Open sk0rabu opened 3 months ago
Currently the OPNsense repo ships with 3.0.7_1 version of acme.sh, which seems to not work well with DNS-01 challenge with namesilo domains.
OPNsense already includes the required file:
root@opnsense:~ # pkg list acme.sh-3.0.7_1 | grep namesilo
/usr/local/share/examples/acme.sh/dnsapi/dns_namesilo.sh
The reasons why it's not found by Acme Client are probably manual modifications to acme.sh on this OPNsense installation. Maybe by running acme.sh manually with incompatible/insufficient parameters...
I tried this solution to update the dns api hooks to no avail. But if I instead run the updated /root/.acme.sh/acme.sh itself with the above arguments, it correctly calls the API and automates the DNS challenge.
This is not recommended and unsupported. If you manually upgrade acme.sh you risk to permanently break Acme Client.
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
Currently the OPNsense repo ships with
3.0.7_1
version ofacme.sh
, which seems to not work well with DNS-01 challenge with namesilo domains.I tried to add a domain to the web UI and issue a new cert (in turn, a DNS challenge would have to be done), but would always run into such errors in logs:
Errors from syslog:
The full command for issuing the cert (and starting a DNS challenge) is:
Manually running which in shell would start the manual DNS challenge.
I think for some reason the included
acme.sh
pkg in repo may be missing the dns api hook. I tried this solution to update the dns api hooks to no avail. But if I instead run the updated/root/.acme.sh/acme.sh
itself with the above arguments, it correctly calls the API and automates the DNS challenge.Would be great if you can take a look. Thanks