Acme Certs issue on pfSense with DNS api

[rjbastyrinc]

Trying to set up the Acme DNS api on pfSense in order to use automatically renewing certs for my services behind my reverse proxy. MIAB is exposed to the internet and functions great, just banging my head against the wall trying to figure out why the build in script is showing this error.

On Screen Error when trying to provision Certs
acme1.txt

Log File
acme_issuecert.log

Script
dns_miab.sh.txt

Thank you in advance for any insight that anyone may be able to provide.

[lifeboy]

Did you ever manage to resolve this problem? I'm also using pfSense with acme certs and I get a similar error. Mine is error 60, which is:

CURLE_PEER_FAILED_VERIFICATION (60)

The remote server's SSL certificate or SSH fingerprint was deemed not OK. This error code has been unified with CURLE_SSL_CACERT since 7.62.0. Its previous value was 51.

However, my PMiaB certs are all in order.

fast.za.net Signed & valid. The certificate expires in 62 days on 2024-10-20.

My DNS records in PMiaB are:

fw	IN	A	197.214.119.130
fw	IN	TXT	"v=spf1 -all" 
fw	IN	MX	0 .
_dmarc.fw	IN	TXT	"v=DMARC1; p=reject" 
fw-1a	IN	A	197.214.119.131
fw-1a	IN	TXT	"v=spf1 -all" 
fw-1a	IN	MX	0 .
_dmarc.fw-1a	IN	TXT	"v=DMARC1; p=reject" 
fw-1b	IN	A	197.214.119.132
fw-1b	IN	TXT	"v=spf1 -all" 
fw-1b	IN	MX	0 .
_dmarc.fw-1b	IN	TXT	"v=DMARC1; p=reject" 

[lifeboy]

@rjbastyrinc, it looks like the spec of the API for adding a TXT record has changed at some stage, so the ACME cert script that calls this MiaB API may need to be updated.

See acmesh-official/acme.sh#2550 (comment)