Pfsense + acme plugin + route53 (dynamic dns) fails

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
I verified Dynamic DNS with AWS works properly with the same user credentials. I followed steps here-

For Lets Encrypt+ AWS + pfsense, I followed -

I have added my HOSTED-ZONE-ID in the JSON script

It produced this output:
Please see attached image -


My web server is (include version):
DNS Verification

The operating system my web server runs on is (include version):
2.4.4-RELEASE-p1 (amd64)
built on Mon Nov 26 11:40:26 EST 2018
FreeBSD 11.2-RELEASE-p4

My hosting provider, if applicable, is:
AWS Route53

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Please see images

Appreciate your help and pointers.


Hi @condensnap

what’s the error message?

Your domain looks ok ( ), perhaps switch to http-01 validation and open your port 80.

Your nameserver is Google:
1 Like

Hi @JuergenAuer,

Many thanks for your pointer - it gave me the clue needed to solve the problem! The issue was that I had bought the domain through Google Domains, but I was trying to set up dynamic DNS+Letsencrypt for this domain through AWS. I’m not sure domain ownership works, this apparently is not correct. Obviously, if this method worked, people would be able to set up dynamic DNS for any random domains they did not own! :grin:

So I bought another domain through AWS and setup dynamic DNS+Letsencrypt both on AWS and repeated the process and it worked!

Any idea why I can’t use the domain purchased on Google Domain with dynamic+Letsencrypt on AWS? Should I set up a some kind of backpointer from Google Domain to AWS for AWS to be able to host a dynamic DNS domain? Is this what I need to do? -

I don’t want to transfer the domain from Google Domains to AWS.

Thanks again.

What do you want to do exactly?

If you want to use Dynamic DNS, Google domains also have support (if your device have the right protocol.)

I'm not exactly sure what you mean by AWS dynamic DNS though.... Maybe you are trying to do ANAME?(Pointing a cname record to root domain) or trying to Dynamically update DNS records when your PfSense IP changes?

Thank you

If you have a domain, you have two things:

  • dns management domain names -> ip addresses and other stuff (CAA, TXT)
  • webspace management

So if Google Domains is your dns manager and you want to use dns-01 validation, you have to use Google Domains.

If you want to use http-01 validation, your webspace is relevant.


What's your validation method you want to use?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.