I would test using your token instead of the email and global key in staging before you move to production.
I keep both production and staging accounts configured in my pfSense devices to make it easy to switch between them when needed.
4 Likes
API Token worked great 1st Issue/Renew in Test. I think I can move it over to Prod now. I can't thank you enfugh for you time and help today.
Thank you,
mrvmlab
3 Likes
I am glad to hear that everything is working. Have fun in the VM Lab. 
4 Likes
When i try to move the KEY to the PROD it fails. Should I be using the same Account Keys with in the ACME KEYS for both Test and Prod?
main error that stands out to me is :
[Fri Apr 5 07:41:11 CDT 2024] Removed: Success
OOPS I re ran it and it's working now.
2 Likes
I use the same account key in pfSense for both production and staging. It looks like you do, too, now. 
3 Likes
Yes, I have the certificate working and my SSL is working when logging onto firewall with the proper URL.
1 Like
Do you use HAProxy with ACME?
I do not use HAproxy in production, but that is no reason not to ask your question.
3 Likes
I set up Acme to work with HAProxy and it does not work. I am pointing HAProxy to the right Acme Cert but maybe the wrong DNS server as I use Quad9 at first and locly for my root DNS. I am trying to change that DNS within HAproxy to Cloudflare. Yet, when I change from 9.9.9.9 to 1.1.1. for the DNS server in HAProxy.Settings and save changes>apply change I get this set of errors and can't apply changes.
Errors found while starting haproxy
[NOTICE] (2497) : haproxy version is 2.8.3-86e043a
[NOTICE] (2497) : path to executable is /usr/local/sbin/haproxy
[ALERT] (2497) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:28] : 'mailer Cloudflare' : missing port specification in '1.1.1.1:'
[ALERT] (2497) : config : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg
[ALERT] (2497) : config : Fatal errors found in configuration.
I have re-started HAProxy and with the same errors I have also rebooted the pfSense box without any luck.
Note: HAProxy:
haproxy | net | 0.63_2
|
- | - | - |
Thank you,mrvmlab
1 Like
You might be better off asking about that over at the official Netgate pfSense forums. This sub-forum looks like an appropriate starting point.
3 Likes
Once more thank you and I was able tom get it fixed as far as teh DNS Server set. still not working. Have a great day and thank you for the link too.
Have a great,
mrvmlab
3 Likes
Quick question does ACME CERT using Cloudflare and the DNS zone I set up need t be read or edit?
Thank you., Mrvmman
1 Like
I don't follow the question. Can you rephrase it more verbosely?
2 Likes
Hi,
Within the DNS settings on Cloudflare I created an API Token for with privileges only to the myvmlab.net zone. Under create custom API token to generate the API key used within the ACME Cert itself under cloudflare. Does that DNS Zone need to let the API Token have edit or read access? ( if you recall we changes from account api and email to API Token last night as one of the final steps )
hope this helps
Thank you,
2 Likes
I would think that using "read [only]" would stop the process from adding a TXT [and then deleting it].
But I suppose you can test that out.
3 Likes
That was what I was thinking.
Thank you,
1 Like
What @rg305 said. Your token will need edit permissions to be able to create and delete TXT records. This page covers key concepts.
3 Likes
I see where in cloudflare .txt files from ACME were written to the DNS record. As well as a post from another member here stating that edit permissions is a requirement.
Thank you for everything,
mrvmlab
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.