So it looks like iX are inappropriately depending on a way that Let’s Encrypt doesn’t behave any more, which is what’s breaking this. They don’t think it’s worth fixing until October:
Until then, this is an alternative:
2 Likes
I’ll give that a shot. How easy is it to reverse once the built in tools start working?
Easy enough, just tell acme.sh to delete the cert (or delete its cron job) and start using the UI. Though as long as it’s working, there’s no inherent reason to revert. An advantage of acme.sh is that it supports somewhere around 150 DNS providers, compared to the 3 or so that are built in.
Thanks for digging into this. This is a homelab setup for me so I’ll probably just wait until October. I appreciate the info and the workaround!
Thank you! I will give this a shot
Fair enough, but I like using the built in tools when I can. And I already use Cloudflare so the extra 147 providers don’t mean much in my particular case.
I read through this link and the other discussion linked off this one. I didn’t see any mention of the fix stalling until Oct. Is that just based on their release schedule? Next full release is October?
Yes; according to that PR, it’s slated for release in 25.10, which would be in October (since iX insists on a major release every six months rather than trying to deliver software that isn’t broken).
1 Like
I followed some links and pull 16624 is backporting the fix to 25.04.2, whenever that releases.
1 Like
The change on LE’s end is either affecting older versions of TrueNAS, or this isn’t my issue.
One of my other servers’ certs expired and it’s now also failing in the same way. So that’s a failure to even renew a cert.
Maybe there’s an issue with my firewall or proxy not allowing correct communications.
This is probably a different issue, then–the failure addressed in that PR is in registering a new ACME account, which wouldn’t be happening with a renewal.