Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:bicsa.cu
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):pfsense latest version and acme package latest vertion
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): i’, using web config pfsense
bicsa
Renewing certificate
account: bicsa.cu
server: letsencrypt-staging-2
/usr/local/pkg/acme/acme.sh --issue -d ‘bicsa.cu’ --dns ‘dns_nsupdate’ -d ‘enlinea.bicsa.cu’ --dns ‘dns_nsupdate’ --home ‘/tmp/acme/bicsa/’ --accountconf ‘/tmp/acme/bicsa/accountconf.conf’ --force --reloadCmd ‘/tmp/acme/bicsa/reloadcmd.sh’ --ocsp-must-staple --log-level 3 --log ‘/tmp/acme/bicsa/acme_issuecert.log’
Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[NSUPDATE_SERVER] => /tmp/acme/bicsa/bicsa.cunsupdate
[NSUPDATE_KEYNAME] => _acme-challenge.enlinea.bicsa.cu.
[NSUPDATE_KEYALGO] => 157
[NSUPDATE_KEY] => /tmp/acme/bicsa/bicsa.cunsupdate
)
[Tue Jan 15 10:00:56 CST 2019] Registering account
[Tue Jan 15 10:00:57 CST 2019] Already registered
[Tue Jan 15 10:00:57 CST 2019] ACCOUNT_THUMBPRINT=‘AESyrvfputt7O_lv0G_zZdlmpgSIey1gvQPZHA7Q-TA’
[Tue Jan 15 10:00:57 CST 2019] Multi domain=‘DNS:bicsa.cu,DNS:enlinea.bicsa.cu’
[Tue Jan 15 10:00:57 CST 2019] Getting domain auth token for each domain
[Tue Jan 15 10:00:59 CST 2019] Getting webroot for domain=‘bicsa.cu’
[Tue Jan 15 10:01:00 CST 2019] Getting webroot for domain=‘enlinea.bicsa.cu’
[Tue Jan 15 10:01:00 CST 2019] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_nsupdate.sh
[Tue Jan 15 10:01:00 CST 2019] adding _acme-challenge.bicsa.cu. 60 in txt “sZms3kSk51yfbgbozF7IH0sDjlZtqIa1lgXaK1yo1eg”
[Tue Jan 15 10:01:00 CST 2019] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_nsupdate.sh
[Tue Jan 15 10:01:00 CST 2019] adding _acme-challenge.enlinea.bicsa.cu. 60 in txt “Kf3DE1oCpTOdyoMjW9Y_76vfgLzqfsfhpLBf758UCsU”
[Tue Jan 15 10:01:00 CST 2019] Sleep 120 seconds for the txt records to take effect
[Tue Jan 15 10:03:00 CST 2019] Verifying:bicsa.cu
[Tue Jan 15 10:03:05 CST 2019] Found domain http api file: /usr/local/pkg/acme/dnsapi/dns_nsupdate.sh
[Tue Jan 15 10:03:05 CST 2019] Removing DNS records.
[Tue Jan 15 10:03:05 CST 2019] bicsa.cu:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.bicsa.cu
[Tue Jan 15 10:03:05 CST 2019] key /tmp/acme/bicsa/bicsa.cunsupdate.key is unreadable
[Tue Jan 15 10:03:05 CST 2019] Error rm webroot api for domain:dns_nsupdate
[Tue Jan 15 10:03:05 CST 2019] key /tmp/acme/bicsa/bicsa.cunsupdate.key is unreadable
[Tue Jan 15 10:03:05 CST 2019] Error removing txt for domain:_acme-challenge.bicsa.cu
[Tue Jan 15 10:03:05 CST 2019] key /tmp/acme/bicsa/bicsa.cunsupdate.key is unreadable
[Tue Jan 15 10:03:05 CST 2019] Error removing txt for domain:_acme-challenge.enlinea.bicsa.cu
[Tue Jan 15 10:03:05 CST 2019] Please check log file for more details: /tmp/acme/bicsa/acme_issuecert.log
i had made a post on pfsense communiti forums here: https://forum.netgate.com/topic/139484/acme-and-bind-dns-server-on-pfsense-in-the-same-server/10
with some captures of my config…