github-actions[bot]
commented
1 year ago Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.
Bootz4ME
DuckDNS won't consistently renew without changing settings
Using 0.74 but this happened 60 days ago on the previous version as well. I'm using DuckDNS as the Domain registrar. My issue is that it won't renew without me continually adjusting the settings.
EDIT: I'm using this with pfsense 2.6
How to reproduce:
First setup the certificate filling in name, description, status=active, Acme Account="your account", private key=2048-bit RSA
Under "Domain SAN list", then under "Table", click "Add". Mode=Enabled, Domainname="custom.duckdns.org", Method=DNS-DuckDNS. Next, API Token: "paste API token from DuckDNS", Enable DNS alias mode="custom.duckdns.org", Enable DNSdomain alias mode=checkbox yes.
ISSUE NUMBER 1
When you paste the DuckDNS API Token, Acme Certificates only works IF you include 4 spaces at the front. Example: " 233z2e1f-4e97-579f-b9a8-4635a57dbf74". This is important information because it affects the registration and renewal.
Actions list, table. Click add. Mode=enabled, Command="/usr/local/etc/rc.d/haproxy.sh restart", Method=Shell Command.
At the bottom click save.
ISSUE NUMBER 2
If you hit renew/issue it does nothing at all. Just spins and maybe stops. To fix this issue go back to the DuckDNS API Token and remove the spaces at the front.
Click save. Click renew/issue. It appears to do nothing but this is important. Don't skip this.
Now go back into the same spot and re-add the spaces to the DuckDNS API Token. Click save. Click renew/issue. Now you should get a different error and a green wall of text. This is good.
The error at the bottom of the green text wall:
Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3 Errors happened during adding the TXT record, response= Error add txt for domain:custom.duckdns.org"https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3".
After the green wall of text and the error above. Change nothing. Click renew/issue again. Voila! Now you have a certificate.
Debug log
Been googling for 30 minutes on how to do this on pfsense. No idea how. I will provide the log when or if I figure this out.
UPDATE For others who want to DEBUG acme certificates using PFSENSE here is what I had to do.
/usr/local/pkg/acme/acme.sh --issue --domain 'custom.duckdns.org' --domain-alias 'custom.duckdns.org' --dns 'dns_duckdns' --home '/tmp/acme/custom.duckdns.org/' --accountconf '/tmp/acme/custom.duckdns.org/accountconf.conf' --force --reloadCmd '/tmp/acme/custom.duckdns.org/reloadcmd.sh' --log-level 3 --log '/tmp/acme/custom.duckdns.org/acme_issuecert.log'
/usr/local/pkg/acme/acme.sh --issue --domain 'custom.duckdns.org' --domain-alias 'custom.duckdns.org' --dns 'dns_duckdns' --home '/tmp/acme/custom.duckdns.org/' --accountconf '/tmp/acme/custom.duckdns.org/accountconf.conf' --force --reloadCmd '/tmp/acme/custom.duckdns.org/reloadcmd.sh' --log-level 3 --log '/tmp/acme/custom.duckdns.org/acme_issuecert.log' --debug 2
When you run this it will produce a wall of text. Copy that into a notepad and save it. Voila! You have the debug log.