Cert Creation Falure Using Acme on pfSense and Cloudflare

mikemalter · July 25, 2022, 10:19am

I tried to create a renewable SSL certificate in Cloudflare for the maltercorplabs.com domain in Cloudflare and it failed. The output is below. I'm not sure where to begin to debug this.

Here is my configuration for my Cloudflare API Key:

Create Custom Token
Token name
Give your API token a descriptive name.
pfSense Certificate For Maltercorplabs
Permissions
Select edit or read permissions to apply to your accounts or websites for this token.
Resources
Zone
Permissions
SSL and Certificates
Edit

Add more
Zone Resources
Select zones to include or exclude.
Include
Specific zone
maltercorplabs.com

Add more
Client IP Address Filtering
Select IP addresses or ranges of IP addresses to filter. This filter limits the client IP addresses that can use the API token with Cloudflare. By default, this token will apply to all addresses.
Operator
Value
Is in
10.2.0.0/16

Add more
TTL
Define how long this token will stay active.
2022-07-22
Press the down arrow key to interact with the calendar and select a date. Press the question mark key to get the keyboard shortcuts for changing dates.
Jul 22, 2022
2026-12-31
Press the down arrow key to interact with the calendar and select a date. Press the question mark key to get the keyboard shortcuts for changing dates.
Dec 31, 2026

My domain is: maltercorplabs.com

I ran this command: Used Acme in pfSense

It produced this output:

[Mon Jul 25 02:54:11 MST 2022] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory 
[Mon Jul 25 02:54:11 MST 2022] Multi domain='DNS:*.maltercorplabs.com,DNS:maltercorplabs.com' 
[Mon Jul 25 02:54:11 MST 2022] Getting domain auth token for each domain 
[Mon Jul 25 02:54:14 MST 2022] Getting webroot for domain='*.maltercorplabs.com' 
[Mon Jul 25 02:54:14 MST 2022] Getting webroot for domain='maltercorplabs.com' 
[Mon Jul 25 02:54:14 MST 2022] Adding txt value: CXtoS7ZKpIM3_vmNZGLFxBSvcE0Fn7Pw1O5SWEOM_Jc for domain:  _acme-challenge.maltercorplabs.com 
[Mon Jul 25 02:54:16 MST 2022] invalid domain 
[Mon Jul 25 02:54:16 MST 2022] Error add txt for domain:_acme-challenge.maltercorplabs.com 
[Mon Jul 25 02:54:16 MST 2022] Please check log file for more details: /tmp/acme/wildcard-maltercorplabs-com/acme_issuecert.log

My hosting provider, if applicable, is: Cloudflare

I can login to a root shell on my machine (yes or no, or I don't know): don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes Cloudflare.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): pfSense

webprofusion · July 25, 2022, 10:36am

A couple of the log messages mention .maltercorplabs.com with a . at the start, is that just something they add in the logs or is your domain configured with a prefixed .?

The log also implies that it things there are multiple domains (one prefixed with .), did you perhaps mean to add www.maltercorplabs.com?

MikeMcQ · July 25, 2022, 2:11pm

Usually a wildcard name is stated as *.maltercorplabs.com.

Also, what was in this log file?

mikemalter · July 25, 2022, 3:42pm

the period at the start of .maltercorplabs.com is added by the wizard. I am trying for a wildcard cert.

mikemalter · July 25, 2022, 3:43pm

So here is my problem. I am so new to pfSense that I cannot find log files. Do you know where the default place is?

Osiris · July 25, 2022, 3:45pm

I'm sorry, but this is not the pfSense support Community. This kind of information you should be able to search for and find by yourself.

Edit: (Also, the log file is literally shown in the output you've posted above.)

Rip · July 25, 2022, 4:44pm

Hope this helps!

mikemalter · July 26, 2022, 5:12pm

Thanks! I'm so new to this. I really appreciate your patience.

system · August 25, 2022, 5:13pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.