Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Acme DNS-01 challenge validation fails
« previous
next »
Print
Pages: [
1
]
Author
Topic: Acme DNS-01 challenge validation fails (Read 1885 times)
nqtuanqtuan
Newbie
Posts: 3
Karma: 0
Acme DNS-01 challenge validation fails
«
on:
December 18, 2021, 09:30:27 am »
Hi folks,
Got a weird issue when renewing LE cert with Acme client 3.4 on OPNsense 21.7.6
I have configured 3 certs as following, all using DNS-01 challenge with CloudFlare API:
wildcard.example.com (EC-384, SAN *.example.com, example.com)
wildcard.example.com (RSA-2048, SAN *.example.com, example.com)
adfs.example.com (RSA-2048, SAN adfs.example.com, certauth.adfs.example.com)
All three certs have been renewed at least once previously, before 21.7.6 upgrade. When that upgrade hit, I had some issue with Acme 3.5 and reverted to 3.4
Today, when I rolled out the new NAS, I want to test out the automation as the cert renewed (I already manually ran automation successfully and this issue is not related). When I pressed renew cert, only the first wildcard worked.
Both the second wildcard cert, and the adfs cert had this log, where Acme could create the TXT record for _acme-challenge successfully the first time. But then, it tried the second time which failed, and concluded the validation failed.
The DNS-01 configuration already had the timeout of 120 seconds - I believe this is the default.
Has anyone encountered the same issue?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Acme DNS-01 challenge validation fails