Failure to find Australian new tld .au domains on wildcard

I am using pfsense and they have directed the problem to you.
"The place where that error is generated is in the upstream acme.sh code -- you'll need to report that to them, not us. It appears to be in the Azure update script but that isn't 100% certain. Nothing we can do there."

My domain is: theitforce.au

I ran this command: wildcard creation

It produced this output:
[Sat Oct 29 11:48:13 AEST 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sat Oct 29 11:48:13 AEST 2022] Multi domain='DNS:companyname.au,DNS:.theitforce.au'
[Sat Oct 29 11:48:13 AEST 2022] Getting domain auth token for each domain
[Sat Oct 29 11:48:18 AEST 2022] Getting webroot for domain='theitforce.au'
[Sat Oct 29 11:48:18 AEST 2022] Getting webroot for domain='
.theitforce.au'
[Sat Oct 29 11:48:18 AEST 2022] Adding txt value: 7VwrZvt3DSCbWLD37s9nHWwoWB864UBBtErl7XhU_Dw for domain: _acme-challenge.companyname.au
[Sat Oct 29 11:48:18 AEST 2022] You didn't ask to use Azure managed identity, checking service principal credentials
[Sat Oct 29 11:48:19 AEST 2022] Invalid domain
[Sat Oct 29 11:48:19 AEST 2022] invalid domain
[Sat Oct 29 11:48:19 AEST 2022] Error add txt for domain:_acme-challenge.theitforce.au
[Sat Oct 29 11:48:19 AEST 2022] Please check log file for more details: /tmp/acme/wild.theitforce.au-domain/acme_issuecert.log

My web server is (include version): pfsense v22.05

The operating system my web server runs on is (include version): FreeBSD 12.3

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): ACME v 0.7.3

This is not the primary support channel for acme.sh; that would be the GitHub issues page:

5 Likes

I also get:
*** dns.google can't find companyname.au: Non-existent domain
So, I''m not sure if that part is unrelated and just obfuscated.

As for the other domain, what does this file show?:

3 Likes

Sorry, I obfuscated for use with pfsense. The domain name is theitforce.au

.au is fairly new (it used to be just .com.au that was registerable) so it could be something using an outdated list of public tlds but the issue seems to be the DNS update step so you need to raise that with the ACME client you use.

3 Likes

Thank you Christopher. I have related the problem to ACME and Github who just told me to do acme.sh –update which cannot be done on a pfsense box.

Rgds

Rick

1 Like

Is there a newer version of pFsense ?
[assuming the ACME client comes with it]

3 Likes