Bug #11194
closed
ACME DNS challenge for dynu.com not deleting all DNS TXT records upon completion
0%
Description
I've had this issue and finally got around to tracking it down this afternoon. I use the ACME package in pfSense to create a certificate for a home domain (example.org). In the Domain SAN List, I have it configured to include example.org and *.example.org. Everything seems to work fine, except that one of the 2 DNS TXT records that is used in the challenge isn't getting deleted after the certificate renews itself. So, over time, as the certificate renews itself, the number of DNS records used grows until it finally hits its limit and the renewal fails.
The DNS provider I am using is dynu.com, and from my investigation it appears as if there is a line in the dns_dynu.sh script (see: https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_dynu.sh) in the ACME package that doesn't work on FreeBSD.
On line 165 there is a usage of sed that is attempting to process a text string in order to insert newlines.
sed -e 's/[^{]*\({[^}]*}\)[^{]*/\1\n/g'
It appears as if this construct doesn't work on FreeBSD... the "\n" just inserts the character 'n' into the stream, not a newline as seemingly intended.
I'm sure there are other ways to fix it, but I tried replacing the 'n' with a literal new line, and that seems to do the trick.
Sorry if this isn't the right place to file this bug. If it's not, please let me know where I might appropriately redirect this.
Updated by Jim Pingle almost 4 years ago
- Project changed from pfSense to pfSense Packages
- Category changed from Services to ACME
- Status changed from New to Rejected
We don't have control over that code, you'd report that upstream to the acme.sh project directly: https://github.com/acmesh-official/acme.sh/issues