pfSense - Dynamic DuckDNS - ACME - Let’s Encrypt Certificate - Question

pfSense - Dynamic DuckDNS - ACME - Let’s Encrypt Certificate - Question:

In pfSense I’m trying to add my first ACME certificate using my Dynamic DuckDNS domain. I am getting the following error. Please let me know what I need to do to fix this, and I appreciate the help?

Thanks,
Jeremy

[Sat Nov 21 16:02:46 CST 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sat Nov 21 16:02:46 CST 2020] Single domain=‘homecert.duckdns.org
[Sat Nov 21 16:02:46 CST 2020] Getting domain auth token for each domain
[Sat Nov 21 16:02:48 CST 2020] Getting webroot for domain=‘homecert.duckdns.org
[Sat Nov 21 16:02:48 CST 2020] Adding txt value:

image

for domain: _acme-challenge.homecert.duckdns.org
[Sat Nov 21 16:02:48 CST 2020] Trying to add TXT record
[: : bad number
[: : bad number
[Sat Nov 21 16:02:48 CST 2020] Errors happened during adding the TXT record, response=KO
[Sat Nov 21 16:02:48 CST 2020] Error add txt for domain:_acme-challenge.homecert.duckdns.org
[Sat Nov 21 16:02:48 CST 2020] Please check log file for more details: /tmp/acme/HomeCert/acme_issuecert.log

Based on the logs it is not able to create the DNS txt records entries at Duck DNS. I have never used their system so not sure if they have DNS calls with Let’s Encrypt implemented properly.

Thank’s for the quick reply, I appreciate it. I will try my luck with another DDNS service. Also, thanks for the great instructional videos, keep them comming.

2 Likes

This resolved my issue (same as your output)

  • use Domain Alias in the configuration
    – services -> acme_certificates-> edit -> Domain SAN list-> expand ->
    Enable DNS domain alias mode: check the box
    Enable DNS alias mode: add <yourdomain>.duckdns.org were <yourdomain> is your DuckDNS name
  • Save
  • Renew cert
Common Name: yourdomain.duckdns.org I think you can even use a wildcard
DNS Alias Mode: Domain Alias Mode
Domain Alias: yourdomain.duckdns.org

Same issue here. Looks like a new version of Acme on Pfsense is to blame.

Sadly, @jvinette fix is not woking for me. Same exact errors.