Bug #9020
closedImpossible to register ACME wildcard certificate regardless documentation
0%
Description
Documentation at https://www.netgate.com/docs/pfsense/certificates/acme-wildcard.html states what needs to be done to generate a wildcard cetificate.
Still this information is false, being impossible to follow the steps descibed on latest stable release (2.4.4) because the user interface does not allow you to introduce the wildcard SNI in any way.
Files
Updated by Jim Pingle over 5 years ago
- Status changed from New to Not a Bug
- Priority changed from High to Normal
- Target version deleted (
2.4.4-GS)
You have some kind of configuration error. I tried it again exactly as stated on the page and it works.
Updated by Sorin Sbarnea over 5 years ago
Jim Pingle wrote:
You have some kind of configuration error. I tried it again exactly as stated on the page and it works.
This is really weird because I got the error 3 times and I double checked all fields. I wanted to take a screenshot as a proof. Now I tried again and it worked.
Maybe it happens only on a browser of on some weird conditions but at least I am happy that it works.
There was only one minor glitch, the certificate regeneration ended with an error from aws, but the certificate was retrieved, installed and working correctly.
Response error: SenderSignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.869fbf78-c99b-11e8-94d0-b1a34a3a37df Error rm webroot api for domain:dns_aws
Updated by Tobias Haas almost 5 years ago
- File 2019-04-04 22_51_51-pfSense.freestorage.intern - Services_ Acme_ Certificates.png 2019-04-04 22_51_51-pfSense.freestorage.intern - Services_ Acme_ Certificates.png added
- File 2019-04-04 22_51_06-pfSense.freestorage.intern - Services_ Acme_ Certificates.png 2019-04-04 22_51_06-pfSense.freestorage.intern - Services_ Acme_ Certificates.png added
Same Bug here:
Version: 2.4.4_2
Same Config: Issue/Renew --> Bug goes away!
I have see the Bug more then one (Screenshots Addet). Its happen always when i Enter a new domain at the first time (Maybe it's just luck).
Wildcards like:
" *.blaa.ch "
" *.blub.ch "
" *sub.blub.ch "
XXXXX --> remove Names
Crash report begins. Anonymous machine information:
amd64
11.2-RELEASE-p6
FreeBSD 11.2-RELEASE-p6 #3 518496b29ae(RELENG_2_4_4): Wed Dec 12 07:41:44 EST 2018 root@buildbot2.nyi.netgate.com:/build/ce-crossbuild-244/obj/amd64/ZfGpH5cd/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense
Crash report details:
PHP Errors:
[04-Apr-2019 20:59:45 Europe/Berlin] PHP Fatal error: Uncaught RuntimeException: Couldn't create directory: '' to expose challenge for certificate: XXXXX. in /usr/local/pkg/acme/acme.inc:1143
Stack trace:
#0 /usr/local/pkg/acme/acme_command.sh(86): pfsense_pkg\acme\challenge_response_put('XXXXX', 'XXXXX.c...', 'A1uBVG7AJKLvGho...', 'A1uBVG7AJKLvGho...')
#1 {main}
thrown in /usr/local/pkg/acme/acme.inc on line 1143