc/acme-client/certs/5d2e0e947b3a33.66367275/fullchain.pem' --domain 'foo.bar.net' --domain '*.foo.bar.net' --days '1' --force  --keylength '4096' --accountconf '/var/etc/acme-client/accounts/5c796d8fbcdf99.52736980_prod/account.conf'
Jan  3 11:44:52 opnsense opnsense[87820]: AcmeClient: domain validation failed (dns01)
Jan  3 11:44:52 opnsense opnsense[87820]: AcmeClient: validation for certificate failed: foo.bar.net
acmelog:

Code: [Select]

Jan  3 11:44:44 opnsense acme.sh[12404]: [Mon Jan  3 11:44:44 CET 2022] Using server: letsencrypt
Jan  3 11:44:44 opnsense acme.sh[32184]: [Mon Jan  3 11:44:44 CET 2022] Running cmd: issue
Jan  3 11:44:44 opnsense acme.sh[53240]: [Mon Jan  3 11:44:44 CET 2022] _main_domain='foo.bar.net'
Jan  3 11:44:44 opnsense acme.sh[79235]: [Mon Jan  3 11:44:44 CET 2022] _alt_domains='*.foo.bar.net'
Jan  3 11:44:44 opnsense acme.sh[94629]: [Mon Jan  3 11:44:44 CET 2022] Using config home:/var/etc/acme-client/home
Jan  3 11:44:44 opnsense acme.sh[15754]: [Mon Jan  3 11:44:44 CET 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
Jan  3 11:44:44 opnsense acme.sh[76233]: [Mon Jan  3 11:44:44 CET 2022] DOMAIN_PATH='/var/etc/acme-client/home/foo.bar.net'
Jan  3 11:44:44 opnsense acme.sh[5928]: [Mon Jan  3 11:44:44 CET 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
Jan  3 11:44:44 opnsense acme.sh[24873]: [Mon Jan  3 11:44:44 CET 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory
Jan  3 11:44:44 opnsense acme.sh[59329]: [Mon Jan  3 11:44:44 CET 2022] Retrying GET
Jan  3 11:44:44 opnsense acme.sh[83608]: [Mon Jan  3 11:44:44 CET 2022] GET
Jan  3 11:44:44 opnsense acme.sh[96784]: [Mon Jan  3 11:44:44 CET 2022] url='https://acme-v02.api.letsencrypt.org/directory'
Jan  3 11:44:44 opnsense acme.sh[13306]: [Mon Jan  3 11:44:44 CET 2022] timeout=
Jan  3 11:44:44 opnsense acme.sh[29615]: [Mon Jan  3 11:44:44 CET 2022] displayError='1'
Jan  3 11:44:44 opnsense acme.sh[76353]: [Mon Jan  3 11:44:44 CET 2022] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
Jan  3 11:44:45 opnsense acme.sh[98824]: [Mon Jan  3 11:44:45 CET 2022] ret='0'
Jan  3 11:44:45 opnsense acme.sh[18549]: [Mon Jan  3 11:44:45 CET 2022] _hcode='0'
Jan  3 11:44:45 opnsense acme.sh[61629]: [Mon Jan  3 11:44:45 CET 2022] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
Jan  3 11:44:45 opnsense acme.sh[84210]: [Mon Jan  3 11:44:45 CET 2022] ACME_NEW_AUTHZ
Jan  3 11:44:45 opnsense acme.sh[1384]: [Mon Jan  3 11:44:45 CET 2022] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
Jan  3 11:44:45 opnsense acme.sh[21111]: [Mon Jan  3 11:44:45 CET 2022] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
Jan  3 11:44:45 opnsense acme.sh[41082]: [Mon Jan  3 11:44:45 CET 2022] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
Jan  3 11:44:45 opnsense acme.sh[56753]: [Mon Jan  3 11:44:45 CET 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
Jan  3 11:44:45 opnsense acme.sh[68532]: [Mon Jan  3 11:44:45 CET 2022] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
Jan  3 11:44:45 opnsense acme.sh[14799]: [Mon Jan  3 11:44:45 CET 2022] Le_NextRenewTime
Jan  3 11:44:45 opnsense acme.sh[45977]: [Mon Jan  3 11:44:45 CET 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
Jan  3 11:44:45 opnsense acme.sh[62760]: [Mon Jan  3 11:44:45 CET 2022] _on_before_issue
Jan  3 11:44:45 opnsense acme.sh[80668]: [Mon Jan  3 11:44:45 CET 2022] _chk_main_domain='foo.bar.net'
Jan  3 11:44:45 opnsense acme.sh[1100]: [Mon Jan  3 11:44:45 CET 2022] _chk_alt_domains='*.foo.bar.net'
Jan  3 11:44:45 opnsense acme.sh[27482]: [Mon Jan  3 11:44:45 CET 2022] Le_LocalAddress
Jan  3 11:44:45 opnsense acme.sh[64486]: [Mon Jan  3 11:44:45 CET 2022] d='foo.bar.net'
Jan  3 11:44:45 opnsense acme.sh[73396]: [Mon Jan  3 11:44:45 CET 2022] Check for domain='foo.bar.net'
Jan  3 11:44:45 opnsense acme.sh[12087]: [Mon Jan  3 11:44:45 CET 2022] _currentRoot='dns_hostingde'
Jan  3 11:44:45 opnsense acme.sh[48808]: [Mon Jan  3 11:44:45 CET 2022] d='*.foo.bar.net'
Jan  3 11:44:45 opnsense acme.sh[70364]: [Mon Jan  3 11:44:45 CET 2022] Check for domain='*.foo.bar.net'
Jan  3 11:44:45 opnsense acme.sh[98838]: [Mon Jan  3 11:44:45 CET 2022] _currentRoot='dns_hostingde'
Jan  3 11:44:45 opnsense acme.sh[49264]: [Mon Jan  3 11:44:45 CET 2022] d
Jan  3 11:44:45 opnsense acme.sh[10003]: [Mon Jan  3 11:44:45 CET 2022] _saved_account_key_hash is not changed, skip register account.
Jan  3 11:44:45 opnsense acme.sh[53587]: [Mon Jan  3 11:44:45 CET 2022] Read key length:4096
Jan  3 11:44:45 opnsense acme.sh[70563]: [Mon Jan  3 11:44:45 CET 2022] _createcsr
Jan  3 11:44:45 opnsense acme.sh[49555]: [Mon Jan  3 11:44:45 CET 2022] Multi domain='DNS:foo.bar.net,DNS:*.foo.bar.net'
Jan  3 11:44:46 opnsense acme.sh[18890]: [Mon Jan  3 11:44:46 CET 2022] Getting domain auth token for each domain
Jan  3 11:44:46 opnsense acme.sh[76378]: [Mon Jan  3 11:44:46 CET 2022] d='*.foo.bar.net'
Jan  3 11:44:46 opnsense acme.sh[32148]: [Mon Jan  3 11:44:46 CET 2022] d
Jan  3 11:44:46 opnsense acme.sh[43832]: [Mon Jan  3 11:44:46 CET 2022] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
Jan  3 11:44:46 opnsense acme.sh[62973]: [Mon Jan  3 11:44:46 CET 2022] payload='{"identifiers": [{"type":"dns","value":"foo.bar.net"},{"type":"dns","value":"*.foo.bar.net"}]}'
Jan  3 11:44:46 opnsense acme.sh[80366]: [Mon Jan  3 11:44:46 CET 2022] RSA key
Jan  3 11:44:47 opnsense acme.sh[96674]: [Mon Jan  3 11:44:47 CET 2022] Retrying post
Jan  3 11:44:47 opnsense acme.sh[11545]: [Mon Jan  3 11:44:47 CET 2022] HEAD
Jan  3 11:44:47 opnsense acme.sh[29978]: [Mon Jan  3 11:44:47 CET 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
Jan  3 11:44:47 opnsense acme.sh[60171]: [Mon Jan  3 11:44:47 CET 2022] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  -I  '
Jan  3 11:44:47 opnsense acme.sh[84105]: [Mon Jan  3 11:44:47 CET 2022] _ret='0'
Jan  3 11:44:47 opnsense acme.sh[97145]: [Mon Jan  3 11:44:47 CET 2022] _hcode='0'
Jan  3 11:44:47 opnsense acme.sh[31980]: [Mon Jan  3 11:44:47 CET 2022] Retrying post
Jan  3 11:44:47 opnsense acme.sh[54117]: [Mon Jan  3 11:44:47 CET 2022] POST
Jan  3 11:44:47 opnsense acme.sh[76865]: [Mon Jan  3 11:44:47 CET 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
Jan  3 11:44:47 opnsense acme.sh[97737]: [Mon Jan  3 11:44:47 CET 2022] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
Jan  3 11:44:48 opnsense acme.sh[20481]: [Mon Jan  3 11:44:48 CET 2022] _ret='0'
Jan  3 11:44:48 opnsense acme.sh[42102]: [Mon Jan  3 11:44:48 CET 2022] _hcode='0'
Jan  3 11:44:48 opnsense acme.sh[92231]: [Mon Jan  3 11:44:48 CET 2022] code='201'
Jan  3 11:44:48 opnsense acme.sh[94859]: [Mon Jan  3 11:44:48 CET 2022] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/329573360/52315478840'
Jan  3 11:44:48 opnsense acme.sh[25097]: [Mon Jan  3 11:44:48 CET 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/329573360/52315478840'
Jan  3 11:44:48 opnsense acme.sh[22332]: [Mon Jan  3 11:44:48 CET 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/64604828070'
Jan  3 11:44:48 opnsense acme.sh[37582]: [Mon Jan  3 11:44:48 CET 2022] payload
Jan  3 11:44:48 opnsense acme.sh[42352]: [Mon Jan  3 11:44:48 CET 2022] Retrying post
Jan  3 11:44:48 opnsense acme.sh[55627]: [Mon Jan  3 11:44:48 CET 2022] POST
Jan  3 11:44:48 opnsense acme.sh[68263]: [Mon Jan  3 11:44:48 CET 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/64604828070'
Jan  3 11:44:48 opnsense acme.sh[87090]: [Mon Jan  3 11:44:48 CET 2022] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
Jan  3 11:44:49 opnsense acme.sh[18149]: [Mon Jan  3 11:44:49 CET 2022] _ret='0'
Jan  3 11:44:49 opnsense acme.sh[39705]: [Mon Jan  3 11:44:49 CET 2022] _hcode='0'
Jan  3 11:44:49 opnsense acme.sh[76562]: [Mon Jan  3 11:44:49 CET 2022] code='200'
Jan  3 11:44:49 opnsense acme.sh[12752]: [Mon Jan  3 11:44:49 CET 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/64604828080'
Jan  3 11:44:49 opnsense acme.sh[27334]: [Mon Jan  3 11:44:49 CET 2022] payload
Jan  3 11:44:49 opnsense acme.sh[68537]: [Mon Jan  3 11:44:49 CET 2022] Retrying post
Jan  3 11:44:49 opnsense acme.sh[84355]: [Mon Jan  3 11:44:49 CET 2022] POST
Jan  3 11:44:49 opnsense acme.sh[3255]: [Mon Jan  3 11:44:49 CET 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/64604828080'
Jan  3 11:44:49 opnsense acme.sh[29169]: [Mon Jan  3 11:44:49 CET 2022] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
Jan  3 11:44:49 opnsense acme.sh[59205]: [Mon Jan  3 11:44:49 CET 2022] _ret='0'
Jan  3 11:44:49 opnsense acme.sh[83974]: [Mon Jan  3 11:44:49 CET 2022] _hcode='0'
Jan  3 11:44:49 opnsense acme.sh[29817]: [Mon Jan  3 11:44:49 CET 2022] code='200'
Jan  3 11:44:50 opnsense acme.sh[11890]: [Mon Jan  3 11:44:50 CET 2022] d='foo.bar.net'
Jan  3 11:44:50 opnsense acme.sh[35599]: [Mon Jan  3 11:44:50 CET 2022] Getting webroot for domain='foo.bar.net'
Jan  3 11:44:50 opnsense acme.sh[60415]: [Mon Jan  3 11:44:50 CET 2022] _w='dns_hostingde'
Jan  3 11:44:50 opnsense acme.sh[81312]: [Mon Jan  3 11:44:50 CET 2022] _currentRoot='dns_hostingde'
Jan  3 11:44:50 opnsense acme.sh[39024]: [Mon Jan  3 11:44:50 CET 2022] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/64604828080/z3wYYw","token":"Sea250VI5PxlrdDqjjJW3fyTF-TR0vTjpCLYmxleYjI"'
Jan  3 11:44:50 opnsense acme.sh[95254]: [Mon Jan  3 11:44:50 CET 2022] token='Sea250VI5PxlrdDqjjJW3fyTF-TR0vTjpCLYmxleYjI'
Jan  3 11:44:50 opnsense acme.sh[42282]: [Mon Jan  3 11:44:50 CET 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/64604828080/z3wYYw'
Jan  3 11:44:50 opnsense acme.sh[59527]: [Mon Jan  3 11:44:50 CET 2022] keyauthorization='Sea250VI5PxlrdDqjjJW3fyTF-TR0vTjpCLYmxleYjI.AVhMEMapT1sSrxLP7o0dVJ5mlBYNqPkDe8i--3kHCSE'
Jan  3 11:44:50 opnsense acme.sh[89651]: [Mon Jan  3 11:44:50 CET 2022] dvlist='foo.bar.net#Sea250VI5PxlrdDqjjJW3fyTF-TR0vTjpCLYmxleYjI.AVhMEMapT1sSrxLP7o0dVJ5mlBYNqPkDe8i--3kHCSE#https://acme-v02.api.letsencrypt.org/acme/chall-v3/64604828080/z3wYYw#dns-01#dns_hostingde'
Jan  3 11:44:50 opnsense acme.sh[37298]: [Mon Jan  3 11:44:50 CET 2022] d='*.foo.bar.net'
Jan  3 11:44:50 opnsense acme.sh[59803]: [Mon Jan  3 11:44:50 CET 2022] Getting webroot for domain='*.foo.bar.net'
Jan  3 11:44:50 opnsense acme.sh[90306]: [Mon Jan  3 11:44:50 CET 2022] _w='dns_hostingde'
Jan  3 11:44:50 opnsense acme.sh[6688]: [Mon Jan  3 11:44:50 CET 2022] _currentRoot='dns_hostingde'
Jan  3 11:44:50 opnsense acme.sh[11157]: [Mon Jan  3 11:44:50 CET 2022] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/64604828070/Gt4txA","token":"3UhiXBzJWVow3u3S1nTqO9sNEdfsIIKw5lQSKh_IAQY"'
Jan  3 11:44:50 opnsense acme.sh[44672]: [Mon Jan  3 11:44:50 CET 2022] token='3UhiXBzJWVow3u3S1nTqO9sNEdfsIIKw5lQSKh_IAQY'
Jan  3 11:44:50 opnsense acme.sh[84191]: [Mon Jan  3 11:44:50 CET 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/64604828070/Gt4txA'
Jan  3 11:44:50 opnsense acme.sh[5274]: [Mon Jan  3 11:44:50 CET 2022] keyauthorization='3UhiXBzJWVow3u3S1nTqO9sNEdfsIIKw5lQSKh_IAQY.AVhMEMapT1sSrxLP7o0dVJ5mlBYNqPkDe8i--3kHCSE'
Jan  3 11:44:50 opnsense acme.sh[32829]: [Mon Jan  3 11:44:50 CET 2022] dvlist='*.foo.bar.net#3UhiXBzJWVow3u3S1nTqO9sNEdfsIIKw5lQSKh_IAQY.AVhMEMapT1sSrxLP7o0dVJ5mlBYNqPkDe8i--3kHCSE#https://acme-v02.api.letsencrypt.org/acme/chall-v3/64604828070/Gt4txA#dns-01#dns_hostingde'
Jan  3 11:44:50 opnsense acme.sh[68492]: [Mon Jan  3 11:44:50 CET 2022] d
Jan  3 11:44:50 opnsense acme.sh[82622]: [Mon Jan  3 11:44:50 CET 2022] vlist='foo.bar.net#Sea250VI5PxlrdDqjjJW3fyTF-TR0vTjpCLYmxleYjI.AVhMEMapT1sSrxLP7o0dVJ5mlBYNqPkDe8i--3kHCSE#https://acme-v02.api.letsencrypt.org/acme/chall-v3/64604828080/z3wYYw#dns-01#dns_hostingde,*.foo.bar.net#3UhiXBzJWVow3u3S1nTqO9sNEdfsIIKw5lQSKh_IAQY.AVhMEMapT1sSrxLP7o0dVJ5mlBYNqPkDe8i--3kHCSE#https://acme-v02.api.letsencrypt.org/acme/chall-v3/64604828070/Gt4txA#dns-01#dns_hostingde,'
Jan  3 11:44:50 opnsense acme.sh[40314]: [Mon Jan  3 11:44:50 CET 2022] d='foo.bar.net'
Jan  3 11:44:50 opnsense acme.sh[76371]: [Mon Jan  3 11:44:50 CET 2022] _d_alias
Jan  3 11:44:50 opnsense acme.sh[92823]: [Mon Jan  3 11:44:50 CET 2022] txtdomain='_acme-challenge.foo.bar.net'
Jan  3 11:44:50 opnsense acme.sh[47323]: [Mon Jan  3 11:44:50 CET 2022] txt='MlloleVmBCemn4a8FZROWYez0iZcJ3hWfH62dQD7j9o'
Jan  3 11:44:50 opnsense acme.sh[70738]: [Mon Jan  3 11:44:50 CET 2022] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_hostingde.sh'
Jan  3 11:44:50 opnsense acme.sh[91717]: [Mon Jan  3 11:44:50 CET 2022] Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_hostingde.sh
Jan  3 11:44:50 opnsense acme.sh[12839]: [Mon Jan  3 11:44:50 CET 2022] Adding txt value: MlloleVmBCemn4a8FZROWYez0iZcJ3hWfH62dQD7j9o for domain:  _acme-challenge.foo.bar.net
Jan  3 11:44:50 opnsense acme.sh[26234]: [Mon Jan  3 11:44:50 CET 2022] Calling: _hostingde_addRecord() '_acme-challenge.foo.bar.net' 'MlloleVmBCemn4a8FZROWYez0iZcJ3hWfH62dQD7j9o'
Jan  3 11:44:50 opnsense acme.sh[98077]: [Mon Jan  3 11:44:50 CET 2022] Error add txt for domain:_acme-challenge.foo.bar.net
Jan  3 11:44:50 opnsense acme.sh[11182]: [Mon Jan  3 11:44:50 CET 2022] _on_issue_err
Jan  3 11:44:50 opnsense acme.sh[30561]: [Mon Jan  3 11:44:50 CET 2022] Please add '--debug' or '--log' to check more details.
Jan  3 11:44:50 opnsense acme.sh[46161]: [Mon Jan  3 11:44:50 CET 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Jan  3 11:44:50 opnsense acme.sh[18664]: [Mon Jan  3 11:44:50 CET 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/64604828080/z3wYYw'
Jan  3 11:44:50 opnsense acme.sh[33580]: [Mon Jan  3 11:44:50 CET 2022] payload='{}'
Jan  3 11:44:50 opnsense acme.sh[58265]: [Mon Jan  3 11:44:50 CET 2022] Retrying post
Jan  3 11:44:50 opnsense acme.sh[88511]: [Mon Jan  3 11:44:50 CET 2022] POST
Jan  3 11:44:50 opnsense acme.sh[10150]: [Mon Jan  3 11:44:50 CET 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/64604828080/z3wYYw'
Jan  3 11:44:50 opnsense acme.sh[26120]: [Mon Jan  3 11:44:50 CET 2022] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
Jan  3 11:44:51 opnsense acme.sh[40502]: [Mon Jan  3 11:44:51 CET 2022] _ret='0'
Jan  3 11:44:51 opnsense acme.sh[57818]: [Mon Jan  3 11:44:51 CET 2022] _hcode='0'
Jan  3 11:44:51 opnsense acme.sh[7112]: [Mon Jan  3 11:44:51 CET 2022] code='200'
Jan  3 11:44:51 opnsense acme.sh[47875]: [Mon Jan  3 11:44:51 CET 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/64604828070/Gt4txA'
Jan  3 11:44:51 opnsense acme.sh[65940]: [Mon Jan  3 11:44:51 CET 2022] payload='{}'
Jan  3 11:44:51 opnsense acme.sh[99287]: [Mon Jan  3 11:44:51 CET 2022] Retrying post
Jan  3 11:44:51 opnsense acme.sh[26001]: [Mon Jan  3 11:44:51 CET 2022] POST
Jan  3 11:44:51 opnsense acme.sh[52149]: [Mon Jan  3 11:44:51 CET 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/64604828070/Gt4txA'
Jan  3 11:44:51 opnsense acme.sh[76512]: [Mon Jan  3 11:44:51 CET 2022] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
Jan  3 11:44:52 opnsense acme.sh[98525]: [Mon Jan  3 11:44:52 CET 2022] _ret='0'
Jan  3 11:44:52 opnsense acme.sh[19765]: [Mon Jan  3 11:44:52 CET 2022] _hcode='0'
Jan  3 11:44:52 opnsense acme.sh[62464]: [Mon Jan  3 11:44:52 CET 2022] code='200'
Jan  3 11:44:52 opnsense acme.sh[46138]: [Mon Jan  3 11:44:52 CET 2022] Diagnosis versions:  openssl:openssl OpenSSL 1.1.1d-freebsd  24 Aug 2021 apache: apache doesn't exist. nginx: nginx doesn't exist. socat: socat by Gerhard Rieger and contributors - see www.dest-unreach.org socat version 1.7.4.2 on Dec 14 2021 05:02:44    running on FreeBSD version FreeBSD 12.1-RELEASE-p21-HBSD #0  04bde01a034(stable/21.7)-dirty: Mon Dec 13 09:07:56 CET 2021     root@sensey:/usr/obj/usr/src/amd64.amd64/sys/SMP, release 12.1-RELEASE-p21-HBSD, machine amd64 features:   #define WITH_STDIO 1   #define WITH_FDNUM 1   #define WITH_FILE 1   #define WITH_CREAT 1   #define WITH_GOPEN 1   #define WITH_TERMIOS 1   #define WITH_PIPE 1   #define WITH_UNIX 1   #undef WITH_ABSTRACT_UNIXSOCKET   #define WITH_IP4 1   #define WITH_IP6 1   #define WITH_RAWIP 1   #define WITH_GENERICSOCKET 1   #undef WITH_INTERFACE   #define WITH_TCP 1   #define WITH_UDP 1   #define WITH_SCTP 1   #define WITH_LISTEN 1   #define WITH_SOCKS4 1   #define WITH_SOCKS4A 1   #undef WITH_VSOCK   #define WITH_PROXY 1   #define WITH_SYSTEM 1   #define WITH_EXEC 1   #undef WITH_READLINE   #undef WITH_TUN   #define WITH_PTY 1   #define WITH_OPENSSL 1   #undef WITH_FIPS   #define WITH_LIBWRAP 1   #define WITH_SYCLS 1   #define WITH_FILAN 1   #define WITH_RETRY 1   #define WITH_MSGLEVEL 0 /*debug*/
Jan  3 11:44:52 opnsense acme.sh[60752]: [Mon Jan  3 11:44:52 CET 2022] pid
Jan  3 11:44:52 opnsense acme.sh[91289]: [Mon Jan  3 11:44:52 CET 2022] No need to restore nginx, skip.
Jan  3 11:44:52 opnsense acme.sh[5445]: [Mon Jan  3 11:44:52 CET 2022] _clearupdns
Jan  3 11:44:52 opnsense acme.sh[27800]: [Mon Jan  3 11:44:52 CET 2022] dns_entries
Jan  3 11:44:52 opnsense acme.sh[47561]: [Mon Jan  3 11:44:52 CET 2022] skip dns.
The error occurs when adding the txt:

Code: [Select]

Error add txt for domain:_acme-challenge.foo.bar.net
When i run acme.sh from shell i get some more information:

Code: [Select]

root@opnsense:~ # /usr/local/sbin/acme.sh --issue --syslog 7 --debug --server 'letsencrypt' --dns 'dns_hostingde' --dnssleep '120' --home '/var/etc/acme-client/home' --certpath '/var/etc/acme-client/certs/5d2e0e947b3a33.66367275/cert.pem' --keypath '/var/etc/acme-client/keys/5d2e0e947b3a33.66367275/private.key' --capath '/var/etc/acme-client/certs/5d2e0e947b3a33.66367275/chain.pem' --fullchainpath '/var/etc/acme-client/certs/5d2e0e947b3a33.66367275/fullchain.pem' --domain 'foo.bar.net' --domain '*.foo.bar.net' --days '1' --force  --keylength '4096' --accountconf '/var/etc/acme-client/accounts/5c796d8fbcdf99.52736980_prod/account.conf'

[Thu Jan  6 13:33:24 CET 2022] Selected server: https://acme-v02.api.letsencrypt.org/directory
[Thu Jan  6 13:33:24 CET 2022] Lets find script dir.
[Thu Jan  6 13:33:24 CET 2022] _SCRIPT_='/usr/local/sbin/acme.sh'
[Thu Jan  6 13:33:24 CET 2022] _script='/usr/local/sbin/acme.sh'
[Thu Jan  6 13:33:24 CET 2022] _script_home='/usr/local/sbin'
[Thu Jan  6 13:33:24 CET 2022] Using config home:/var/etc/acme-client/home
touch: /var/etc/acme-client/accounts/5c796d8fbcdf99.52736980_prod/account.conf: No such file or directory
grep: /var/etc/acme-client/accounts/5c796d8fbcdf99.52736980_prod/account.conf: No such file or directory
grep: /var/etc/acme-client/accounts/5c796d8fbcdf99.52736980_prod/account.conf: No such file or directory
/usr/local/sbin/acme.sh: cannot create /var/etc/acme-client/accounts/5c796d8fbcdf99.52736980_prod/account.conf: No such file or directory
grep: /var/etc/acme-client/accounts/5c796d8fbcdf99.52736980_prod/account.conf: No such file or directory
https://github.com/acmesh-official/acme.sh
v3.0.1
[Thu Jan  6 13:33:24 CET 2022] Using server: letsencrypt
[Thu Jan  6 13:33:24 CET 2022] Running cmd: issue
[Thu Jan  6 13:33:24 CET 2022] _main_domain='foo.bar.net'
[Thu Jan  6 13:33:24 CET 2022] _alt_domains='*.foo.bar.net'
[Thu Jan  6 13:33:24 CET 2022] Using config home:/var/etc/acme-client/home
[Thu Jan  6 13:33:24 CET 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Jan  6 13:33:24 CET 2022] DOMAIN_PATH='/var/etc/acme-client/home/foo.bar.net'
[Thu Jan  6 13:33:24 CET 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Thu Jan  6 13:33:24 CET 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Jan  6 13:33:24 CET 2022] Retrying GET
[Thu Jan  6 13:33:24 CET 2022] GET
[Thu Jan  6 13:33:24 CET 2022] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Jan  6 13:33:24 CET 2022] timeout=
[Thu Jan  6 13:33:24 CET 2022] displayError='1'
[Thu Jan  6 13:33:24 CET 2022] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Jan  6 13:33:25 CET 2022] ret='0'
[Thu Jan  6 13:33:25 CET 2022] _hcode='0'
[Thu Jan  6 13:33:25 CET 2022] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Thu Jan  6 13:33:25 CET 2022] ACME_NEW_AUTHZ
[Thu Jan  6 13:33:25 CET 2022] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Jan  6 13:33:25 CET 2022] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Jan  6 13:33:25 CET 2022] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Thu Jan  6 13:33:25 CET 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Jan  6 13:33:25 CET 2022] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Jan  6 13:33:25 CET 2022] Le_NextRenewTime
[Thu Jan  6 13:33:25 CET 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu Jan  6 13:33:25 CET 2022] _on_before_issue
[Thu Jan  6 13:33:25 CET 2022] _chk_main_domain='foo.bar.net'
[Thu Jan  6 13:33:25 CET 2022] _chk_alt_domains='*.foo.bar.net'
[Thu Jan  6 13:33:25 CET 2022] Le_LocalAddress
[Thu Jan  6 13:33:25 CET 2022] d='foo.bar.net'
[Thu Jan  6 13:33:25 CET 2022] Check for domain='foo.bar.net'
[Thu Jan  6 13:33:25 CET 2022] _currentRoot='dns_hostingde'
[Thu Jan  6 13:33:26 CET 2022] d='*.foo.bar.net'
[Thu Jan  6 13:33:26 CET 2022] Check for domain='*.foo.bar.net'
[Thu Jan  6 13:33:26 CET 2022] _currentRoot='dns_hostingde'
[Thu Jan  6 13:33:26 CET 2022] d
[Thu Jan  6 13:33:26 CET 2022] _saved_account_key_hash is not changed, skip register account.
[Thu Jan  6 13:33:26 CET 2022] Read key length:4096
[Thu Jan  6 13:33:26 CET 2022] _createcsr
[Thu Jan  6 13:33:26 CET 2022] Multi domain='DNS:foo.bar.net,DNS:*.foo.bar.net'
[Thu Jan  6 13:33:26 CET 2022] Getting domain auth token for each domain
[Thu Jan  6 13:33:26 CET 2022] d='*.foo.bar.net'
[Thu Jan  6 13:33:26 CET 2022] d
[Thu Jan  6 13:33:26 CET 2022] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Jan  6 13:33:26 CET 2022] payload='{"identifiers": [{"type":"dns","value":"foo.bar.net"},{"type":"dns","value":"*.foo.bar.net"}]}'
[Thu Jan  6 13:33:26 CET 2022] RSA key
[Thu Jan  6 13:33:27 CET 2022] Retrying post
[Thu Jan  6 13:33:27 CET 2022] HEAD
[Thu Jan  6 13:33:27 CET 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Jan  6 13:33:27 CET 2022] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  -I  '
[Thu Jan  6 13:33:27 CET 2022] _ret='0'
[Thu Jan  6 13:33:27 CET 2022] _hcode='0'
[Thu Jan  6 13:33:27 CET 2022] Retrying post
[Thu Jan  6 13:33:27 CET 2022] POST
[Thu Jan  6 13:33:27 CET 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Jan  6 13:33:27 CET 2022] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Jan  6 13:33:28 CET 2022] _ret='0'
[Thu Jan  6 13:33:28 CET 2022] _hcode='0'
[Thu Jan  6 13:33:28 CET 2022] code='201'
[Thu Jan  6 13:33:28 CET 2022] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/329573360/53124436250'
[Thu Jan  6 13:33:28 CET 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/329573360/53124436250'
[Thu Jan  6 13:33:28 CET 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/65583514020'
[Thu Jan  6 13:33:28 CET 2022] payload
[Thu Jan  6 13:33:28 CET 2022] Retrying post
[Thu Jan  6 13:33:28 CET 2022] POST
[Thu Jan  6 13:33:28 CET 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/65583514020'
[Thu Jan  6 13:33:28 CET 2022] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Jan  6 13:33:29 CET 2022] _ret='0'
[Thu Jan  6 13:33:29 CET 2022] _hcode='0'
[Thu Jan  6 13:33:29 CET 2022] code='200'
[Thu Jan  6 13:33:29 CET 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/65583514030'
[Thu Jan  6 13:33:29 CET 2022] payload
[Thu Jan  6 13:33:29 CET 2022] Retrying post
[Thu Jan  6 13:33:29 CET 2022] POST
[Thu Jan  6 13:33:29 CET 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/65583514030'
[Thu Jan  6 13:33:29 CET 2022] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Thu Jan  6 13:33:30 CET 2022] _ret='0'
[Thu Jan  6 13:33:30 CET 2022] _hcode='0'
[Thu Jan  6 13:33:30 CET 2022] code='200'
[Thu Jan  6 13:33:30 CET 2022] d='foo.bar.net'
[Thu Jan  6 13:33:30 CET 2022] Getting webroot for domain='foo.bar.net'
[Thu Jan  6 13:33:30 CET 2022] _w='dns_hostingde'
[Thu Jan  6 13:33:30 CET 2022] _currentRoot='dns_hostingde'
[Thu Jan  6 13:33:30 CET 2022] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/65583514030/Ks3kiQ","token":"NqH21wESATwki60MYNtGt06UAs_R7bElW5A2v-EXP2I"'
[Thu Jan  6 13:33:30 CET 2022] token='NqH21wESATwki60MYNtGt06UAs_R7bElW5A2v-EXP2I'
[Thu Jan  6 13:33:30 CET 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/65583514030/Ks3kiQ'
[Thu Jan  6 13:33:30 CET 2022] keyauthorization='NqH21wESATwki60MYNtGt06UAs_R7bElW5A2v-EXP2I.AVhMEMapT1sSrxLP7o0dVJ5mlBYNqPkDe8i--3kHCSE'
[Thu Jan  6 13:33:30 CET 2022] dvlist='foo.bar.net#NqH21wESATwki60MYNtGt06UAs_R7bElW5A2v-EXP2I.AVhMEMapT1sSrxLP7o0dVJ5mlBYNqPkDe8i--3kHCSE#https://acme-v02.api.letsencrypt.org/acme/chall-v3/65583514030/Ks3kiQ#dns-01#dns_hostingde'
[Thu Jan  6 13:33:30 CET 2022] d='*.foo.bar.net'
[Thu Jan  6 13:33:30 CET 2022] Getting webroot for domain='*.foo.bar.net'
[Thu Jan  6 13:33:30 CET 2022] _w='dns_hostingde'
[Thu Jan  6 13:33:30 CET 2022] _currentRoot='dns_hostingde'
[Thu Jan  6 13:33:30 CET 2022] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/65583514020/ardCyw","token":"3-3qwWGR0E30V0eGTVFHh9Wxzkd_Ck6BHaCy6zZd94c"'
[Thu Jan  6 13:33:30 CET 2022] token='3-3qwWGR0E30V0eGTVFHh9Wxzkd_Ck6BHaCy6zZd94c'
[Thu Jan  6 13:33:30 CET 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/65583514020/ardCyw'
[Thu Jan  6 13:33:30 CET 2022] keyauthorization='3-3qwWGR0E30V0eGTVFHh9Wxzkd_Ck6BHaCy6zZd94c.AVhMEMapT1sSrxLP7o0dVJ5mlBYNqPkDe8i--3kHCSE'
[Thu Jan  6 13:33:30 CET 2022] dvlist='*.foo.bar.net#3-3qwWGR0E30V0eGTVFHh9Wxzkd_Ck6BHaCy6zZd94c.AVhMEMapT1sSrxLP7o0dVJ5mlBYNqPkDe8i--3kHCSE#https://acme-v02.api.letsencrypt.org/acme/chall-v3/65583514020/ardCyw#dns-01#dns_hostingde'
[Thu Jan  6 13:33:30 CET 2022] d
[Thu Jan  6 13:33:30 CET 2022] vlist='foo.bar.net#NqH21wESATwki60MYNtGt06UAs_R7bElW5A2v-EXP2I.AVhMEMapT1sSrxLP7o0dVJ5mlBYNqPkDe8i--3kHCSE#https://acme-v02.api.letsencrypt.org/acme/chall-v3/65583514030/Ks3kiQ#dns-01#dns_hostingde,*.foo.bar.net#3-3qwWGR0E30V0eGTVFHh9Wxzkd_Ck6BHaCy6zZd94c.AVhMEMapT1sSrxLP7o0dVJ5mlBYNqPkDe8i--3kHCSE#https://acme-v02.api.letsencrypt.org/acme/chall-v3/65583514020/ardCyw#dns-01#dns_hostingde,'
[Thu Jan  6 13:33:30 CET 2022] d='foo.bar.net'
[Thu Jan  6 13:33:30 CET 2022] _d_alias
[Thu Jan  6 13:33:30 CET 2022] txtdomain='_acme-challenge.foo.bar.net'
[Thu Jan  6 13:33:30 CET 2022] txt='IEKL2-_kW-TShCi_xUfkVC38E1bbB9L-PSurlFha7bo'
[Thu Jan  6 13:33:30 CET 2022] d_api
[Thu Jan  6 13:33:30 CET 2022] Can not find dns api hook for: dns_hostingde
[Thu Jan  6 13:33:30 CET 2022] You need to add the txt record manually.
[Thu Jan  6 13:33:30 CET 2022] Add the following TXT record:
[Thu Jan  6 13:33:30 CET 2022] Domain: '_acme-challenge.foo.bar.net'
[Thu Jan  6 13:33:30 CET 2022] TXT value: 'IEKL2-_kW-TShCi_xUfkVC38E1bbB9L-PSurlFha7bo'
[Thu Jan  6 13:33:30 CET 2022] Please be aware that you prepend _acme-challenge. before your domain
[Thu Jan  6 13:33:30 CET 2022] so the resulting subdomain will be: _acme-challenge.foo.bar.net
[Thu Jan  6 13:33:30 CET 2022] d='*.foo.bar.net'
[Thu Jan  6 13:33:30 CET 2022] _d_alias
[Thu Jan  6 13:33:30 CET 2022] txtdomain='_acme-challenge.foo.bar.net'
[Thu Jan  6 13:33:30 CET 2022] txt='X5h9WLxWt2Z4u-uCfgCFD8KTpSFcipYRUSj0zrZlwt4'
[Thu Jan  6 13:33:30 CET 2022] d_api
[Thu Jan  6 13:33:30 CET 2022] Can not find dns api hook for: dns_hostingde
[Thu Jan  6 13:33:30 CET 2022] You need to add the txt record manually.
[Thu Jan  6 13:33:31 CET 2022] Add the following TXT record:
[Thu Jan  6 13:33:31 CET 2022] Domain: '_acme-challenge.foo.bar.net'
[Thu Jan  6 13:33:31 CET 2022] TXT value: 'X5h9WLxWt2Z4u-uCfgCFD8KTpSFcipYRUSj0zrZlwt4'
[Thu Jan  6 13:33:31 CET 2022] Please be aware that you prepend _acme-challenge. before your domain
[Thu Jan  6 13:33:31 CET 2022] so the resulting subdomain will be: _acme-challenge.foo.bar.net
[Thu Jan  6 13:33:31 CET 2022] Dns record not added yet, so, save to /var/etc/acme-client/home/foo.bar.net/foo.bar.net.conf and exit.
[Thu Jan  6 13:33:31 CET 2022] Please add the TXT records to the domains, and re-run with --renew.
[Thu Jan  6 13:33:31 CET 2022] _on_issue_err
[Thu Jan  6 13:33:31 CET 2022] Please add '--debug' or '--log' to check more details.
[Thu Jan  6 13:33:31 CET 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Thu Jan  6 13:33:31 CET 2022] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1d-freebsd  24 Aug 2021
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.4.2 on Dec 14 2021 05:02:44
   running on FreeBSD version FreeBSD 12.1-RELEASE-p21-HBSD #0  04bde01a034(stable/21.7)-dirty: Mon Dec 13 09:07:56 CET 2021     root@sensey:/usr/obj/usr/src/amd64.amd64/sys/SMP, release 12.1-RELEASE-p21-HBSD, machine amd64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #undef WITH_ABSTRACT_UNIXSOCKET
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #undef WITH_INTERFACE
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #undef WITH_VSOCK
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #undef WITH_TUN
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/
[Thu Jan  6 13:33:31 CET 2022] pid
[Thu Jan  6 13:33:31 CET 2022] No need to restore nginx, skip.
[Thu Jan  6 13:33:31 CET 2022] _clearupdns
[Thu Jan  6 13:33:31 CET 2022] dns_entries
[Thu Jan  6 13:33:31 CET 2022] skip dns.
When adding the txt for the domain, the dns api hook seems to be missing:

Code: [Select]

[Thu Jan  6 13:33:30 CET 2022] Can not find dns api hook for: dns_hostingde
[Thu Jan  6 13:33:30 CET 2022] You need to add the txt record manually.
I can find the dns_hostingde script in root@opnsense:/usr/local/share/examples/acme.sh/dnsapi # ls | grep hosting
dns_hostingde.sh

The acme.sh script does not seem to find it. Where does the api script need to go?

Thanks for your help.

Best, Alex