OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: Taomyn on August 17, 2018, 11:15:03 am
-
It seems LE doesn't like to create subdomain certificates if there is no IP address assigned to the subdomain. The logs show:
Aug 17 10:46:31 opnsense: /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php: AcmeClient: validation for certificate failed: vpn.mydomain.com
Aug 17 10:46:31 opnsense: /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php: AcmeClient: domain validation failed
Aug 17 10:46:17 sshlockout[72021]: sshlockout/webConfigurator v3.0 starting up
Aug 17 10:46:17 opnsense: /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php: The command '/sbin/pfctl -a acme-client -f /var/etc/acme-client/configs/5b7689100289c8.42380781/acme_anchor_rules' returned exit code '1', the output was 'no IP address found for vpn.mydomain.com /var/etc/acme-client/configs/5b7689100289c8.42380781/acme_anchor_rules:1: could not parse host specification pfctl: Syntax error in config file: pf rules not loaded'
Would be nice if this was more easily detected and reported, or possibly fixed in some way.
For now I just need to keep remembering to add a CNAME alias record to my DNS server for the domain name internally with the external IP.