thank you.
i been looking for something about acme.
but nothing much has shown
thank you.
i been looking for something about acme.
but nothing much has shown
the configuration is different from the config i provided.
#revoke a cert
docker run --rm -it
-v “(pwd)/out":/acme.sh \
--net=host \
neilpang/acme.sh --revoke -d example.com
#use dns mode
docker run --rm -it \
-v "(pwd)/out”:/acme.sh
neilpang/acme.sh --issue --dns -d example.com
#run cron job
docker run --rm -it
-v “$(pwd)/out”:/acme.sh
–net=host
neilpang/acme.sh --cron
I would cerate a new dedicated docker container.
Then try installing it as one would normally (while inside that container):
curl https://get.acme.sh | sh
I’m not familiar with pfSense+LetsEncrypt.
I do see that
nslookup -q=txt _acme-challenge.marcuse.net.au
returns two records.
You might need to increase the DNS Sleep time.
is the information correct though ?
the sleep is default at 120 seconds.
what should i put it as ?
Two TXT records were created:
_acme-challenge.marcuse.net.au text =
"Gzre2aQLTX4CidlRFvWsilb1jK6G9splF26foY-Vq2Q"
_acme-challenge.marcuse.net.au text =
"0_1xlLBWYTGweLjpfOYUbu9EWv7UJ8dp3vBY9CFViu4"
Hi,
Could you please double check if you've binded to a correct IP / server?
Since the hostname is not available from public, we are not sure what's going on in your server....
And do you mind to share us output of the following command?
openssl s_client -connect pfsense.ad.marcuse.net.au:443 -showcerts
Thank you
where do i check. sorry?
Try DNS Sleep 300 (5 minutes)
Use nslookup (from any other computer) to confirm when it updates:
nslookup -q=txt _acme-challenge.marcuse.net.au hank.ns.cloudflare.com
or
nslookup -q=txt _acme-challenge.marcuse.net.au tia.ns.cloudflare.com
Although it’s not working properly, a good news is that the error message is different (from mismatch to CA not valid)
@rg305 did he get the certificate issued? (He actually should check nslookup -q=txt _acme-challenge.ad.marcuse.net.au hank.ns.cloudflare.com
right?)
where do i enter that command ?
I don’t think he has been able to get a (good) cert yet.
He needs multiple wildcard entries on one cert.
You need to enter that to your CMD (command line prompt) or shell in the device that you see the error.
From a device that has access to pfsense.ad.marcuse.net.au:443
And that also has openssl (most Linux based system have it)
Certificate chain
0 s:/CN=*.marcuse.net.au
i:/CN=Fake LE Intermediate X1
-----BEGIN CERTIFICATE-----
cert
-----END CERTIFICATE-----
1 s:/CN=Fake LE Intermediate X1
i:/CN=Fake LE Root X1
-----BEGIN CERTIFICATE-----
cert
DONE
Hi,
Two things:
Yes.
P.S. Please do not expose your Lets Encrypt Account Key. IT'S EXTREMELY DANGEROUS!
Thank you