os-acme-client | GoDaddy - domain validation failed (dns01)

[SilentGlasses]

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

• [x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• [x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• [x] The title contains the plugin to which this issue belongs

Describe the bug

Starting after a recent update not sure which one, my certs are no longer getting re-issued.

Interestingly, I created a wildcard cert and that seems to work just fine.

I did not revert as I am not comfortable with it, and am not even sure what version this broke up but it seems to have been for a good little while now. Sorry.

To Reproduce Steps to reproduce the behavior:

1. Go to Services
2. Click on ACME Client > Certificates
3. Switch to Certificates
4. Last ACME Status > validation vailed

Expected behavior My certs should get updated

Screenshots If applicable, add screenshots to help explain your problem.

Relevant log files

/usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php: 
  AcmeClient: The shell command returned exit code '1': '/usr/local/sbin/acme.sh 
  --issue 
  --syslog 9 
  --debug 3 
  --server 'letsencrypt' 
  --dns 'dns_gd' 
  --dnssleep '300' 
  --home '/var/etc/acme-client/home' 
  --cert-home '/var/etc/acme-client/cert-home/<redacted>.<redacted>' 
  --certpath '/var/etc/acme-client/certs/<redacted>.<redacted>/cert.pem' 
  --keypath '/var/etc/acme-client/keys/<redacted>.<redacted>/private.key' 
  --capath '/var/etc/acme-client/certs/<redacted>.<redacted>/chain.pem' 
  --fullchainpath '/var/etc/acme-client/certs/<redacted>.<redacted>/fullchain.pem' 
  --domain 'gw.<redacted>.com' 
  --days '1' 
  --keylength '4096' 
  --accountconf '/var/etc/acme-client/accounts/<redacted>.<redacted>_prod/account.conf''

AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh 
  --issue 
  --syslog 9 
  --debug 3 
  --server 'letsencrypt' 
  --dns 'dns_gd' 
  --dnssleep '300' 
  --home '/var/etc/acme-client/home' 
  --cert-home '/var/etc/acme-client/cert-home/<redacted>.<redacted>' 
  --certpath '/var/etc/acme-client/certs/<redacted>.<redacted>/cert.pem' 
  --keypath '/var/etc/acme-client/keys/<redacted>.<redacted>/private.key' 
  --capath '/var/etc/acme-client/certs/<redacted>.<redacted>/chain.pem' 
  --fullchainpath '/var/etc/acme-client/certs/<redacted>.<redacted>/fullchain.pem' 
  --domain 'gw.<redacted>.com' 
  --days '1' 
  --keylength '4096' 
  --accountconf '/var/etc/acme-client/accounts/<redacted>.<redacted>_prod/account.conf'

AcmeClient: validation for certificate failed: <redacted>.com
AcmeClient: domain validation failed (dns01)

Also found this in my stem logs, but I don't use the root user for anything on my host

configd.py  action acmeclient.configtest not found for user root 

Additional context I have tried to re-issue as well as delete and recreate the cert that failed. I am using GoDaddy and I ensured the txt entry is there as outlined in the instructions.

Environment Software version used and hardware type if relevant.

OPNsense 24.1.8-amd64 FreeBSD 13.2-RELEASE-p11 OpenSSL 3.0.13 Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz (6 cores, 6 threads)

[Monviech]

Godaddy changed their API: https://www.reddit.com/r/selfhosted/comments/1cnipp3/warning_godaddy_silently_cut_access_to_their_dns/

Better change to a new DNS Provider.

[SilentGlasses]

Thanks for the information.