Topics

1

20.1 Legacy Series / Help setting up Lets Encrypt plugin

« on: June 10, 2020, 06:12:39 pm »

I've been trying to consolidate some services onto my router, but am running into some issues that I can't seem to find the right solutions online for.  Running OPNsense 20.1.7-amd64
, FreeBSD 11.2-RELEASE-p20-HBSD. 

I have a Google Domain, let's call it "Domain1.com" that I am trying to setup to enable me to access some of my homelab services externally.  It just seems that using Google as my domain registrar and DNS provider are proving to be an issue.

I'm trying to setup:

• Lets Encrypt SSL
• NGINX as my reverse-proxy

What I have setup already:

• Lets Encrypt ACME Plugin Installed
• NGINX Plugin Installed
• Several web services hosted via docker
• Dynamic DNS as test.domain1.com
• CNAME for dockersite1.test.domain1.com and dockersite2.test.domain1.com
• TXT for _acme-challenge.dockersite1 and _acme-challenge.dockersite2
• @ CAA "0 issue "letsencrypt.org"

I have Let's Encrypt all setup, when when I try to create any certificate for dockersite1 and dockersite2, it keeps showing up as "Pending" under "issue/renewal date" and "Validation failed" under "Last ACME Status".  The two lines in the log file that jump out at me are:

• _dns_gcloud_find_zone: Can't find a matching managed zone! Perhaps wrong project or gcloud credentials?
• Error add txt for domain:_acme-challenge.dockersite1.domain1.com

I'm certain that the Google API service account is correctly setup.