In pfSense I’m trying to add my first ACME certificate using my Dynamic DuckDNS domain. I am getting the following error. Please let me know what I need to do to fix this, and I appreciate the help?
Thanks,
Jeremy
[Sat Nov 21 16:02:46 CST 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sat Nov 21 16:02:46 CST 2020] Single domain=‘homecert.duckdns.org’
[Sat Nov 21 16:02:46 CST 2020] Getting domain auth token for each domain
[Sat Nov 21 16:02:48 CST 2020] Getting webroot for domain=‘homecert.duckdns.org’
[Sat Nov 21 16:02:48 CST 2020] Adding txt value:
for domain: _acme-challenge.homecert.duckdns.org
[Sat Nov 21 16:02:48 CST 2020] Trying to add TXT record [: : bad number [: : bad number [Sat Nov 21 16:02:48 CST 2020] Errors happened during adding the TXT record, response=KO [Sat Nov 21 16:02:48 CST 2020] Error add txt for domain:_acme-challenge.homecert.duckdns.org [Sat Nov 21 16:02:48 CST 2020] Please check log file for more details: /tmp/acme/HomeCert/acme_issuecert.log
Based on the logs it is not able to create the DNS txt records entries at Duck DNS. I have never used their system so not sure if they have DNS calls with Let’s Encrypt implemented properly.
Thank’s for the quick reply, I appreciate it. I will try my luck with another DDNS service. Also, thanks for the great instructional videos, keep them comming.
use Domain Alias in the configuration
– services → acme_certificates-> edit → Domain SAN list-> expand →
Enable DNS domain alias mode: check the box
Enable DNS alias mode: add <yourdomain>.duckdns.org were <yourdomain> is your DuckDNS name
Save
Renew cert
Common Name: yourdomain.duckdns.org I think you can even use a wildcard
DNS Alias Mode: Domain Alias Mode
Domain Alias: yourdomain.duckdns.org
@jvinette has the fix that works. Here’s a screenshot for reference of what he’s talking about under the Domain SAN list. Hopefully, this will help someone else.
