Project

General

Profile

Actions

Bug #9020

closed

Impossible to register ACME wildcard certificate regardless documentation

Added by Sorin Sbarnea over 5 years ago. Updated almost 5 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
ACME
Target version:
-
Start date:
10/06/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.4
Affected Plus Version:
Affected Architecture:
All

Description

Documentation at https://www.netgate.com/docs/pfsense/certificates/acme-wildcard.html states what needs to be done to generate a wildcard cetificate.

Still this information is false, being impossible to follow the steps descibed on latest stable release (2.4.4) because the user interface does not allow you to introduce the wildcard SNI in any way.


Files

Actions #1

Updated by Jim Pingle over 5 years ago

  • Status changed from New to Not a Bug
  • Priority changed from High to Normal
  • Target version deleted (2.4.4-GS)

You have some kind of configuration error. I tried it again exactly as stated on the page and it works.

Actions #2

Updated by Sorin Sbarnea over 5 years ago

Jim Pingle wrote:

You have some kind of configuration error. I tried it again exactly as stated on the page and it works.

This is really weird because I got the error 3 times and I double checked all fields. I wanted to take a screenshot as a proof. Now I tried again and it worked.

Maybe it happens only on a browser of on some weird conditions but at least I am happy that it works.

There was only one minor glitch, the certificate regeneration ended with an error from aws, but the certificate was retrieved, installed and working correctly.

Response error:
SenderSignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.869fbf78-c99b-11e8-94d0-b1a34a3a37df
Error rm webroot api for domain:dns_aws

Actions #3

Updated by Tobias Haas almost 5 years ago

Same Bug here:
Version: 2.4.4_2

Same Config: Issue/Renew --> Bug goes away!

I have see the Bug more then one (Screenshots Addet). Its happen always when i Enter a new domain at the first time (Maybe it's just luck).
Wildcards like:
" *.blaa.ch "
" *.blub.ch "
" *sub.blub.ch "

XXXXX --> remove Names

Crash report begins. Anonymous machine information:

amd64
11.2-RELEASE-p6
FreeBSD 11.2-RELEASE-p6 #3 518496b29ae(RELENG_2_4_4): Wed Dec 12 07:41:44 EST 2018 :/build/ce-crossbuild-244/obj/amd64/ZfGpH5cd/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[04-Apr-2019 20:59:45 Europe/Berlin] PHP Fatal error: Uncaught RuntimeException: Couldn't create directory: '' to expose challenge for certificate: XXXXX. in /usr/local/pkg/acme/acme.inc:1143
Stack trace:
#0 /usr/local/pkg/acme/acme_command.sh(86): pfsense_pkg\acme\challenge_response_put('XXXXX', 'XXXXX.c...', 'A1uBVG7AJKLvGho...', 'A1uBVG7AJKLvGho...')
#1 {main}
thrown in /usr/local/pkg/acme/acme.inc on line 1143

Actions

Also available in: Atom PDF