Messages

Bumping once again....

Looking for ANYONE with experience setting up ACME with CloudFlare, c'mon y'all... share you experience and knowledge with a follow opnsenser

Bumping this thread...

I cannot seem to be able to be able to get the ACME script Lets Encrypt DNS-01 method to work. 

Code Select Expand

2023-08-10T00:00:02-05:00 acme.sh [Thu Aug 10 00:00:02 CDT 2023] Error add txt for domain:_acme-challenge.mydomain.com
2023-08-10T00:00:02-05:00 acme.sh [Thu Aug 10 00:00:02 CDT 2023] invalid domain
2023-08-10T00:00:01-05:00 acme.sh [Thu Aug 10 00:00:01 CDT 2023] Adding txt value: 5Kp3S8Hg-------------------------h8cVZ_3CU0 for domain: _acme-challenge.mydomain.com
2023-08-10T00:00:01-05:00 acme.sh [Thu Aug 10 00:00:01 CDT 2023] Getting webroot for domain='*.mydomain.com'
2023-08-10T00:00:00-05:00 acme.sh [Thu Aug 10 00:00:00 CDT 2023] Getting domain auth token for each domain
2023-08-10T00:00:00-05:00 acme.sh [Thu Aug 10 00:00:00 CDT 2023] Single domain='*.mydomain.com'
2023-08-10T00:00:00-05:00 acme.sh [Thu Aug 10 00:00:00 CDT 2023] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory

I don't know if I have entered my cloudflare credentials in the correct slots in the OPNSENSE config

I have mapped the credentials in my Cloudflaraccount as outlined in the attached image

I would like to know if I am mapping the credentials correctly.  Also there is a line in the ACME logs

Code Select Expand

2023-08-10T00:00:02-05:00 acme.sh [Thu Aug 10 00:00:02 CDT 2023] Please add '--debug' or '--log' to check more details.

How do I add this to get more detailed logs?

So after a week seeing NO logging of ddclient,. I uninstalled the service plugin and the configured hosts then reinstalled and re-setup the plugin and host.

What services are you subscribing to?

I ended up deleting all interfaces and assignments and started adding them back one at a time

I have not had any help on a similar issue using ddclient with DYNU dns https://forum.opnsense.org/index.php?topic=34871.0

Is there anyone who can assist with answering my questions?  I have scoured log files when the ddclient starts to perform dyn dns processing by validating whether the IP needs to be updated. 

I still cannot determine our what command is being used to verify whether the target update DNS host to be updated because it looks to me this is where the breakdown occurs.  If I can determine this step it will let me investigate where is it getting a stale answer to the current dns entry IP and allow be to attempt to correct it

Bumping this...
Can anyone point to where I can determine where the ddclient agent is querying the domain hosts to verify what needs to be updated and how I can either delete what is being cached or redirect the NS it is pointing to?

I am on my third DNS provider trying to find a provider that will work with both the new ddclient and also the new ACME client.
I am now working to get Dynu DNS after I was able to get NameCheap DYN DNS working but then found that NameCheap requires a history and more domains hosted than I need to enable my access to the API for use with ACME client.

I have an issue with DYNU setup in OPNSENSE as follows:
debug ddclient log:

Code Select Expand

2023-07-15T10:02:58-05:00 Notice ddclient[32333] 92754 - [meta sequenceId="7"] SUCCESS: wg.mydomain.com: skipped: IPv4 address was already set to 66.69.---.---.
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 90378 - [meta sequenceId="6"] SUCCESS: synology.mydomain.com: skipped: IPv4 address was already set to 66.69.---.---.
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 89244 - [meta sequenceId="5"] SUCCESS: plex.mydomain.com: skipped: IPv4 address was already set to 66.69.---.---.
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 87399 - [meta sequenceId="4"] SUCCESS: ha.mydomain.com: skipped: IPv4 address was already set to 66.69.---.---.
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 85050 - [meta sequenceId="3"] SUCCESS: fw.mydomain.com: skipped: IPv4 address was already set to 66.69.---.---.
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 83060 - [meta sequenceId="2"] SUCCESS: dc.mydomain.com: skipped: IPv4 address was already set to 66.69.---.---.
2023-07-15T10:02:58-05:00 Notice ddclient[32333] 80525 - [meta sequenceId="1"] WARNING: 'if-skip' is deprecated and does nothing for IPv4

I dont know where OPENSENSE is finding that the IP it needs to update is already set.  All the DNS records that I have created at the other providers were changed to other IP addresses before I then deletes said accounts.
I also made sure the TTL for these records were set to 10 minutes then they were created while testing.
I have waited now 24 hours and it will is producing the same IP is already set message.

I have the ddclient logging set to debug but I am missing where the process is querying these A hosts for the current IP address.

Can anyone assist me to troubleshoot this?

So I confirmed for namecheap.com (free dns service):

username = the domain zone name on namecheap (ex host ip to update is firewall.mydomain.com, use mydomain.com)
password: your namecheap dynamic dns password

so if you are trying to update the host host.mydomain.com and the namecheap login id is ncusername

would this be the correct user name to be used in the ddlient web interface?:

ncusername@mydomain.com

I too am needed this.  I am looking for a DNS provider that will work with BOTH the new ddclient and ALSO ACME DNS-01 challenges...
Does anyone know of a good provider that will support both that is not one of the giants (dynsdns, AWS, etc.)

Did you ever get this figured out? I am having a similar issue