acme certificate renewal seemingly ignoring " Automation Timeout"

[9axqe]

It's been two nights in a row that certificate renewal fails for the same reason: "domain validation failed (dns01)"

I have "Automation Timeout" set to 20min (1200), yet the failure happens 40s after starting the certification renewal. cronjob is set for 00:00:00 and at 00:00:41 I get the failure.

I also see in the acme logs "timeout=" with nothing behind it, as if timeout was not set.

This used to work, I have not changed the config in a while, hence I suspect something broke in a more recent version of acme.sh or opnsense.

I'm running opnsense 25.1.3.

Wondering if anyone else has this issue and if they found a solution.

[meyergru]

AFAIK, that timeout is only if the renewal automation does not end successfully after a certain time, because until then, acme.sh asks repeatedly for the new certificate. Your situation seems to be different in that the first neccessary connection to either the CA or your verification method does not succeed, so this is more likely a TCP timeout of some sort.

P.S.: 00:00:00 is a very bad renewal time for obvious reasons. This might have caused the issue in the first place.