# Pfsense+ACME+route53

Hi,
I’m running ACME on pfsense and when I try renewing the cert I get the below error. I searched through the log file but only find the same error posted below. Any idea what the issue maybe or what we can check.

fw1ACME
Renewing certificate
account: my-server-account
server: letsencrypt-production

/usr/local/pkg/acme/acme.sh --issue -d ‘my.server.com’ --dns ‘dns_aws’ --home ‘/tmp/acme/fw1ACME/’ --accountconf ‘/tmp/acme/fw1ACME/accountconf.conf’ --force --reloadCmd ‘/tmp/acme/fw1ACME/reloadcmd.sh’ --log-level 3 --log ‘/tmp/acme/fw1ACME/acme_issuecert.log’

Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[AWS_ACCESS_KEY_ID] => xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[AWS_SECRET_ACCESS_KEY] => xxxxxxxxxxxxxxxxxxxxxxxxxxxx
)
[Wed Oct 23 19:23:21 UTC 2019] Single domain=‘my.server.com
[Wed Oct 23 19:23:21 UTC 2019] Getting domain auth token for each domain
[Wed Oct 23 19:23:21 UTC 2019] Getting webroot for domain=‘my.server.com
[Wed Oct 23 19:23:21 UTC 2019] Getting new-authz for domain=‘my.server.com
[Wed Oct 23 19:23:21 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:24 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:26 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:28 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:30 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:33 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:35 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:37 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:40 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:42 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:44 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:47 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:49 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:51 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:54 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:56 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:23:58 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:24:00 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:24:03 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:24:05 UTC 2019] Could not get nonce, let’s try again.
[Wed Oct 23 19:24:07 UTC 2019] The new-authz request is ok.
[Wed Oct 23 19:24:07 UTC 2019] Error, can not get domain token entry my.server.com
[Wed Oct 23 19:24:07 UTC 2019] Please check log file for more details: /tmp/acme/fw1ACME/acme_issuecert.log

1 Like

what's the version you use?

Update it.

2 Likes
``````VER=2.8.1

PROJECT_NAME="acme.sh"

PROJECT_ENTRY="acme.sh"

PROJECT="https://github.com/Neilpang/\$PROJECT_NAME"

DEFAULT_INSTALL_HOME="\$HOME/.\$PROJECT_NAME"
_SCRIPT_="\$0"

_SUB_FOLDERS="dnsapi deploy"

LETSENCRYPT_CA_V1="https://acme-v01.api.letsencrypt.org/directory"
LETSENCRYPT_STAGING_CA_V1="https://acme-staging.api.letsencrypt.org/directory"

LETSENCRYPT_CA_V2="https://acme-v02.api.letsencrypt.org/directory"
LETSENCRYPT_STAGING_CA_V2="https://acme-staging-v02.api.letsencrypt.org/directory"

DEFAULT_CA=\$LETSENCRYPT_CA_V1
DEFAULT_STAGING_CA=\$LETSENCRYPT_STAGING_CA_V1

DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"

DEFAULT_USER_AGENT="\$PROJECT_NAME/\$VER (\$PROJECT)"
DEFAULT_ACCOUNT_EMAIL=""

DEFAULT_ACCOUNT_KEY_LENGTH=2048
DEFAULT_DOMAIN_KEY_LENGTH=2048

DEFAULT_OPENSSL_BIN="openssl"

_OLD_CA_HOST="https://acme-v01.api.letsencrypt.org"
_OLD_STAGE_CA_HOST="https://acme-staging.api.letsencrypt.org"

VTYPE_HTTP="http-01"
VTYPE_DNS="dns-01"
VTYPE_ALPN="tls-alpn-01"

LOCAL_ANY_ADDRESS="0.0.0.0"

DEFAULT_RENEW=60

DEFAULT_DNS_SLEEP=120

NO_VALUE="no"
``````

updated to the latest version seemed to fix the issue. Thank you

4 Likes

Just as a note to other pfSense users, a pfSense dev maintains a version of `acme.sh` at https://github.com/jim-p/acme.sh that is occasionally updated and merged back into the pfSense tree per https://forum.netgate.com/topic/146599/process-by-which-the-pfsense-acme-plugin-is-updated.

4 Likes

Is there an easy cookbook for adding this?

My system is running the package 0.3.1_1.
2.3.5-RELEASE-p2 (i386)
built on Thu May 10 15:03:18 CDT 2018
Vendor: Phoenix Technologies, LTD
Version: 6.00 PG
Release Date: 08/22/2008
VIA C7 Processor 1000MHz

Is this system totally outdated and EOL?

@leifnel,
I’m unsure if there is a Chef cookbook. I am sure that you should update your pfsense to the latest stable version. If it’s any consolation, I have been running it without issue after performing the upgrade.

1 Like

I can’t upgrade to a 64 bit 2.4 version

Well, at least I got the machine for free.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.