Netgate SG-1000 microFirewall

Author Topic: Renew lez encrypt pfsense  (Read 134 times)

0 Members and 1 Guest are viewing this topic.

Offline alex1962

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Renew lez encrypt pfsense
« on: January 22, 2018, 06:46:25 am »
Hello everyone
if I press on renew certificate, it gives me this error:
Renewing certificateaccount: NETWORK
server: letsencrypt-production


 {"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: The challenge is not pending.","status": 400}
[Mon Jan 22 13:29:13 CET 2018] Please check log file for more details: /tmp/acme/fw-01.s-mart.biz/acme_issuecert.log
[Mon Jan 22 13:29:14 CET 2018] The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead.

any ideas?

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2435
  • Karma: +192/-9
    • View Profile
Re: Renew lez encrypt pfsense
« Reply #1 on: January 22, 2018, 07:51:04 am »
any ideas?
Yep.

As you said yourself : the question and thus the answer is here :
.... Please check log file for more details: /tmp/acme/fw-01.s-mart.biz/acme_issuecert.log
(we can't check : no access ... )
Btw :
you must issue it again manually. You'd better use the other modes instead.
is not an error, but you really shouldn't use "DNS-manual" as a method.

Btw : the ACME is a package, and discussed here : pfSense Forum pfSense English Support Packages


Offline alex1962

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: Renew lez encrypt pfsense
« Reply #2 on: January 22, 2018, 08:47:43 am »
thank you Gertjan
now other error  :-[ :-[ :-[ :-[ :-[ :-[ :-[ :-[

[Mon Jan 22 15:41:06 CET 2018] readlink exists=0

[Mon Jan 22 15:41:06 CET 2018] dirname exists=0

[Mon Jan 22 15:41:06 CET 2018] Lets find script dir.

[Mon Jan 22 15:41:06 CET 2018] _SCRIPT_='/usr/local/pkg/acme/acme.sh'

[Mon Jan 22 15:41:06 CET 2018] _script='/usr/local/pkg/acme/acme.sh'

[Mon Jan 22 15:41:06 CET 2018] _script_home='/usr/local/pkg/acme'

[Mon Jan 22 15:41:06 CET 2018] Using config home:/tmp/acme/cybercrimine.com/

[Mon Jan 22 15:41:06 CET 2018] APP

[Mon Jan 22 15:41:06 CET 2018] 2:LOG_FILE='/tmp/acme/cybercrimine.com/acme_issuecert.log'

[Mon Jan 22 15:41:06 CET 2018] APP

[Mon Jan 22 15:41:06 CET 2018] 3:LOG_LEVEL='3'

[Mon Jan 22 15:41:06 CET 2018] LE_WORKING_DIR='/tmp/acme/cybercrimine.com/'

[Mon Jan 22 15:41:06 CET 2018] Using config home:/tmp/acme/cybercrimine.com/

[Mon Jan 22 15:41:06 CET 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'

[Mon Jan 22 15:41:06 CET 2018] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'

[Mon Jan 22 15:41:06 CET 2018] CA_CONF='/tmp/acme/cybercrimine.com//ca/acme-v01.api.letsencrypt.org/ca.conf'

[Mon Jan 22 15:41:06 CET 2018] DOMAIN_PATH='/tmp/acme/cybercrimine.com//www.cybercrimine.com'

[Mon Jan 22 15:41:06 CET 2018] Renew: 'www.cybercrimine.com'

[Mon Jan 22 15:41:06 CET 2018] 'www.cybercrimine.com' is not a issued domain, skip.

if I analyze the start of pfsense I see a lot of faied pullup errors.
can it be connected?

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2435
  • Karma: +192/-9
    • View Profile
Re: Renew lez encrypt pfsense
« Reply #3 on: January 23, 2018, 04:00:51 am »
[Mon Jan 22 15:41:06 CET 2018] 'www.cybercrimine.com' is not a issued domain, skip.
Can't use https://crt.sh right now - better check with that site when it comes up again.
 
if I analyze the start of pfsense I see a lot of faied pullup errors.
can it be connected?
Don't know what you mean.