Acme DNS-01 challenge validation fails

Started by nqtuanqtuan, December 18, 2021, 09:30:27 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 18, 2021, 09:30:27 AM
Hi folks,

Got a weird issue when renewing LE cert with Acme client 3.4 on OPNsense 21.7.6

I have configured 3 certs as following, all using DNS-01 challenge with CloudFlare API:

    wildcard.example.com (EC-384, SAN *.example.com, example.com)

    wildcard.example.com (RSA-2048, SAN *.example.com, example.com)

    adfs.example.com (RSA-2048, SAN adfs.example.com, certauth.adfs.example.com)

All three certs have been renewed at least once previously, before 21.7.6 upgrade. When that upgrade hit, I had some issue with Acme 3.5 and reverted to 3.4

Today, when I rolled out the new NAS, I want to test out the automation as the cert renewed (I already manually ran automation successfully and this issue is not related). When I pressed renew cert, only the first wildcard worked.

Both the second wildcard cert, and the adfs cert had this log, where Acme could create the TXT record for _acme-challenge successfully the first time. But then, it tried the second time which failed, and concluded the validation failed.

The DNS-01 configuration already had the timeout of 120 seconds - I believe this is the default.

Has anyone encountered the same issue?
Print
Go Up Pages1
User actions