Messages

The dialog does not have a field for subscription id, and if i try using "resourceId" with sunscription id entered into it -  it doesn't solve the issue.  OnPF sense i recall setting both.





"subsciptionid" (assumed) is not present in the config and not present in the dialog to enter it.

this was more related to the issue. thanks for pointing me to github.

https://github.com/opnsense/plugins/issues/3757

The gui does not offer an ability to set the subscription id for an Azure based domain name.

Can i edit this config.xml directly?  If so what keys do i need to add?

Code Select Expand

    <DynDNS version="1.5.1">
      <general>
        <enabled>1</enabled>
        <verbose>0</verbose>
        <allowipv6>0</allowipv6>
        <daemon_delay>300</daemon_delay>
        <backend>opnsense</backend>
      </general>
      <accounts>
        <account uuid="cad3372f-5967-43a2-bb6c-0464b668b17e">
          <enabled>1</enabled>
          <service>azure</service>
          <protocol/>
          <server/>
          <username>2727f4f0-6beb-405b-87c3-f6eaf7eb37a5</username>
          <password>2e1910c8-f0b2-4a21-adcb-6822ac9c9cf9</password>
          <resourceId>d6fbdc4b-9684-4087-b56f-c23dac47140e</resourceId>
          <hostnames>cav.dummydomain.com</hostnames>
          <wildcard>0</wildcard>
          <zone/>
          <checkip>web_dyndns</checkip>
          <dynipv6host/>
          <checkip_timeout>10</checkip_timeout>
          <force_ssl>1</force_ssl>
          <ttl>300</ttl>
          <interface>wan</interface>
          <description>dummydomain_inxsol</description>
        </account>
      </accounts>
    </DynDNS>
  </OPNsense>

Solved by...  hand editing:    /var/etc/acme-client/home/dnsapi/dns_nsupdate.sh 

The system var:  NSUPDATE_KEY  was retrieving  /var/etc/acme-client/configs/67dde95bc59958.46853282//secret.key  but in Secret Key i had placed a file on the server and used "/usr/local/etc/acme/acme-update.key"   unsure what the right way to do it was but   

  # Comment out the dynamic NSUPDATE_KEY lookup
  # NSUPDATE_KEY="${NSUPDATE_KEY:-$(_readaccountconf_mutable NSUPDATE_KEY)}"
  # Hardcode the NSUPDATE_KEY path
  NSUPDATE_KEY="/usr/local/etc/acme/acme-update.key"

Worked.

I am new to OPNSENSE and have spent a few hrs using Grock and Chatgpt.  I have a Bind DNS on my lan. ACME is working fine with azure and the azure challenge. For a new domain hosted in my bind the a records are resolving to the world just fine.  From OPNSENSE root command line i can write txt records into Bind on that other Bind server. but the ACME issue a certificate persists in exiting and not writing the txt file.

Is the correct path of least resistance to add a BIND plugin directly in opnsense and abandon the use of a dedicated server on my lan with bind on ubuntu?

The shell command returned exit code '1'

Code Select Expand

AcmeClient: AcmeClient: The shell command returned exit code '1': '/usr/local/sbin/acme.sh --issue --syslog 9 --debug 3 --server 'letsencrypt' --dns 'dns_nsupdate' --dnssleep '50' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/67dde95bc59958.46853282' --certpath '/var/etc/acme-client/certs/67dde95bc59958.46853282/cert.pem' --keypath '/var/etc/acme-client/keys/67dde95bc59958.46853282/private.key' --capath '/var/etc/acme-client/certs/67dde95bc59958.46853282/chain.pem' --fullchainpath '/var/etc/acme-client/certs/67dde95bc59958.46853282/fullchain.pem' --domain '*.enviroxxxxx.com' --domain 'enviroxxxxx.com' --days '1' --force --keylength '2048' --accountconf '/var/etc/acme-client/accounts/67af8006eb6ec0.25792757_prod/account.conf''