Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - skydiver

#1
23.1 Legacy Series / Re: ACME LetsEncrypt + Cloudflare
August 18, 2023, 03:32:23 AM
Bumping once again....
#2
23.1 Legacy Series / Re: ACME LetsEncrypt + Cloudflare
August 15, 2023, 05:32:23 PM
Looking for ANYONE with experience setting up ACME with CloudFlare, c'mon y'all... share you experience and knowledge with a follow opnsenser
#3
23.1 Legacy Series / Re: ACME LetsEncrypt + Cloudflare
August 11, 2023, 08:39:39 PM
Bumping this thread...
#4
23.1 Legacy Series / ACME LetsEncrypt + Cloudflare
August 11, 2023, 01:58:09 AM
I cannot seem to be able to be able to get the ACME script Lets Encrypt DNS-01 method to work. 
2023-08-10T00:00:02-05:00 acme.sh [Thu Aug 10 00:00:02 CDT 2023] Error add txt for domain:_acme-challenge.mydomain.com
2023-08-10T00:00:02-05:00 acme.sh [Thu Aug 10 00:00:02 CDT 2023] invalid domain
2023-08-10T00:00:01-05:00 acme.sh [Thu Aug 10 00:00:01 CDT 2023] Adding txt value: 5Kp3S8Hg-------------------------h8cVZ_3CU0 for domain: _acme-challenge.mydomain.com
2023-08-10T00:00:01-05:00 acme.sh [Thu Aug 10 00:00:01 CDT 2023] Getting webroot for domain='*.mydomain.com'
2023-08-10T00:00:00-05:00 acme.sh [Thu Aug 10 00:00:00 CDT 2023] Getting domain auth token for each domain
2023-08-10T00:00:00-05:00 acme.sh [Thu Aug 10 00:00:00 CDT 2023] Single domain='*.mydomain.com'
2023-08-10T00:00:00-05:00 acme.sh [Thu Aug 10 00:00:00 CDT 2023] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory


I don't know if I have entered my cloudflare credentials in the correct slots in the OPNSENSE config

I have mapped the credentials in my Cloudflaraccount as outlined in the attached image

I would like to know if I am mapping the credentials correctly.  Also there is a line in the ACME logs
2023-08-10T00:00:02-05:00 acme.sh [Thu Aug 10 00:00:02 CDT 2023] Please add '--debug' or '--log' to check more details.

How do I add this to get more detailed logs?
#5
23.1 Legacy Series / Re: ddclient and Dynu DNS
July 25, 2023, 09:39:21 PM
So after a week seeing NO logging of ddclient,. I uninstalled the service plugin and the configured hosts then reinstalled and re-setup the plugin and host.

#6
23.1 Legacy Series / Re: ddclient and Dynu DNS
July 25, 2023, 08:57:11 PM
What services are you subscribing to?
#7
I ended up deleting all interfaces and assignments and started adding them back one at a time
#8
I have not had any help on a similar issue using ddclient with DYNU dns https://forum.opnsense.org/index.php?topic=34871.0
#9
23.1 Legacy Series / Re: ddclient and Dynu DNS
July 18, 2023, 04:35:43 PM
Is there anyone who can assist with answering my questions?  I have scoured log files when the ddclient starts to perform dyn dns processing by validating whether the IP needs to be updated. 

I still cannot determine our what command is being used to verify whether the target update DNS host to be updated because it looks to me this is where the breakdown occurs.  If I can determine this step it will let me investigate where is it getting a stale answer to the current dns entry IP and allow be to attempt to correct it
#10
23.1 Legacy Series / Re: ddclient and Dynu DNS
July 17, 2023, 06:33:43 PM
Bumping this...
Can anyone point to where I can determine where the ddclient agent is querying the domain hosts to verify what needs to be updated and how I can either delete what is being cached or redirect the NS it is pointing to?
#11
23.1 Legacy Series / ddclient and Dynu DNS
July 15, 2023, 05:17:34 PM
I am on my third DNS provider trying to find a provider that will work with both the new ddclient and also the new ACME client.
I am now working to get Dynu DNS after I was able to get NameCheap DYN DNS working but then found that NameCheap requires a history and more domains hosted than I need to enable my access to the API for use with ACME client.

I have an issue with DYNU setup in OPNSENSE as follows:
debug ddclient log:
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 92754 - [meta sequenceId="7"] SUCCESS: wg.mydomain.com: skipped: IPv4 address was already set to 66.69.---.---.
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 90378 - [meta sequenceId="6"] SUCCESS: synology.mydomain.com: skipped: IPv4 address was already set to 66.69.---.---.
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 89244 - [meta sequenceId="5"] SUCCESS: plex.mydomain.com: skipped: IPv4 address was already set to 66.69.---.---.
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 87399 - [meta sequenceId="4"] SUCCESS: ha.mydomain.com: skipped: IPv4 address was already set to 66.69.---.---.
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 85050 - [meta sequenceId="3"] SUCCESS: fw.mydomain.com: skipped: IPv4 address was already set to 66.69.---.---.
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 83060 - [meta sequenceId="2"] SUCCESS: dc.mydomain.com: skipped: IPv4 address was already set to 66.69.---.---.
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 80525 - [meta sequenceId="1"] WARNING: 'if-skip' is deprecated and does nothing for IPv4


I dont know where OPENSENSE is finding that the IP it needs to update is already set.  All the DNS records that I have created at the other providers were changed to other IP addresses before I then deletes said accounts.
I also made sure the TTL for these records were set to 10 minutes then they were created while testing.
I have waited now 24 hours and it will is producing the same IP is already set message.

I have the ddclient logging set to debug but I am missing where the process is querying these A hosts for the current IP address.

Can anyone assist me to troubleshoot this?
#12
So I confirmed for namecheap.com (free dns service):

username = the domain zone name on namecheap (ex host ip to update is firewall.mydomain.com, use mydomain.com)
password: your namecheap dynamic dns password
#13
so if you are trying to update the host host.mydomain.com and the namecheap login id is ncusername

would this be the correct user name to be used in the ddlient web interface?:

ncusername@mydomain.com
#14
23.1 Legacy Series / Re: ddclient
July 13, 2023, 04:06:47 PM
I too am needed this.  I am looking for a DNS provider that will work with BOTH the new ddclient and ALSO ACME DNS-01 challenges...
Does anyone know of a good provider that will support both that is not one of the giants (dynsdns, AWS, etc.)
#15
Did you ever get this figured out? I am having a similar issue