Bug #11023
closed
route_get('default', 'inet') always returns empty
Added by Christian Knop about 4 years ago.
Updated about 4 years ago.
Affected Architecture:
amd64
Description
ip address is missing [NAMECHEAP_SOURCEIP]
test.com
Renewing certificate
account: testing
server: letsencrypt-staging-2
/usr/local/pkg/acme/acme.sh --issue --domain '*.test.com' --dns 'dns_namecheap' --home '/tmp/acme/test.com/' --accountconf '/tmp/acme/test.com/accountconf.conf' --force --reloadCmd '/tmp/acme/test.com/reloadcmd.sh' --log-level 3 --log '/tmp/acme/test.com/acme_issuecert.log'
Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[NAMECHEAP_SOURCEIP] =>
[NAMECHEAP_API_KEY] => XXXXXX
[NAMECHEAP_USERNAME] => XXXXXX
)
[Sat Oct 31 11:27:26 CET 2020] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory
[Sat Oct 31 11:27:26 CET 2020] Single domain='*.test.com'
[Sat Oct 31 11:27:26 CET 2020] Getting domain auth token for each domain
[Sat Oct 31 11:27:29 CET 2020] Getting webroot for domain='*.test.com'
[Sat Oct 31 11:27:29 CET 2020] Adding txt value: XXXXXXXXXXXXXXX for domain: _acme-challenge.test.com
[Sat Oct 31 11:27:29 CET 2020] No Source IP specified for Namecheap API.
[Sat Oct 31 11:27:29 CET 2020] Use your public ip address or an url to retrieve it (e.g. https://ipconfig.co/ip) and export it as NAMECHEAP_SOURCEIP
[Sat Oct 31 11:27:29 CET 2020] Error add txt for domain:_acme-challenge.test.com
[Sat Oct 31 11:27:29 CET 2020] Please check log file for more details: /tmp/acme/test.com/acme_issuecert.log
Files
can the domain cause the problem? a .net works and a .fit and a .vip cause the error.
- Assignee set to Jim Pingle
- Target version deleted (
2.5.0)
- Project changed from pfSense Packages to pfSense
- Subject changed from Acme DNS Namecheap -> no [NAMECHEAP_SOURCEIP] to route_get('default', 'inet') always returns empty
- Category changed from ACME to Routing
- Status changed from New to Feedback
- Assignee changed from Jim Pingle to Renato Botelho
- Target version set to 2.5.0
Actually this isn't a problem in ACME, it's a problem in a base system function which only exists on 2.5.0.
route_get('default', 'inet')
always returns empty.
Renato has a fix in already, b1558574e69965ea68744ad355a60842ca8294ea
I am surprised that it is not ACME. I tested ACME on Ubuntu 20.04.1 and sometimes the same problem. I suspect a problem with multiple domains on one public ip. tomorrow I will test whether the 1st domain is always possible and not every other With 3 domains, 1 is always possible, so it is not due to .fit or .vip domains.
Under Ubuntu I entered my public ip by hand in the config and was able to solve the problem with it.
However, there were curl errors under ubuntu but not in the 1st domain. i am convinced that there are problems with 1 public ip and the generation for multiple domains.
Christian Knop wrote:
Under Ubuntu I entered my public ip by hand in the config and was able to solve the problem with it.
However, there were curl errors under ubuntu but not in the 1st domain. i am convinced that there are problems with 1 public ip and the generation for multiple domains.
Sorry, I'm confused. Is the problem resolved on pfSense? OR you are still able to reproduce it?
I just looked to see if the same error existed under ubuntu.
- Status changed from Feedback to Resolved
The specific error "No Source IP specified for Namecheap API" was due to a bug in the routing code as I mentioned. It was not populating that variable correctly since it was getting an empty response when looking up the default gateway. That was fixed, and now Namecheap works again.
Nothing else mentioned after that is relevant to this particular error. You might have hit something new in ACME that is unrelated, but if so it probably needs reported to acme.sh and not us.
Many thanks for the support. The gateway ip is now correctly recognized.
I have now found the other bug. The 1st domain in Acme works. For each additional domain, 2 instead of 1 DNS .txt are generated.
All 3 domains are with Namecheap. 3 different endings .net, .fit and .vip. It doesn't matter in which order the domains are created in Acme, only the 1st from the list works.
That is not relevant to this bug report, and is likely a problem in the script maintained by acme.sh and not us.
ow to fix cURL error 60: SSL certificate problem
Narendra Vaghela
Narendra Vaghela
Sep 1, 2016·1 min read
Sometimes, when we make a curl call to third party services, we get an error curl: (60) SSL certificate : unable to get local issuer certificate.
This error occurs because the curl verifies and makes a secure connection request using self-signed certificate. When it does not find the valid certificate, it throws an error.
To fix this error, follow the steps below:
Open http://curl.haxx.se/ca/cacert.pem
Copy the entire page and save it as a “cacert.pem”
Open your php.ini file and insert or update the following line.
curl.cainfo = “[pathtofile]cacert.pem”
Stop posting to this bug report. The one single issue for this report is resolved. If you have some other issue, it does not belong here as it is not related. Please post to the forum to discuss the problem, not here.
Jim Pingle wrote:
That is not relevant to this bug report, and is likely a problem in the script maintained by acme.sh and not us.
oh sorry, i thought the script is specially adapted for pfsense.
Also available in: Atom
PDF