Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
ACME plugin: can't obtain production certificate using DNS challenge
« previous
next »
Print
Pages: [
1
]
Author
Topic: ACME plugin: can't obtain production certificate using DNS challenge (Read 1213 times)
Tugdualenligne
Newbie
Posts: 13
Karma: 0
ACME plugin: can't obtain production certificate using DNS challenge
«
on:
March 03, 2024, 12:16:37 pm »
but I can obtain Let's Encrypt staging certificates.
Very strange issue. Any help appreciated
Here's my error logs:
2024-03-02T18:57:52 opnsense AcmeClient: validation for certificate failed: oceanos.XXXX.fr
2024-03-02T18:57:52 opnsense AcmeClient: domain validation failed (dns01)
2024-03-02T18:57:52 opnsense /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php: AcmeClient: The shell command returned exit code '1': '/usr/local/sbin/acme.sh --issue --syslog 6 --log-level 1 --server 'letsencrypt' --dns 'dns_gandi_livedns' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/65da763b0ae855.58243047' --certpath '/var/etc/acme-client/certs/65da763b0ae855.58243047/cert.pem' --keypath '/var/etc/acme-client/keys/65da763b0ae855.58243047/private.key' --capath '/var/etc/acme-client/certs/65da763b0ae855.58243047/chain.pem' --fullchainpath '/var/etc/acme-client/certs/65da763b0ae855.58243047/fullchain.pem' --domain 'oceanos.XXXX.fr' --domain 'oceanos.XXXX.fr' --days '1' --force --ocsp --keylength '4096' --accountconf '/var/etc/acme-client/accounts/65da74b1412297.72803520_prod/account.conf''
2024-03-02T18:57:47 opnsense AcmeClient: using challenge type: DNS-challenge
2024-03-02T18:57:47 opnsense AcmeClient: account is registered: ACME
2024-03-02T18:57:47 opnsense AcmeClient: using CA: letsencrypt
2024-03-02T18:57:47 opnsense AcmeClient: issue certificate: oceanos.XXXX.fr
And
2024-03-02T18:57:51 acme.sh [Sat Mar 2 18:57:51 CET 2024] See:
https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2024-03-02T18:57:51 acme.sh [Sat Mar 2 18:57:51 CET 2024] Please add '--debug' or '--log' to check more details.
2024-03-02T18:57:51 acme.sh [Sat Mar 2 18:57:51 CET 2024] Error add txt for domain:_acme-challenge.oceanos.XXXX.fr
2024-03-02T18:57:50 acme.sh [Sat Mar 2 18:57:50 CET 2024] Adding txt value: SHslfCqq9nxoy4A_rKvmsJp4LF_anCWl0iluEB3jU_Y for domain: _acme-challenge.oceanos.XXXX.fr
2024-03-02T18:57:50 acme.sh [Sat Mar 2 18:57:50 CET 2024] Getting webroot for domain='oceanos.XXXX.fr'
2024-03-02T18:57:50 acme.sh [Sat Mar 2 18:57:50 CET 2024] Getting webroot for domain='oceanos.XXXX.fr'
2024-03-02T18:57:48 acme.sh [Sat Mar 2 18:57:48 CET 2024] Getting domain auth token for each domain
2024-03-02T18:57:48 acme.sh [Sat Mar 2 18:57:48 CET 2024] Multi domain='DNS:oceanos.XXXX.fr,DNS:oceanos.XXXX.fr'
2024-03-02T18:57:48 acme.sh [Sat Mar 2 18:57:48 CET 2024] Using CA:
https://acme-v02.api.letsencrypt.org/directory
Issue logged here
https://github.com/opnsense/plugins/issues/3844
«
Last Edit: March 03, 2024, 01:14:38 pm by Tugdualenligne
»
Logged
ryp43
Newbie
Posts: 27
Karma: 0
Re: ACME plugin: can't obtain production certificate using DNS challenge
«
Reply #1 on:
June 05, 2024, 01:45:11 pm »
I'm having the same issue
AcmeClient: validation for certificate failed: XXX.XXX.XXX
2024-06-05T14:42:54 opnsense AcmeClient: domain validation failed (dns01)
2024-06-05T14:42:54 opnsense /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php: AcmeClient: The shell command returned exit code '2': '/usr/local/sbin/acme.sh --renew --syslog 6 --log-level 1 --server 'letsencrypt' --dns 'dns_cf' --dnssleep '120' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/6244690401b582.96545326' --certpath '/var/etc/acme-client/certs/6244690401b582.96545326/cert.pem' --keypath '/var/etc/acme-client/keys/6244690401b582.96545326/private.key' --capath '/var/etc/acme-client/certs/6244690401b582.96545326/chain.pem' --fullchainpath '/var/etc/acme-client/certs/6244690401b582.96545326/fullchain.pem' --domain 'XXX.XXX.XXX' --days '1' --keylength '4096' --accountconf '/var/etc/acme-client/accounts/624465c1ebd1a0.95366960_prod/account.conf''
2024-06-05T14:42:53 opnsense AcmeClient: using challenge type: Cloudflare DNS Validation
2024-06-05T14:42:53 opnsense AcmeClient: account is registered: YYY WEB GUI Cert Accoiunt
2024-06-05T14:42:53 opnsense AcmeClient: using CA: letsencrypt
Logged
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1610
Karma: 176
Re: ACME plugin: can't obtain production certificate using DNS challenge
«
Reply #2 on:
June 05, 2024, 01:53:37 pm »
Cloudflare:
https://forum.opnsense.org/index.php?topic=39669.msg200187#msg200187
Logged
Hardware:
DEC740
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
ACME plugin: can't obtain production certificate using DNS challenge