Closed tugdualenligne closed 7 months ago
Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.
For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.
The easiest option to gain traction is to close this ticket and open a new one using one of our templates.
Describe the bug Can't obtain production certificate using DNS challenge through Gandi DNS provider but I can obtain Let's Encrypt staging certificates. Very strange issue. Any help appreciated
Expected behavior I expect to be able to request LE certificates from the Production CA and not only the Staging CA
Relevant log files 2024-03-02T18:57:52 opnsense AcmeClient: validation for certificate failed: oceanos.XXXX.fr 2024-03-02T18:57:52 opnsense AcmeClient: domain validation failed (dns01) 2024-03-02T18:57:52 opnsense /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php: AcmeClient: The shell command returned exit code '1': '/usr/local/sbin/acme.sh --issue --syslog 6 --log-level 1 --server 'letsencrypt' --dns 'dns_gandi_livedns' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/65da763b0ae855.58243047' --certpath '/var/etc/acme-client/certs/65da763b0ae855.58243047/cert.pem' --keypath '/var/etc/acme-client/keys/65da763b0ae855.58243047/private.key' --capath '/var/etc/acme-client/certs/65da763b0ae855.58243047/chain.pem' --fullchainpath '/var/etc/acme-client/certs/65da763b0ae855.58243047/fullchain.pem' --domain 'oceanos.XXXX.fr' --domain 'oceanos.XXXX.fr' --days '1' --force --ocsp --keylength '4096' --accountconf '/var/etc/acme-client/accounts/65da74b1412297.72803520_prod/account.conf'' 2024-03-02T18:57:47 opnsense AcmeClient: using challenge type: DNS-challenge 2024-03-02T18:57:47 opnsense AcmeClient: account is registered: ACME 2024-03-02T18:57:47 opnsense AcmeClient: using CA: letsencrypt 2024-03-02T18:57:47 opnsense AcmeClient: issue certificate: oceanos.XXXX.fr
And
2024-03-02T18:57:51 acme.sh [Sat Mar 2 18:57:51 CET 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh 2024-03-02T18:57:51 acme.sh [Sat Mar 2 18:57:51 CET 2024] Please add '--debug' or '--log' to check more details. 2024-03-02T18:57:51 acme.sh [Sat Mar 2 18:57:51 CET 2024] Error add txt for domain:_acme-challenge.oceanos.XXXX.fr 2024-03-02T18:57:50 acme.sh [Sat Mar 2 18:57:50 CET 2024] Adding txt value: SHslfCqq9nxoy4A_rKvmsJp4LF_anCWl0iluEB3jU_Y for domain: _acme-challenge.oceanos.XXXX.fr 2024-03-02T18:57:50 acme.sh [Sat Mar 2 18:57:50 CET 2024] Getting webroot for domain='oceanos.XXXX.fr' 2024-03-02T18:57:50 acme.sh [Sat Mar 2 18:57:50 CET 2024] Getting webroot for domain='oceanos.XXXX.fr' 2024-03-02T18:57:48 acme.sh [Sat Mar 2 18:57:48 CET 2024] Getting domain auth token for each domain 2024-03-02T18:57:48 acme.sh [Sat Mar 2 18:57:48 CET 2024] Multi domain='DNS:oceanos.XXXX.fr,DNS:oceanos.XXXX.fr' 2024-03-02T18:57:48 acme.sh [Sat Mar 2 18:57:48 CET 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
Environment OPNsense 24.1.2_1-amd64