Messages

The gui does not offer an ability to set the subscription id for an Azure based domain name.

Can i edit this config.xml directly?  If so what keys do i need to add?

Code Select Expand

    <DynDNS version="1.5.1">
      <general>
        <enabled>1</enabled>
        <verbose>0</verbose>
        <allowipv6>0</allowipv6>
        <daemon_delay>300</daemon_delay>
        <backend>opnsense</backend>
      </general>
      <accounts>
        <account uuid="cad3372f-5967-43a2-bb6c-0464b668b17e">
          <enabled>1</enabled>
          <service>azure</service>
          <protocol/>
          <server/>
          <username>2727f4f0-6beb-405b-87c3-f6eaf7eb37a5</username>
          <password>2e1910c8-f0b2-4a21-adcb-6822ac9c9cf9</password>
          <resourceId>d6fbdc4b-9684-4087-b56f-c23dac47140e</resourceId>
          <hostnames>cav.dummydomain.com</hostnames>
          <wildcard>0</wildcard>
          <zone/>
          <checkip>web_dyndns</checkip>
          <dynipv6host/>
          <checkip_timeout>10</checkip_timeout>
          <force_ssl>1</force_ssl>
          <ttl>300</ttl>
          <interface>wan</interface>
          <description>dummydomain_inxsol</description>
        </account>
      </accounts>
    </DynDNS>
  </OPNsense>

Solved by...  hand editing:    /var/etc/acme-client/home/dnsapi/dns_nsupdate.sh 

The system var:  NSUPDATE_KEY  was retrieving  /var/etc/acme-client/configs/67dde95bc59958.46853282//secret.key  but in Secret Key i had placed a file on the server and used "/usr/local/etc/acme/acme-update.key"   unsure what the right way to do it was but   

  # Comment out the dynamic NSUPDATE_KEY lookup
  # NSUPDATE_KEY="${NSUPDATE_KEY:-$(_readaccountconf_mutable NSUPDATE_KEY)}"
  # Hardcode the NSUPDATE_KEY path
  NSUPDATE_KEY="/usr/local/etc/acme/acme-update.key"

Worked.

I am new to OPNSENSE and have spent a few hrs using Grock and Chatgpt.  I have a Bind DNS on my lan. ACME is working fine with azure and the azure challenge. For a new domain hosted in my bind the a records are resolving to the world just fine.  From OPNSENSE root command line i can write txt records into Bind on that other Bind server. but the ACME issue a certificate persists in exiting and not writing the txt file.

Is the correct path of least resistance to add a BIND plugin directly in opnsense and abandon the use of a dedicated server on my lan with bind on ubuntu?

The shell command returned exit code '1'

Code Select Expand

AcmeClient: AcmeClient: The shell command returned exit code '1': '/usr/local/sbin/acme.sh --issue --syslog 9 --debug 3 --server 'letsencrypt' --dns 'dns_nsupdate' --dnssleep '50' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/67dde95bc59958.46853282' --certpath '/var/etc/acme-client/certs/67dde95bc59958.46853282/cert.pem' --keypath '/var/etc/acme-client/keys/67dde95bc59958.46853282/private.key' --capath '/var/etc/acme-client/certs/67dde95bc59958.46853282/chain.pem' --fullchainpath '/var/etc/acme-client/certs/67dde95bc59958.46853282/fullchain.pem' --domain '*.enviroxxxxx.com' --domain 'enviroxxxxx.com' --days '1' --force --keylength '2048' --accountconf '/var/etc/acme-client/accounts/67af8006eb6ec0.25792757_prod/account.conf''