Are these instructions still up to date? https://www.truenas.com/community/threads/howto-acme-dns-authenticator-shell-script-using-acmesh-project.107252/
I have problems with it and have tried to reinstall acme.sh several times now. Meanwhile I get an error message during the installation (curl https://get.acme.sh | sh -s email=my@example.com):
[Sun Feb 23 15:01:56 CET 2025] Extracting master.tar.gz
sh: 7099: ./acme.sh: Permission denied
How can I restart here?
Looks like a permissions issue, do you have permissions to run the file where it’s located?
Having said that, why do you need acme.sh? Is it because your DNS provider isn’t included in the base install or something else?
I use ionos as DNS provider. It is included in the acme.sh-API.
I created a certificate with acme.sh 3 months ago, but the update with cron does not work. At the moment it is invalid. So I tried this built-in procedure. As I understood it will renew the certificate from itself.
no, when I try to create a certificate it sticks here:
Is there a possibility to debug?
After a while I received this error message:
[EFAULT] Certificate request for final order failed: Authorization for identifier Identifier(typ=IdentifierType(dns), value=‘lang-w.de’) failed. Here are the challenges that were not fulfilled: Challenge Type: dns-01 Error information: - Type: urn:ietf:params:acme:error:dns - Details: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.lang-w.de - check that a DNS record exists for this domain Authorization for identifier Identifier(typ=IdentifierType(dns), value=‘lang-w.de’) failed. Here are the challenges that were not fulfilled: Challenge Type: dns-01 Error information: - Type: urn:ietf:params:acme:error:dns - Details: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.lang-w.de - check that a DNS record exists for this domain
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/middlewared/plugins/acme_protocol_/issue_cert.py”, line 101, in issue_certificate
return acme_client.poll_and_finalize(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/acme/client.py”, line 185, in poll_and_finalize
orderr = self.poll_authorizations(orderr, deadline)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/acme/client.py”, line 210, in poll_authorizations
raise errors.ValidationError(failed)
acme.errors.ValidationError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/middlewared/job.py”, line 509, in run
await self.future
File “/usr/lib/python3/dist-packages/middlewared/job.py”, line 554, in _run_body
rv = await self.method(*args)
^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/service/crud_service.py”, line 261, in nf
rv = await func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 49, in nf
res = await f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 179, in nf
return await func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/plugins/crypto/certificates.py", line 331, in do_create
await self.middleware.call(f’certificate.{self.map_functions[create_type]}‘, job, data)
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1629, in call
return await self.call(
^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1471, in call
return await self.run_in_executor(prepared_call.executor, methodobj, *prepared_call.args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1364, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3.11/concurrent/futures/thread.py”, line 58, in run
result = self.fn(*self.args, **self.kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 183, in nf
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/plugins/crypto/certificates.py", line 382, in create_acme_certificate
final_order = self.middleware.call_sync(‘acme.issue_certificate’, job, 25, data, csr_data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1665, in call_sync
return methodobj(*prepared_call.args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/plugins/acme_protocol/issue_cert.py", line 117, in issue_certificate
raise CallError(f’Certificate request for final order failed: {msg}’)
middlewared.service_exception.CallError: [EFAULT] Certificate request for final order failed:
Authorization for identifier Identifier(typ=IdentifierType(dns), value=‘lang-w.de’) failed.
Here are the challenges that were not fulfilled:
Challenge Type: dns-01
Error information:
- Type: urn:ietf:params:acme:error:dns
- Details: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.lang-w.de - check that a DNS record exists for this domain
Authorization for identifier Identifier(typ=IdentifierType(dns), value=‘lang-w.de’) failed.
Here are the challenges that were not fulfilled:
Challenge Type: dns-01
Error information:
- Type: urn:ietf:params:acme:error:dns
- Details: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.lang-w.de - check that a DNS record exists for this domain
OK, there seems to be an error in the DNS. But how to fix?
I use adguard, in adguard I have a rewrite rule defined for my truenas:
truenas22.lang-w.de. → 192.168.178.6 (I will use only in my private network). Do I need other DNS-entries? Where?
Mine failed for the same reason on Eel. My DNS is Porkbun. I downloaded the latest version of acme, and, it worked today (mine is renewed from Scale). In case it helps.
hello… I have the same issue on fangtooth using porkbun… just curious, how did you exactly resolve your issue? I checked 5 times and i know all my info is corect after i followed the guide… i used the “git clone” method and then followed the guide… although my DNS name is created, the error comes back with
Error information:
- Type: urn:ietf:params:acme:error:dns
- Details: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mydomain.mydomain.xyz - check that a DNS record exists for this domain
it’s driving me up the wall to get this working lol… any help would be appreciated…
hello, were you able to resolve this issue? I ran into same thing when trying to follow the procedure…
If you are asking me, no idea, that was March 4. I am running acme.sh in a custom docker container. So, unless you are, likely of no help anyway.
I managed to fix my issue… Just wanted to post the solution here in case anyone ever came across same problem when using porkbun…
In my case everything was actually fine per say… I followed the guide properly, updated everything properly, had my API keys created in porkbun and had my DNS subdomain and momain as it should… however i missed one option that needed changing in porkbun… there is a slider in the DNS details screen which you need to enable to allow API to see your DNS entries… once that was enabled, i ran the certificate authentication and all went as planned…
1 Like