Error: 'xxx' is not a issued domain,skip


#1

Hi,
I’m getting the following error when trying to renew certificate on Pfsense firewall through the Acme plugin
‘mydomain’ is not a issued domain, skip.


#2

Hi @infrastructure,

Please complete the questions that were part of the “Help” category new issue template:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

Hi,

My domain is:

Hreuk.com

I ran this command:

Renew certificate through Acme Certificate plugin on pfsense

It produced this output:

×

guest-wifi.hreuk.com

Renewing certificate

account: Guest-nework

server: letsencrypt-production

/usr/local/pkg/acme/acme.sh --renew -d ‘guest-wifi.hreuk.com’ --yes-I-know-dns-manual-mode-enough-go-ahead-please --dns --home ‘/tmp/acme/guest-wifi.hreuk.com/’ --accountconf ‘/tmp/acme/guest-wifi.hreuk.com/accountconf.conf’ --force --reloadCmd ‘/tmp/acme/guest-wifi.hreuk.com/reloadcmd.sh’ --log-level 3 --log ‘/tmp/acme/guest-wifi.hreuk.com/acme_issuecert.log’

Array

(

[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/

[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/

)

[Thu Sep 13 14:41:35 BST 2018] Renew: ‘guest-wifi.hreuk.com

[Thu Sep 13 14:41:35 BST 2018] ‘guest-wifi.hreuk.com’ is not a issued domain, skip.

My web server is (include version):

PFSense varsion 2.4.3


#4

Thanks for that information @Infrastructure,

This is an error message coming from acme.sh (which I gather the PFSense plugin must be using for its ACME client).

Unfortunately I’m not familiar enough with either project to suggest what the root cause is. Based on the error alone it sounds like perhaps the client doesn’t believe it originally issued a certificate for that domain and so it can’t renew it. Is there a way you could start the process over from scratch as if it were a new certificate and not a renewal?

If nobody else in the forum has suggestions I would recommend you open an issue with the PFSense maintainers to ask what you should do.

Thanks!


#5

Hi @Infrastructure

this domain name has the ip address

nslookup guest-wifi.hreuk.com.
Name: guest-wifi.hreuk.com
Address: 10.1.2.1

But 10.1.2.1 is a private ip address, not public. It isn’t possible to connect this server.

Perhaps you want to use dns-01 - challenge, then you can create a certificate. But I don’t know if the Acme Certificate plugin supports that.


#6

Thank you for your response, that makes sense, we will look at resolving this internally.