Messages

Thanks for the comment. I tried a different way, deleting the access account and recreating a new one in the Azure portal, but I was unsuccessful. Any further guidance you can give me on this problem would be welcome.

With pleasure, I attach the log

Code Select Expand

Process Line
acme.sh [Thu Jan 16 09:58:16 CST 2025] Skipping dns.
acme.sh [Thu Jan 16 09:58:16 CST 2025] dns_entries
acme.sh [Thu Jan 16 09:58:16 CST 2025] _clearupdns
acme.sh [Thu Jan 16 09:58:16 CST 2025] No need to restore nginx config, skipping.
acme.sh [Thu Jan 16 09:58:16 CST 2025] pid
#define WITH_DEFAULT_IPV 4
#define WITH_MSGLEVEL 0 /*debug*/
#undef WITH_DEVTESTS
#define WITH_RETRY 1
#define WITH_FILAN 1
#define WITH_SYCLS 1
#define WITH_LIBWRAP 1
#undef WITH_FIPS
#define WITH_OPENSSL 1
#define WITH_PTY 1
#undef WITH_TUN
#undef WITH_READLINE
#define WITH_EXEC 1
#define WITH_SHELL 1
#define WITH_SYSTEM 1
#define WITH_PROXY 1
#undef WITH_NAMESPACES
#undef WITH_VSOCK
#define WITH_SOCKS5 1
#define WITH_SOCKS4A 1
#define WITH_SOCKS4 1
#undef WITH_POSIXMQ
#define WITH_LISTEN 1
#define WITH_UDPLITE 1
#define WITH_DCCP 1
#define WITH_SCTP 1
#define WITH_UDP 1
#define WITH_TCP 1
#undef WITH_INTERFACE
#define WITH_GENERICSOCKET 1
#define WITH_RAWIP 1
#define WITH_IP6 1
#define WITH_IP4 1
#undef WITH_ABSTRACT_UNIXSOCKET
#define WITH_UNIX 1
#define WITH_SOCKETPAIR 1
#define WITH_PIPE 1
#define WITH_TERMIOS 1
#define WITH_GOPEN 1
#define WITH_CREAT 1
#define WITH_FILE 1
#define WITH_FDNUM 1
#define WITH_STDIO 1
#define WITH_STATS 1
#define WITH_HELP 1
features:
running on FreeBSD version FreeBSD 14.1-RELEASE-p6 stable/24.7-n267992-a8a728bd015 SMP, release 14.1-RELEASE-p6, machine amd64
socat version 1.8.0.2 on Jan 14 2025 04:21:34
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat:
nginx doesn't exist.
nginx:
Apache doesn't exist.
Apache:
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
openssl:openssl
acme.sh [Thu Jan 16 09:58:16 CST 2025] Diagnosis versions:
acme.sh [Thu Jan 16 09:58:16 CST 2025] code='200'
acme.sh [Thu Jan 16 09:58:16 CST 2025] _ret='0'
acme.sh [Thu Jan 16 09:58:16 CST 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.O1MuR91naF -g '
acme.sh [Thu Jan 16 09:58:16 CST 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall/749077297/461580502235/HxpFMQ'
acme.sh [Thu Jan 16 09:58:16 CST 2025] POST
acme.sh [Thu Jan 16 09:58:16 CST 2025] payload='{}'
acme.sh [Thu Jan 16 09:58:16 CST 2025] url='https://acme-v02.api.letsencrypt.org/acme/chall/749077297/461580502235/HxpFMQ'
acme.sh [Thu Jan 16 09:58:16 CST 2025] =======Sending Signed Request=======
acme.sh [Thu Jan 16 09:58:16 CST 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
acme.sh [Thu Jan 16 09:58:16 CST 2025] Please add '--debug' or '--log' to see more information.
acme.sh [Thu Jan 16 09:58:16 CST 2025] _on_issue_err
acme.sh [Thu Jan 16 09:58:16 CST 2025] Error adding TXT record to domain: _acme-challenge.app.divitsa.org
acme.sh [Thu Jan 16 09:58:16 CST 2025] invalid domain
acme.sh [Thu Jan 16 09:58:16 CST 2025] Invalid domain
acme.sh [Thu Jan 16 09:58:16 CST 2025] Access denied. Invalid access token. Make sure your Azure settings are correct. See: https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS
acme.sh [Thu Jan 16 09:58:16 CST 2025] http response code 401
acme.sh [Thu Jan 16 09:58:16 CST 2025] ret='0'
acme.sh [Thu Jan 16 09:58:16 CST 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.O1MuR91naF -g '
acme.sh [Thu Jan 16 09:58:16 CST 2025] timeout=
acme.sh [Thu Jan 16 09:58:16 CST 2025] url='https://management.azure.com/subscriptions/7de7dace-98f9-40fe-82f1-3973906af976/providers/Microsoft.Network/dnszones?$top=500&api-version=2017-09-01'
acme.sh [Thu Jan 16 09:58:16 CST 2025] GET
acme.sh [Thu Jan 16 09:58:16 CST 2025] https://management.azure.com/subscriptions/7de7dace-98f9-40fe-82f1-3973906af976/providers/Microsoft.Network/dnszones?$top=500&api-version=2017-09-01
acme.sh [Thu Jan 16 09:58:16 CST 2025] Using provided bearer token
acme.sh [Thu Jan 16 09:58:16 CST 2025] You didn't ask to use Azure managed identity, checking service principal credentials or provided bearer token
acme.sh [Thu Jan 16 09:58:16 CST 2025] Adding TXT value: oTGm7zYcg0nkrUmEBDQcKItKYRFPEiGNC840ZueR0oM for domain: _acme-challenge.app.divitsa.org
acme.sh [Thu Jan 16 09:58:16 CST 2025] Found domain API file: /usr/local/share/examples/acme.sh/dnsapi/dns_azure.sh
acme.sh [Thu Jan 16 09:58:16 CST 2025] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_azure.sh'
acme.sh [Thu Jan 16 09:58:16 CST 2025] txt='oTGm7zYcg0nkrUmEBDQcKItKYRFPEiGNC840ZueR0oM'
acme.sh [Thu Jan 16 09:58:16 CST 2025] txtdomain='_acme-challenge.app.divitsa.org'
acme.sh [Thu Jan 16 09:58:16 CST 2025] _d_alias
acme.sh [Thu Jan 16 09:58:16 CST 2025] d='app.divitsa.org'
acme.sh [Thu Jan 16 09:58:16 CST 2025] vlist='app.divitsa.org#ILsVJJkTe4HmNiCpE3U5fOsZ7nNALUvcVfz8baaRx3A.jvp-YTkTNLAG5bwD7XAediXLYq-f13aP8pmZUWKp0u0#https://acme-v02.api.letsencrypt.org/acme/chall/749077297/461580502235/HxpFMQ#dns-01#dns_azure#https://acme-v02.api.letsencrypt.org/acme/authz/749077297/461580502235,'
acme.sh [Thu Jan 16 09:58:16 CST 2025] d
acme.sh [Thu Jan 16 09:58:16 CST 2025] dvlist='app.divitsa.org#ILsVJJkTe4HmNiCpE3U5fOsZ7nNALUvcVfz8baaRx3A.jvp-YTkTNLAG5bwD7XAediXLYq-f13aP8pmZUWKp0u0#https://acme-v02.api.letsencrypt.org/acme/chall/749077297/461580502235/HxpFMQ#dns-01#dns_azure#https://acme-v02.api.letsencrypt.org/acme/authz/749077297/461580502235'
acme.sh [Thu Jan 16 09:58:16 CST 2025] keyauthorization='ILsVJJkTe4HmNiCpE3U5fOsZ7nNALUvcVfz8baaRx3A.jvp-YTkTNLAG5bwD7XAediXLYq-f13aP8pmZUWKp0u0'
acme.sh [Thu Jan 16 09:58:16 CST 2025] uri='https://acme-v02.api.letsencrypt.org/acme/chall/749077297/461580502235/HxpFMQ'
acme.sh [Thu Jan 16 09:58:16 CST 2025] token='ILsVJJkTe4HmNiCpE3U5fOsZ7nNALUvcVfz8baaRx3A'
acme.sh [Thu Jan 16 09:58:16 CST 2025] entry='"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/749077297/461580502235/HxpFMQ","status":"pending","token":"ILsVJJkTe4HmNiCpE3U5fOsZ7nNALUvcVfz8baaRx3A"'
acme.sh [Thu Jan 16 09:58:16 CST 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/749077297/461580502235'
acme.sh [Thu Jan 16 09:58:16 CST 2025] _currentRoot='dns_azure'
acme.sh [Thu Jan 16 09:58:16 CST 2025] _w='dns_azure'
acme.sh [Thu Jan 16 09:58:16 CST 2025] Getting webroot for domain='app.divitsa.org'
acme.sh [Thu Jan 16 09:58:16 CST 2025] d='app.divitsa.org'
acme.sh [Thu Jan 16 09:58:16 CST 2025] code='200'
acme.sh [Thu Jan 16 09:58:16 CST 2025] _ret='0'
acme.sh [Thu Jan 16 09:58:16 CST 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.O1MuR91naF -g '
acme.sh [Thu Jan 16 09:58:16 CST 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/749077297/461580502235'
acme.sh [Thu Jan 16 09:58:16 CST 2025] POST
acme.sh [Thu Jan 16 09:58:16 CST 2025] payload
acme.sh [Thu Jan 16 09:58:16 CST 2025] url='https://acme-v02.api.letsencrypt.org/acme/authz/749077297/461580502235'
acme.sh [Thu Jan 16 09:58:16 CST 2025] =======Sending Signed Request=======
acme.sh [Thu Jan 16 09:58:16 CST 2025] STEP 2, Get the authorizations of each domain
acme.sh [Thu Jan 16 09:58:15 CST 2025] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/749077297/344993387015'
acme.sh [Thu Jan 16 09:58:15 CST 2025] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/749077297/344993387015'
acme.sh [Thu Jan 16 09:58:15 CST 2025] code='201'
acme.sh [Thu Jan 16 09:58:15 CST 2025] _ret='0'
acme.sh [Thu Jan 16 09:58:15 CST 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.O1MuR91naF -g '
acme.sh [Thu Jan 16 09:58:15 CST 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
acme.sh [Thu Jan 16 09:58:15 CST 2025] POST
acme.sh [Thu Jan 16 09:58:15 CST 2025] _ret='0'
acme.sh [Thu Jan 16 09:58:15 CST 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.O1MuR91naF -g -I '
acme.sh [Thu Jan 16 09:58:15 CST 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
acme.sh [Thu Jan 16 09:58:15 CST 2025] HEAD
acme.sh [Thu Jan 16 09:58:15 CST 2025] RSA key
acme.sh [Thu Jan 16 09:58:15 CST 2025] payload='{"identifiers": [{"type":"dns","value":"app.divitsa.org"}]}'
acme.sh [Thu Jan 16 09:58:15 CST 2025] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
acme.sh [Thu Jan 16 09:58:15 CST 2025] =======Sending Signed Request=======
acme.sh [Thu Jan 16 09:58:15 CST 2025] STEP 1, Ordering a Certificate
acme.sh [Thu Jan 16 09:58:15 CST 2025] d
acme.sh [Thu Jan 16 09:58:15 CST 2025] Getting domain auth token for each domain
acme.sh [Thu Jan 16 09:58:14 CST 2025] Single domain='app.divitsa.org'
acme.sh [Thu Jan 16 09:58:14 CST 2025] _createcsr
acme.sh [Thu Jan 16 09:58:14 CST 2025] Read key length: 4096
acme.sh [Thu Jan 16 09:58:14 CST 2025] _saved_account_key_hash was not changed, skipping account registration.
acme.sh [Thu Jan 16 09:58:14 CST 2025] d
acme.sh [Thu Jan 16 09:58:14 CST 2025] _currentRoot='dns_azure'
acme.sh [Thu Jan 16 09:58:14 CST 2025] Checking for domain='app.divitsa.org'
acme.sh [Thu Jan 16 09:58:14 CST 2025] d='app.divitsa.org'
acme.sh [Thu Jan 16 09:58:14 CST 2025] Le_LocalAddress
acme.sh [Thu Jan 16 09:58:14 CST 2025] _chk_alt_domains
acme.sh [Thu Jan 16 09:58:14 CST 2025] _chk_main_domain='app.divitsa.org'
acme.sh [Thu Jan 16 09:58:14 CST 2025] _on_before_issue
acme.sh [Thu Jan 16 09:58:14 CST 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
acme.sh [Thu Jan 16 09:58:14 CST 2025] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
acme.sh [Thu Jan 16 09:58:14 CST 2025] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf'
acme.sh [Thu Jan 16 09:58:14 CST 2025] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
acme.sh [Thu Jan 16 09:58:14 CST 2025] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
acme.sh [Thu Jan 16 09:58:14 CST 2025] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
acme.sh [Thu Jan 16 09:58:14 CST 2025] ACME_NEW_AUTHZ
acme.sh [Thu Jan 16 09:58:14 CST 2025] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
acme.sh [Thu Jan 16 09:58:14 CST 2025] ret='0'
acme.sh [Thu Jan 16 09:58:14 CST 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.EDqdI6w5Hq -g '
acme.sh [Thu Jan 16 09:58:14 CST 2025] timeout=
acme.sh [Thu Jan 16 09:58:14 CST 2025] url='https://acme-v02.api.letsencrypt.org/directory'
acme.sh [Thu Jan 16 09:58:14 CST 2025] GET
acme.sh [Thu Jan 16 09:58:14 CST 2025] _init API for server: https://acme-v02.api.letsencrypt.org/directory
acme.sh [Thu Jan 16 09:58:14 CST 2025] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
acme.sh [Thu Jan 16 09:58:14 CST 2025] Le_NextRenewTime
acme.sh [Thu Jan 16 09:58:14 CST 2025] DOMAIN_PATH='/var/etc/acme-client/cert-home/67853b84971958.81603023/app.divitsa.org'
acme.sh [Thu Jan 16 09:58:14 CST 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
acme.sh [Thu Jan 16 09:58:14 CST 2025] Using config home: /var/etc/acme-client/home
acme.sh [Thu Jan 16 09:58:14 CST 2025] _alt_domains='no'
acme.sh [Thu Jan 16 09:58:14 CST 2025] _main_domain='app.divitsa.org'
acme.sh [Thu Jan 16 09:58:14 CST 2025] Running cmd: issue
acme.sh [Thu Jan 16 09:58:14 CST 2025] Using server: https://acme-v02.api.letsencrypt.org/directory


Good day,
Dear friends, does anyone have a reference to the error when renewing the certificate that can guide me where the problem is? My domain is in Azure and it sends me the following error.

Code Select Expand

config AcmeClient: validation for certificate failed: app.divitsa.org
config AcmeClient: domain validation failed (dns01)
config AcmeClient: AcmeClient: The shell command returned exit code '1': '/usr/local/sbin/acme.sh --issue --syslog 9 --debug 3 --server 'letsencrypt' --dns 'dns_azure' --dnssleep '900' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/67853b84971958.81603023' --certpath '/var/etc/acme-client/certs/67853b84971958.81603023/cert.pem' --keypath '/var/etc/acme-client/keys/67853b84971958.81603023/private.key' --capath '/var/etc/acme-client/certs/67853b84971958.81603023/chain.pem' --fullchainpath '/var/etc/acme-client/certs/67853b84971958.81603023/fullchain.pem' --domain 'app.divitsa.org' --days '1' --keylength '4096' --accountconf '/var/etc/acme-client/accounts/6331cb79e2fe77.05571626_prod/account.conf''
2025-01-16T00:00:05-06:00 config AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --syslog 9 --debug 3 --server 'letsencrypt' --dns 'dns_azure' --dnssleep '900' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/67853b84971958.81603023' --certpath '/var/etc/acme-client/certs/67853b84971958.81603023/cert.pem' --keypath '/var/etc/acme-client/keys/67853b84971958.81603023/private.key' --capath '/var/etc/acme-client/certs/67853b84971958.81603023/chain.pem' --fullchainpath '/var/etc/acme-client/certs/67853b84971958.81603023/fullchain.pem' --domain 'app.divitsa.org' --days '1' --keylength '4096' --accountconf '/var/etc/acme-client/accounts/6331cb79e2fe77.05571626_prod/account.conf'
config AcmeClient: using challenge type: app.divitsa.org
config AcmeClient: account is registered: app.divitsa.org
config AcmeClient: using CA: letsencrypt
config AcmeClient: issue certificate: app.divitsa.org
config AcmeClient: certificate must be issued/renewed: app.divitsa.org

I appreciate your attention and your valuable comments.

Today I updated the version and I had the same problem, I updated to version 6.5, the problem was corrected, it is working fine.

Thank you so much

FreeBSD ports just updated to 6.5 so here is a test package:

# opnsense-revert -z squid


Cheers,
Franco

good day
I have the same problem with my gateway, I already updated the latest version today, and I still have the same problem

today I updated my version, I still have a multi wan problem, the main gateway is not activated, apply this patch
# opnsense-patch 3c46b33a3e
the problem continues

Gateways: Log File

2023-10-18T19:20:05-06:00   Warning   dpinger   WAN_DHCP 1.1.1.1: sendto error: 64   
2023-10-18T19:20:04-06:00   Warning   dpinger   WAN_DHCP 1.1.1.1: sendto error: 64   
2023-10-18T19:20:03-06:00   Warning   dpinger   WAN_DHCP 1.1.1.1: sendto error: 64   
2023-10-18T19:20:02-06:00   Warning   dpinger   WAN_DHCP 1.1.1.1: sendto error: 64   
2023-10-18T19:20:01-06:00   Warning   dpinger   WAN_DHCP 1.1.1.1: sendto error: 64   
2023-10-18T19:20:00-06:00   Warning   dpinger   WAN_DHCP 1.1.1.1: sendto error: 64   
2023-10-18T19:19:59-06:00   Warning   dpinger   WAN_DHCP 1.1.1.1: sendto error: 64   
2023-10-18T19:19:58-06:00   Warning   dpinger   WAN_DHCP 1.1.1.1: sendto error: 64

I have the same detail with my configuration, I have not been able to make it work, someone already has it working that can give us a clue?

thank you very much for your answer, solved

Hi dears
when updating my version I receive the following message

Code Select Expand


***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.1.9 at Wed Jun 28 22:54:34 CDT 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (10 candidates): .......... done
Processing candidates (10 candidates): .......... done
Checking integrity... done (0 conflicting)
The following 10 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
bind-tools: 9.18.14 -> 9.18.16
ddclient-devel: 3.10.0_1 -> 3.10.0_3
opnsense: 23.1.9 -> 23.1.11
os-crowdsec: 1.0.5 -> 1.0.6
pftop: 0.8_2 -> 0.8_4
php81-gettext: 8.1.19 -> 8.1.20
py39-filelock: 3.10.3_1 -> 3.12.2
squid: 5.8 -> 5.9
strongswan: 5.9.10_1 -> 5.9.10_2
vim: 9.0.1503 -> 9.0.1627

Number of packages to be upgraded: 10

The process will require 3 MiB more space.
[1/10] Upgrading squid from 5.8 to 5.9...
===> Creating groups.
Using existing group 'squid'.
===> Creating users
Using existing user 'squid'.
===> Creating homedir(s)
===> Pre-installation configuration for squid-5.9
[1/10] Extracting squid-5.9: .......... done
squid-5.8: missing file /usr/local/share/licenses/squid-5.8/GPLv2
squid-5.8: missing file /usr/local/share/licenses/squid-5.8/LICENSE
squid-5.8: missing file /usr/local/share/licenses/squid-5.8/catalog.mk
pkg-static: Fail to rename /usr/local/etc/squid/errors/.pkgtemp.es-mx.vOnNWzDx8XyS -> /usr/local/etc/squid/errors/es-mx:Not a directory
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***


I think your recommendation to start and observe the performance is good, hopefully if someone else has another recommendation

it would be the Amazon EC2 X1 instance
which instance do you recommend?

I thank you very much, for your prompt response Gauss23, it would be about the AWS platform instance of the t4g.large team, vCPUs 2, Memory 8 GiB, Network performance Up to 5 Gigabit.
would it be with a single WAN interface?

OpenVPN performance
Dear, can someone guide me in the configuration of my OpenVPN road warrior server to connect 380 users, it is to replicate database transactions every 5 minutes like 300 lines of records for each user, I need your recommendation to configure the openvpn server , it would support with a single tun ovpns1 the traffic of 380 users or divide the load to another tun ovpns2, ovpns3 ...
What would be the best recommendation and what should I consider to configure my openvpn server.
Thank you for your attention

MV opnsense in Azure configure dynamic DNS of Azure, it does not update me public IP address it shows me the private IP address.
any suggestion?

I have two servers
physical equipment with 30 connected clients, equipment characteristics:
CPU 3-2105 CPU @ 3.10GHz (4 cores)
RAM memory: 8GB

Azure server, 3 clients connected
CPU E5-2673 v4 @ 2.30GHz (2 cores)
4GB RAM

it's exactly the same message for both