Cert Creation Falure Using Acme on pfSense and Cloudflare

Help
1

I tried to create a renewable SSL certificate in Cloudflare for the maltercorplabs.com domain in Cloudflare and it failed. The output is below. I'm not sure where to begin to debug this.

Here is my configuration for my Cloudflare API Key:

Create Custom Token
Token name
Give your API token a descriptive name.
pfSense Certificate For Maltercorplabs
Permissions
Select edit or read permissions to apply to your accounts or websites for this token.
Resources
Zone
Permissions
SSL and Certificates
Edit

Add more
Zone Resources
Select zones to include or exclude.
Include
Specific zone
maltercorplabs.com

Add more
Client IP Address Filtering
Select IP addresses or ranges of IP addresses to filter. This filter limits the client IP addresses that can use the API token with Cloudflare. By default, this token will apply to all addresses.
Operator
Value
Is in
10.2.0.0/16

Add more
TTL
Define how long this token will stay active.
2022-07-22
Press the down arrow key to interact with the calendar and select a date. Press the question mark key to get the keyboard shortcuts for changing dates.
Jul 22, 2022
2026-12-31
Press the down arrow key to interact with the calendar and select a date. Press the question mark key to get the keyboard shortcuts for changing dates.
Dec 31, 2026

My domain is: maltercorplabs.com

I ran this command: Used Acme in pfSense

It produced this output:

[Mon Jul 25 02:54:11 MST 2022] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory 
[Mon Jul 25 02:54:11 MST 2022] Multi domain='DNS:*.maltercorplabs.com,DNS:maltercorplabs.com' 
[Mon Jul 25 02:54:11 MST 2022] Getting domain auth token for each domain 
[Mon Jul 25 02:54:14 MST 2022] Getting webroot for domain='*.maltercorplabs.com' 
[Mon Jul 25 02:54:14 MST 2022] Getting webroot for domain='maltercorplabs.com' 
[Mon Jul 25 02:54:14 MST 2022] Adding txt value: CXtoS7ZKpIM3_vmNZGLFxBSvcE0Fn7Pw1O5SWEOM_Jc for domain:  _acme-challenge.maltercorplabs.com 
[Mon Jul 25 02:54:16 MST 2022] invalid domain 
[Mon Jul 25 02:54:16 MST 2022] Error add txt for domain:_acme-challenge.maltercorplabs.com 
[Mon Jul 25 02:54:16 MST 2022] Please check log file for more details: /tmp/acme/wildcard-maltercorplabs-com/acme_issuecert.log

My hosting provider, if applicable, is: Cloudflare

I can login to a root shell on my machine (yes or no, or I don't know): don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes Cloudflare.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): pfSense

2

A couple of the log messages mention .maltercorplabs.com with a . at the start, is that just something they add in the logs or is your domain configured with a prefixed .?

The log also implies that it things there are multiple domains (one prefixed with .), did you perhaps mean to add www.maltercorplabs.com?

2 Likes
3

Usually a wildcard name is stated as *.maltercorplabs.com.

Also, what was in this log file?

3 Likes
4

the period at the start of .maltercorplabs.com is added by the wizard. I am trying for a wildcard cert.

5

So here is my problem. I am so new to pfSense that I cannot find log files. Do you know where the default place is?

6

I'm sorry, but this is not the pfSense support Community. This kind of information you should be able to search for and find by yourself.

Edit: (Also, the log file is literally shown in the output you've posted above.)

4 Likes
7

Screenshot_2022-07-25_09-43-23
Screenshot_2022-07-25_09-43-23144×517 20.8 KB

Hope this helps!

6 Likes
8

Thanks! I'm so new to this. I really appreciate your patience.

3 Likes
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.