Open grasmanek94 opened 5 years ago
The reason is I'm using a wildcard SSL certificate for all my subdomain, so I don't notice the challenge in _acme-challenge.subdomain
format when write this little script.
As the readme said:
Simple scripts I use to auto renew my Let's encrypt wildcard SSL cert.
But use acme.sh is always recommended.
So, you can fork and modify this script as you like to meet your needs.
But I am also VERY happy to receive PR as long as it doesn't break my origin needs :)
Happy hacking.
😆
close due to not active.
@grasmanek94
May be fixed by pr #2, you can try it again if you want.
I use a wildcard certificate as well and think I had this same issue. As mentioned in the README you need to generate your certificate through certbot first. That places the _acme-challenge DNS record in your registrar. If you did not do that then you will not be able to get the CHALLENGE_RESPONSE value and it will return as null. I already had a wildcard certificate generated that was expiring. I used this tool https://github.com/joohoi/acme-dns-certbot-joohoi/blob/master/acme-dns-auth.py to get a new value for the DNS challenge. Then I set up these scripts in my crontab for autorenewals.
I was going to open an issue but it is likely covering this as well. The API headers are outdated. An example from the Cloudflare site to authenticate to the API is below.
curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" -H "Authorization: Bearer ${CLOUDFLARE_KEY}" -H "Content-Type:application/json"
Thanks for this awesome script. Saved me a ton of time I am sure.
It seems to work for
example.com
but not forsubdomain.example.com
, any tips?CF response for the URL
https://api.cloudflare.com/client/v4/zones?name=subdomain.example.com
:{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}
After I forcefully put in my
CLOUDFLARE_ZONE
and remove the code to determine the zone it seems to proceed but then stalls atDNS records have not been propagate, sleep 10s...
.I suspect the root domain must be extracted and then the acme challenge constructed to
_acme-challenge.subdomain
? Then a manual renewal succeeds (I changed the DNS manually from_acme-challenge
to_acme-challenge.subdomain
while renewing.