Let's Encrypt certificates for Servers

tre4bax · July 15, 2024, 12:39:37 PM

I have a number of certificates from Let's encrypt. One wildcard for the whole domain, and 3 individual ones.

Recently one of the services using these broke, and it turns out that the renewal process failed. This process though only failed on the 3 individual services, the wildcard renewed quite happily.

When I did in I find that the _acme-challenge TXT record fails to add to my Goddady DNS for the domain.

(See the attached image file that I could not figure out how to embed ;-) )

This only seems to happen when it tries to create a record with a _acme-challenge.XXX format (where XXX is the name of the server that needs the certificate). The wildcard happily creates as it has no .XXX on the end.

Is this an issue with the setup of the DNS? or something weird in the opnsense ACME Client? I have tried looking at the TXT it tries to add to get the value and then manually creating a key to match, but this fails too, probably because the client tries to add a new value to the same key and that fails.

Any ideas how I can get this to work again?

Monviech (Cedrik) · July 15, 2024, 01:09:58 PM

https://github.com/opnsense/plugins/issues/4041

tre4bax · July 15, 2024, 03:12:56 PM

Ta Monviech

Let's Encrypt certificates for Servers

tre4bax

July 15, 2024, 12:39:37 PM Last Edit: July 15, 2024, 12:43:04 PM by tre4bax

Monviech (Cedrik)

July 15, 2024, 01:09:58 PM #1

tre4bax

July 15, 2024, 03:12:56 PM #2