Auth error when using two or more domains

[roboticsalign]

Dear all,

first of all I want to thank you for this great script!

My challenge was to sign one certificate for my domain including 2nd level domain and wildcard for subdomains:

• example.com
• *.example.com

So I cloned the repository, adjusted strato-auth.json and ran the following syntax:

sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook $(pwd)/auth-hook.py --manual-cleanup-hook $(pwd)/cleanup-hook.py -d example.com -d *.example.com

It did not work, because certbot reported a wrong acme string. The reason is the curren workflow:

1. certbot provides an acme string acme1 for first domain example.com and expects dns-preperation by auth-hook.py
2. auth-hook.py removes old acme strings from dns
3. auth-hook.py adds acme1 to dns
4. certbot provides a second acme string acme2 for the second domain/the wildcard *.example.com and expects dns-preperation by auth-hook.py
5. auth-hook.py removes old acme strings from dns including the string, we added in step 3
6. auth-hook.py adds acme2 to dns
7. now certbot only finds one acme string and fails.
8. cleanup-hook.py removes all acme strings from dns

Steps 2 and 5 are good for a clean dns before inserting the acme strings, but they are the reason for the auth-fail.

Solution for me: Commenting out https://github.com/Buxdehuda/strato-certbot/blob/32c9a7e6a393f4d866cd80e7fc4c2f9b5ee218dc/certbotstratoapi.py#L218 solves the problem.

[Buxdehuda]

Thanks for your detailed description. In my opinion it seems reasonable to remove the record only once cleanup-hook is called, so we should be able to remove the line you mentioned without any problems.

Let me know if you want to open a PR so the fix is attributed to you, otherwise I can do it for you.

[roboticsalign]

I created a pull request (https://github.com/Buxdehuda/strato-certbot/pull/15) so that we can close this issue.