acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.33k stars 4.97k forks source link

ACME Client - ACME DNS API not using the configured challenge type #3994

Open DutchForeigner opened 2 years ago

DutchForeigner commented 2 years ago

When issuing a (new) cert, the configured settings of the 'ACME DNS API' challenge type are not being used. Instead, it always is using the endpoint 'https://auth.acme-dns.io/update'

I'm using a local ACME-DNS client which is running as a stack in Docker, running with DNS on port 10053(TCP+UDP), update on port 10043.

I have acme.sh fully working (v3.0.4) as a standalone install on a separate raspberry pi, and wanted to migrate to the ACME client plugin on OPNsense, but I keep getting this error.

The System log shows:

The Acme log shows this entry:

OPNsense/ACME Client Settings:

Neilpang commented 2 years ago

please upgrade to the latest version first and try again and show me the full log.

DutchForeigner commented 2 years ago

Hi,

I've upgraded to the latest version of acme.sh (its now v3.0.3 , not v3.0.4 as I mistakenly mentioned in previous post) I've also tried rebooting the system, unfortunately the issue is still there, each time I try to renew the cert from the UI. My wild guess is that the 4 DNSAPI variables (below) are not coming over, but that's just a wild guess...

Latest acme client log is also attached: latest.log

Upgraded acme.sh using below steps: logged in as root: acme.sh --upgrade This installed the latest version into /root/.acme.sh chmod a+w /usr/local/sbin/acme.sh cp /root/.acme.sh/acme.sh /usr/local/sbin/ chmod a-w /usr/local/sbin/acme.sh cp -f /root/.acme.sh/dnsapi/ /usr/local/share/examples/acme.sh/dnsapi/ cp -f /root/.acme.sh/deploy/ /usr/local/share/examples/acme.sh/deploy/ cp -f /root/.acme.sh/notify/* /usr/local/share/examples/acme.sh/notify/ acme.sh --version -> now shows v3.0.3

DutchForeigner commented 2 years ago

Note: I'm now looking at no longer using this plugin in OPNsense and migrate to running acme.sh on a docker image, as I also need the oauthtools package due to 2FA on my Synology NAS boxes.