-
-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BIND9 RFC2136 problem with Acme pfsense #5273
Comments
Please upgrade to the latest code and try again first. Maybe it's already fixed. |
I'm running the latest on pfSense 08_1 Here is the log for you, [Sat Aug 31 13:50:52 BST 2024] code='200' [Sat Aug 31 13:52:35 BST 2024] _URGLY_PRINTF='1' ' ' ' ' Regards` |
Hi folks,
Not sure if this is the right place to post but I recently setup my own Name Servers with BIND9 configured them to support RFC2136 however I keep getting a error related to expected a TSIG or SIG(0) I have tested on a test VM with certbot and it works I can get the SSL Certificate perfectly fine.
Just wondering is there some differences on how Acme handles the _acme-challenge.domain.com ? Can you let me know if what I've done is correct ?
On BIND I configured the following zones,
$ORIGIN . $TTL 300 ; 5 minutes _acme-challenge.domain.uk IN SOA ns1.domain.uk. contact.domain.uk. ( 2024083106 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS ns1..uk. $TTL 120 ; 2 minutes
I created the file named.conf.letsencrypt with the Key
`key "letsencrypt" {
algorithm hmac-sha512;
secret "6==";
};
zone "_acme-challenge.domain.uk" {
type master;
file "/var/lib/bind/db.rdomain.uk";
allow-query { any; };
update-policy {
grant letsencryt.
name _acme-challenge.domain.uk.
txt;
};
};`
Added the following to named.conf.local,
`zone "domain.uk" {
type master;
file "/etc/bind/db.domain.uk";
allow-query { any; };
allow-transfer { 49.; };
update-policy {
grant letsencrypt name _acme-challenge.domain.uk. txt;
grant letsencrypt name _acme-challenge.www.domain.uk. txt;
};
};`
included the named.conf.letsencrypt to named.conf
include "/etc/bind/named.conf.letsencrypt";
Regards
The text was updated successfully, but these errors were encountered: