Bug #10411
closed
- Status changed from New to Needs Patch
That will need to be raised as an issue directly with acme.sh not here.
Thank you for reviewing Jim.
I have been researching further and found closed issues on the acme.sh github:
https://github.com/acmesh-official/acme.sh/issues/2576
https://github.com/acmesh-official/acme.sh/issues/2587
Using public DoH is just because that letsencrypt CA is using public dns servers to validate.
To disable ns lool up, you can use --dnssleep 180
I have tested dnssleep of 180 in the pfsense acme GUI, and the certificate successfully generates when one manually Issue/Renews. However, the GUI reports that the issuance was unsuccessful (the broken icon appears, and there is no successful message at top). After a little while longer, a refresh of the page does show the successful issue of certificate, and the system log does show the appropriate shell commands run.
Might an update be made to the package that accounts for added dnssleep time?
Still seems like acme.sh should handle that more gracefully without relying on such a long timeout, or have an option to disable DoH.
Jim Pingle wrote:
Still seems like acme.sh should handle that more gracefully without relying on such a long timeout, or have an option to disable DoH.
I certainly agree, I'm glad to have found a workaround, but this is a pain. Unfortunately it doesn't seem that acme.sh agrees since they have closed at least two issues raising this.
Also available in: Atom
PDF
Updated by 
Updated by