BIND Api mit LetsEncrypt

Started by superwinni2, September 13, 2021, 01:20:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 13, 2021, 01:20:28 PM
Hallo zusammen


ich habe bei mir Let'sEncrypt mit einem Lokalem BIND DNS als Challenge am laufen.
Bisher hat es immer funktioniert. Nun leider nicht mehr.
BIND ist sauber von extern zu erreichen.
Mein eigentlich Plan ist, dass das Zertifikat mit *.domain.de ausgestellt wird. Aktuell ist jedoch nur domain.de aktiv.
Die Challenge soll nicht auf _acme-challenge.domain.de erfolgen sondern auf _acme-challenge.home.domain.de (unter dieser IP läuft der DNS Server)


Ich wenn ich aus den Logs richtig lese, dann kann der DNS Eintrag via API nicht hinzugefügt werden.


Hier mal meine Log:
Code Select
[Mon Sep 13 13:11:52 CEST 2021] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Mon Sep 13 13:11:52 CEST 2021] DOMAIN_PATH='/var/etc/acme-client/home/domain.de'
[Mon Sep 13 13:11:52 CEST 2021] Renew: 'domain.de'
[Mon Sep 13 13:11:52 CEST 2021] Le_API='https://acme-staging-v02.api.letsencrypt.org/directory'
[Mon Sep 13 13:11:52 CEST 2021] Using config home:/var/etc/acme-client/home
[Mon Sep 13 13:11:52 CEST 2021] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Mon Sep 13 13:11:52 CEST 2021] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Sep 13 13:11:52 CEST 2021] Retrying GET
[Mon Sep 13 13:11:52 CEST 2021] GET
[Mon Sep 13 13:11:52 CEST 2021] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Mon Sep 13 13:11:52 CEST 2021] timeout=
[Mon Sep 13 13:11:52 CEST 2021] displayError='1'
[Mon Sep 13 13:11:52 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Mon Sep 13 13:11:53 CEST 2021] ret='0'
[Mon Sep 13 13:11:53 CEST 2021] _hcode='0'
[Mon Sep 13 13:11:53 CEST 2021] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Mon Sep 13 13:11:53 CEST 2021] ACME_NEW_AUTHZ
[Mon Sep 13 13:11:53 CEST 2021] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Mon Sep 13 13:11:53 CEST 2021] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Mon Sep 13 13:11:53 CEST 2021] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon Sep 13 13:11:53 CEST 2021] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Mon Sep 13 13:11:53 CEST 2021] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Sep 13 13:11:53 CEST 2021] _main_domain='domain.de'
[Mon Sep 13 13:11:53 CEST 2021] _alt_domains='domain.de'
[Mon Sep 13 13:11:53 CEST 2021] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Sep 13 13:11:53 CEST 2021] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Sep 13 13:11:53 CEST 2021] Le_NextRenewTime
[Mon Sep 13 13:11:53 CEST 2021] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Sep 13 13:11:53 CEST 2021] _on_before_issue
[Mon Sep 13 13:11:53 CEST 2021] _chk_main_domain='domain.de'
[Mon Sep 13 13:11:53 CEST 2021] _chk_alt_domains='domain.de'
[Mon Sep 13 13:11:53 CEST 2021] Le_LocalAddress
[Mon Sep 13 13:11:53 CEST 2021] d='domain.de'
[Mon Sep 13 13:11:53 CEST 2021] Check for domain='domain.de'
[Mon Sep 13 13:11:53 CEST 2021] _currentRoot='dns_opnsense'
[Mon Sep 13 13:11:53 CEST 2021] d='domain.de'
[Mon Sep 13 13:11:53 CEST 2021] Check for domain='domain.de'
[Mon Sep 13 13:11:53 CEST 2021] _currentRoot='dns_opnsense'
[Mon Sep 13 13:11:53 CEST 2021] d
[Mon Sep 13 13:11:53 CEST 2021] _saved_account_key_hash is not changed, skip register account.
[Mon Sep 13 13:11:53 CEST 2021] Read key length:4096
[Mon Sep 13 13:11:53 CEST 2021] _createcsr
[Mon Sep 13 13:11:53 CEST 2021] Multi domain='DNS:domain.de,DNS:domain.de'
[Mon Sep 13 13:11:53 CEST 2021] Getting domain auth token for each domain
[Mon Sep 13 13:11:53 CEST 2021] d='domain.de'
[Mon Sep 13 13:11:53 CEST 2021] d
[Mon Sep 13 13:11:53 CEST 2021] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Mon Sep 13 13:11:53 CEST 2021] payload='{"identifiers": [{"type":"dns","value":"domain.de"},{"type":"dns","value":"domain.de"}]}'
[Mon Sep 13 13:11:53 CEST 2021] RSA key
[Mon Sep 13 13:11:55 CEST 2021] Retrying post
[Mon Sep 13 13:11:55 CEST 2021] HEAD
[Mon Sep 13 13:11:55 CEST 2021] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Sep 13 13:11:55 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  -I  '
[Mon Sep 13 13:11:56 CEST 2021] _ret='0'
[Mon Sep 13 13:11:56 CEST 2021] _hcode='0'
[Mon Sep 13 13:11:56 CEST 2021] Retrying post
[Mon Sep 13 13:11:56 CEST 2021] POST
[Mon Sep 13 13:11:56 CEST 2021] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Mon Sep 13 13:11:56 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Mon Sep 13 13:11:56 CEST 2021] _ret='0'
[Mon Sep 13 13:11:56 CEST 2021] _hcode='0'
[Mon Sep 13 13:11:56 CEST 2021] code='201'
[Mon Sep 13 13:11:56 CEST 2021] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/8541739/523858448'
[Mon Sep 13 13:11:56 CEST 2021] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/8541739/523858448'
[Mon Sep 13 13:11:56 CEST 2021] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/483058388'
[Mon Sep 13 13:11:56 CEST 2021] payload
[Mon Sep 13 13:11:57 CEST 2021] Retrying post
[Mon Sep 13 13:11:57 CEST 2021] POST
[Mon Sep 13 13:11:57 CEST 2021] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/483058388'
[Mon Sep 13 13:11:57 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Mon Sep 13 13:11:57 CEST 2021] _ret='0'
[Mon Sep 13 13:11:57 CEST 2021] _hcode='0'
[Mon Sep 13 13:11:57 CEST 2021] code='200'
[Mon Sep 13 13:11:57 CEST 2021] d='domain.de'
[Mon Sep 13 13:11:57 CEST 2021] Getting webroot for domain='domain.de'
[Mon Sep 13 13:11:57 CEST 2021] _w='dns_opnsense'
[Mon Sep 13 13:11:57 CEST 2021] _currentRoot='dns_opnsense'
[Mon Sep 13 13:11:57 CEST 2021] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/483058388/aWTs-A","token":"8jxbpWA6h5xBmveMs7Uh6r_vUlHbcy2MVo07LzI8ioE"'
[Mon Sep 13 13:11:57 CEST 2021] token='8jxbpWA6h5xBmveMs7Uh6r_vUlHbcy2MVo07LzI8ioE'
[Mon Sep 13 13:11:57 CEST 2021] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/483058388/aWTs-A'
[Mon Sep 13 13:11:57 CEST 2021] keyauthorization='8jxbpWA6h5xBmveMs7Uh6r_vUlHbcy2MVo07LzI8ioE.AH8IvW3zEUkdY5c0LEC6FsDQGyUfpf6twWlG2xaoDMg'
[Mon Sep 13 13:11:57 CEST 2021] dvlist='domain.de#8jxbpWA6h5xBmveMs7Uh6r_vUlHbcy2MVo07LzI8ioE.AH8IvW3zEUkdY5c0LEC6FsDQGyUfpf6twWlG2xaoDMg#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/483058388/aWTs-A#dns-01#dns_opnsense'
[Mon Sep 13 13:11:57 CEST 2021] d='domain.de'
[Mon Sep 13 13:11:57 CEST 2021] Getting webroot for domain='domain.de'
[Mon Sep 13 13:11:57 CEST 2021] _w='dns_opnsense'
[Mon Sep 13 13:11:57 CEST 2021] _currentRoot='dns_opnsense'
[Mon Sep 13 13:11:58 CEST 2021] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/483058388/aWTs-A","token":"8jxbpWA6h5xBmveMs7Uh6r_vUlHbcy2MVo07LzI8ioE"'
[Mon Sep 13 13:11:58 CEST 2021] token='8jxbpWA6h5xBmveMs7Uh6r_vUlHbcy2MVo07LzI8ioE'
[Mon Sep 13 13:11:58 CEST 2021] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/483058388/aWTs-A'
[Mon Sep 13 13:11:58 CEST 2021] keyauthorization='8jxbpWA6h5xBmveMs7Uh6r_vUlHbcy2MVo07LzI8ioE.AH8IvW3zEUkdY5c0LEC6FsDQGyUfpf6twWlG2xaoDMg'
[Mon Sep 13 13:11:58 CEST 2021] dvlist='domain.de#8jxbpWA6h5xBmveMs7Uh6r_vUlHbcy2MVo07LzI8ioE.AH8IvW3zEUkdY5c0LEC6FsDQGyUfpf6twWlG2xaoDMg#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/483058388/aWTs-A#dns-01#dns_opnsense'
[Mon Sep 13 13:11:58 CEST 2021] d
[Mon Sep 13 13:11:58 CEST 2021] vlist='domain.de#8jxbpWA6h5xBmveMs7Uh6r_vUlHbcy2MVo07LzI8ioE.AH8IvW3zEUkdY5c0LEC6FsDQGyUfpf6twWlG2xaoDMg#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/483058388/aWTs-A#dns-01#dns_opnsense,domain.de#8jxbpWA6h5xBmveMs7Uh6r_vUlHbcy2MVo07LzI8ioE.AH8IvW3zEUkdY5c0LEC6FsDQGyUfpf6twWlG2xaoDMg#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/483058388/aWTs-A#dns-01#dns_opnsense,'
[Mon Sep 13 13:11:58 CEST 2021] d='domain.de'
[Mon Sep 13 13:11:58 CEST 2021] _d_alias='=home.domain.de'
[Mon Sep 13 13:11:58 CEST 2021] txtdomain='home.domain.de'
[Mon Sep 13 13:11:58 CEST 2021] txt='DL2BLudZh4LUAuQdGnQeG5t0L9PQN1LfyfqtxhshpQs'
[Mon Sep 13 13:11:58 CEST 2021] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_opnsense.sh'
[Mon Sep 13 13:11:58 CEST 2021] Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_opnsense.sh
[Mon Sep 13 13:11:58 CEST 2021] Adding txt value: DL2BLudZh4LUAuQdGnQeG5t0L9PQN1LfyfqtxhshpQs for domain:  home.domain.de
[Mon Sep 13 13:11:58 CEST 2021] Retrying GET
[Mon Sep 13 13:11:58 CEST 2021] GET
[Mon Sep 13 13:11:58 CEST 2021] url='https://rV5jPL3dCT3E83%2fQeR%2bbMjSDLcEPkDoEAIKX6r5MLwiI5TFvLFoGUM2%2f5D4Uwmlf0MbKc6Vfh2Z2sUS9:aosAcQRuEsu0R6Utnk1cklzQYrgmqIPTpKihCtZaiqBvo8GqCeOZHIxgmslXCgzEAA6sgXvo%2b19QvaSN@127.0.0.1:443/api/bind/general/get'
[Mon Sep 13 13:11:58 CEST 2021] timeout=
[Mon Sep 13 13:11:58 CEST 2021] displayError='1'
[Mon Sep 13 13:11:58 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --insecure  '
[Mon Sep 13 13:11:58 CEST 2021] ret='0'
[Mon Sep 13 13:11:58 CEST 2021] _hcode='0'
[Mon Sep 13 13:11:58 CEST 2021] Adding record home.domain.de with challenge: DL2BLudZh4LUAuQdGnQeG5t0L9PQN1LfyfqtxhshpQs
[Mon Sep 13 13:11:58 CEST 2021] Detect root zone
[Mon Sep 13 13:11:58 CEST 2021] Retrying GET
[Mon Sep 13 13:11:58 CEST 2021] GET
[Mon Sep 13 13:11:58 CEST 2021] url='https://rV5jPL3dCT3E83%2fQeR%2bbMjSDLcEPkDoEAIKX6r5MLwiI5TFvLFoGUM2%2f5D4Uwmlf0MbKc6Vfh2Z2sUS9:aosAcQRuEsu0R6Utnk1cklzQYrgmqIPTpKihCtZaiqBvo8GqCeOZHIxgmslXCgzEAA6sgXvo%2b19QvaSN@127.0.0.1:443/api/bind/domain/get'
[Mon Sep 13 13:11:58 CEST 2021] timeout=
[Mon Sep 13 13:11:58 CEST 2021] displayError='1'
[Mon Sep 13 13:11:58 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --insecure  '
[Mon Sep 13 13:11:58 CEST 2021] ret='0'
[Mon Sep 13 13:11:58 CEST 2021] _hcode='0'
[Mon Sep 13 13:11:58 CEST 2021] h='domain.de'
[Mon Sep 13 13:11:58 CEST 2021] h='de'
[Mon Sep 13 13:11:58 CEST 2021] invalid domain
[Mon Sep 13 13:11:58 CEST 2021] Error add txt for domain:home.domain.de
[Mon Sep 13 13:11:58 CEST 2021] _on_issue_err
[Mon Sep 13 13:11:58 CEST 2021] Please check log file for more details: /var/log/acme.sh.log
[Mon Sep 13 13:11:58 CEST 2021] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/483058388/aWTs-A'
[Mon Sep 13 13:11:58 CEST 2021] payload='{}'
[Mon Sep 13 13:11:58 CEST 2021] Retrying post
[Mon Sep 13 13:11:58 CEST 2021] POST
[Mon Sep 13 13:11:58 CEST 2021] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/483058388/aWTs-A'
[Mon Sep 13 13:11:58 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Mon Sep 13 13:11:59 CEST 2021] _ret='0'
[Mon Sep 13 13:11:59 CEST 2021] _hcode='0'
[Mon Sep 13 13:11:59 CEST 2021] code='200'
[Mon Sep 13 13:11:59 CEST 2021] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/483058388/aWTs-A'
[Mon Sep 13 13:11:59 CEST 2021] payload='{}'
[Mon Sep 13 13:11:59 CEST 2021] Retrying post
[Mon Sep 13 13:11:59 CEST 2021] POST
[Mon Sep 13 13:11:59 CEST 2021] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/483058388/aWTs-A'
[Mon Sep 13 13:11:59 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L '
[Mon Sep 13 13:12:00 CEST 2021] _ret='0'
[Mon Sep 13 13:12:00 CEST 2021] _hcode='0'
[Mon Sep 13 13:12:00 CEST 2021] code='200'
[Mon Sep 13 13:12:00 CEST 2021] pid
[Mon Sep 13 13:12:00 CEST 2021] No need to restore nginx, skip.
[Mon Sep 13 13:12:00 CEST 2021] _clearupdns
[Mon Sep 13 13:12:00 CEST 2021] dns_entries
[Mon Sep 13 13:12:00 CEST 2021] skip dns.


Danke und Gruß
Proxmox VE
i3-4030U | 16 GB RAM | 512 GB SSD | 500 GB HDD
i3-2350M | 16 GB RAM | 120 GB SSD | 500 GB HDD

FW VMs:
2 Cores | 1 GB RAM | 20 GB SSD
September 16, 2021, 08:47:19 AM #1
Keine eine Idee?
Proxmox VE
i3-4030U | 16 GB RAM | 512 GB SSD | 500 GB HDD
i3-2350M | 16 GB RAM | 120 GB SSD | 500 GB HDD

FW VMs:
2 Cores | 1 GB RAM | 20 GB SSD
September 16, 2021, 08:16:15 PM #2
Ebenso bekomme ich den Fehler
Code Select
/usr/local/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseField.php:324: lastUpdate not an attribute of accounts.account.6591b98a-1e9e-489b-8a53-0d271a93de38
wenn ich auf "Reset Acme Client" klicke

Habe mal ein Issue im Github eröffnet.
https://github.com/opnsense/plugins/issues/2535
Proxmox VE
i3-4030U | 16 GB RAM | 512 GB SSD | 500 GB HDD
i3-2350M | 16 GB RAM | 120 GB SSD | 500 GB HDD

FW VMs:
2 Cores | 1 GB RAM | 20 GB SSD
Print
Go Up Pages1
User actions