Acme.sh fails with cloudflare and opnsense

m0rta · August 1, 2023, 2:59pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: joelmueller.ch

I ran this command:

2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] skip dns.
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] dns_entries
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] _clearupdns
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] No need to restore nginx, skip.
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] pid
 		#define WITH_MSGLEVEL 0 /*debug*/
 		#define WITH_RETRY 1
 		#define WITH_FILAN 1
 		#define WITH_SYCLS 1
 		#define WITH_LIBWRAP 1
 		#undef WITH_FIPS
 		#define WITH_OPENSSL 1
 		#define WITH_PTY 1
 		#undef WITH_TUN
 		#undef WITH_READLINE
 		#define WITH_EXEC 1
 		#define WITH_SYSTEM 1
 		#define WITH_PROXY 1
 		#undef WITH_VSOCK
 		#define WITH_SOCKS4A 1
 		#define WITH_SOCKS4 1
 		#define WITH_LISTEN 1
 		#define WITH_SCTP 1
 		#define WITH_UDP 1
 		#define WITH_TCP 1
 		#undef WITH_INTERFACE
 		#define WITH_GENERICSOCKET 1
 		#define WITH_RAWIP 1
 		#define WITH_IP6 1
 		#define WITH_IP4 1
 		#undef WITH_ABSTRACT_UNIXSOCKET
 		#define WITH_UNIX 1
 		#define WITH_PIPE 1
 		#define WITH_TERMIOS 1
 		#define WITH_GOPEN 1
 		#define WITH_CREAT 1
 		#define WITH_FILE 1
 		#define WITH_FDNUM 1
 		#define WITH_STDIO 1
 		features:
 		running on FreeBSD version FreeBSD 13.2-RELEASE-p1 stable/23.7-n254737-f223233eef4 SMP, release 13.2-RELEASE-p1, machine amd64
 		socat version 1.7.4.4 on Jul 28 2023 02:30:20
 		socat by Gerhard Rieger and contributors - see www.dest-unreach.org
 		socat:
 		nginx doesn't exist.
 		nginx:
 		apache doesn't exist.
 		apache:
 		OpenSSL 1.1.1t-freebsd 7 Feb 2023
 		openssl:openssl
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] Diagnosis versions:
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] code='200'
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] _ret='0'
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg'
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] POST
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] payload='{}'
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg'
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] code='200'
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] _ret='0'
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q'
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] POST
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] payload='{}'
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q'
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] Please add '--debug' or '--log' to check more details.
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] _on_issue_err
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] Error add txt for domain:_acme-challenge.xxx.ch
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] invalid domain
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] h
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] ret='0'
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] timeout=
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] url='https://api.cloudflare.com/client/v4/zones?name=ch&account.id=83f5c74cb3acc5ca609b3d2127439721'
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] GET
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] zones?name=ch&account.id=83f5c74cb3acc5ca609b3d2127439721
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] h='ch'
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] ret='0'
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] timeout=
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] url='https://api.cloudflare.com/client/v4/zones?name=xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721'
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] GET
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] zones?name=xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] h='xxx.ch'
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] ret='0'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] timeout=
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] url='https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] GET
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] zones?name=_acme-challenge.xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] h='_acme-challenge.xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] First detect the root zone
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] Adding txt value: vBGqNBwnBNPub-yg8pwc16AL0Sa3-kLgeOuU332S0p0 for domain: _acme-challenge.xxx.ch
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_cf.sh
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_cf.sh'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] txt='vBGqNBwnBNPub-yg8pwc16AL0Sa3-kLgeOuU332S0p0'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] txtdomain='_acme-challenge.xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _d_alias
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] d='xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] vlist='xxx.ch#ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q#dns-01#dns_cf,*.xxx.ch#W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg#dns-01#dns_cf,'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] d
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] dvlist='*.xxx.ch#W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg#dns-01#dns_cf'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] keyauthorization='W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] token='W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg","token":"W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI"'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _w='dns_cf'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] Getting webroot for domain='*.xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] d='*.xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] dvlist='xxx.ch#ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q#dns-01#dns_cf'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] keyauthorization='ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] token='ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q","token":"ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4"'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _w='dns_cf'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] Getting webroot for domain='xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] d='xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] code='200'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _ret='0'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615786'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] POST
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] payload
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615786'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] code='200'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] _ret='0'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615776'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] POST
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] payload
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615776'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/406092430/198736715916'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/406092430/198736715916'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] code='201'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] _ret='0'
2023-08-01T16:26:33	acme.sh	[Tue Aug 1 16:26:33 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:33	acme.sh	[Tue Aug 1 16:26:33 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
2023-08-01T16:26:33	acme.sh	[Tue Aug 1 16:26:33 CEST 2023] POST
2023-08-01T16:26:33	acme.sh	[Tue Aug 1 16:26:33 CEST 2023] _ret='0'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g -I '
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] HEAD
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] RSA key
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] payload='{"identifiers": [{"type":"dns","value":"xxx.ch"},{"type":"dns","value":"*.xxx.ch"}]}'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] d
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] d='*.xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Getting domain auth token for each domain
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Multi domain='DNS:xxx.ch,DNS:*.xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _createcsr
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Read key length:ec-384
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _saved_account_key_hash is not changed, skip register account.
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] d
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Check for domain='*.xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] d='*.xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Check for domain='xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] d='xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Le_LocalAddress
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _chk_alt_domains='*.xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _chk_main_domain='xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _on_before_issue
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_AUTHZ
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ret='0'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] timeout=
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] GET
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Le_NextRenewTime
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] DOMAIN_PATH='/var/etc/acme-client/home/xxx.ch_ecc'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Using config home:/var/etc/acme-client/home
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _alt_domains='*.xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _main_domain='xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Running cmd: issue
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Using server: https://acme-v02.api.letsencrypt.org/directory

2023-08-01T16:26:38	opnsense	AcmeClient: validation for certificate failed: xxx.ch
2023-08-01T16:26:38	opnsense	AcmeClient: domain validation failed (dns01)
2023-08-01T16:26:32	opnsense	AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --syslog 7 --debug --server 'letsencrypt' --dns 'dns_cf' --dnssleep '120' --home '/var/etc/acme-client/home' --certpath '/var/etc/acme-client/certs/621d15ce2aa0d1.02076547/cert.pem' --keypath '/var/etc/acme-client/keys/621d15ce2aa0d1.02076547/private.key' --capath '/var/etc/acme-client/certs/621d15ce2aa0d1.02076547/chain.pem' --fullchainpath '/var/etc/acme-client/certs/621d15ce2aa0d1.02076547/fullchain.pem' --domain 'xxx.ch' --domain '*.xxx.ch' --days '1' --force --ocsp --keylength 'ec-384' --accountconf '/var/etc/acme-client/accounts/6207d3f1b10373.66815486_prod/account.conf'
2023-08-01T16:26:32	opnsense	AcmeClient: using challenge type: Cloudflare
2023-08-01T16:26:32	opnsense	AcmeClient: account is registered: xxx
2023-08-01T16:26:32	opnsense	AcmeClient: using CA: letsencrypt
2023-08-01T16:26:32	opnsense	AcmeClient: issue certificate:xxx.ch
2023-08-01T16:26:32	opnsense	AcmeClient: certificate must be issued/renewed:xx.ch
2023-08-01T16:26:27	opnsense	AcmeClient: ignoring revocation request for certificate xx.ch (not issued yet)

It produced this output:

My web server is (include version): haproxy

The operating system my web server runs on is (include version): freebsd 13.7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

m0rta · August 1, 2023, 4:03pm

It's working. I deleted the API token an regenerated a new one.

Bruce5051 · August 1, 2023, 4:31pm

Hello @m0rta, welcome to the Let's Encrypt community.

You have an issue with IPv6 "Unable to connect to the server".
https://www.ssllabs.com/ssltest/analyze.html?d=joelmueller.ch

system · August 31, 2023, 4:31pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unsuccessful DNS-01 Challenge in OPNsense Using ClouDNS Help	2	2186	October 20, 2020
Some challenges have failed Help	2	601	May 17, 2023
Issue failure after successful _acme-challenge Help	8	756	June 25, 2022
Pfsense ACME Cloudflare Help	3	97	October 3, 2024
Acme.sh will not issue, says I am using verson 1 when I am using version 2 Help	6	1250	April 7, 2020

Acme.sh fails with cloudflare and opnsense

Related topics