Acme.sh, at least when using the CloudFlare API, does not handle DNS records with capitalization. Could you either add case insensitivity, do input sanitization that converts all DNS entries to lowercase, or add this as a limitation to the Wiki?
Thanks!
Example below:
cAPStest01.ttl.one
[root@gateway acme.sh]# /root/.acme.sh/acme.sh --issue -d cAPStest01.ttl.one --dns dns_cf --dnssleep 10 --test
[Thu Feb 15 11:21:46 PST 2018] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
[Thu Feb 15 11:21:47 PST 2018] Creating domain key
[Thu Feb 15 11:21:47 PST 2018] The domain key is here: /root/.acme.sh/cAPStest01.ttl.one/cAPStest01.ttl.one.key
[Thu Feb 15 11:21:47 PST 2018] Single domain='cAPStest01.ttl.one'
[Thu Feb 15 11:21:47 PST 2018] Getting domain auth token for each domain
[Thu Feb 15 11:21:47 PST 2018] Getting webroot for domain='cAPStest01.ttl.one'
[Thu Feb 15 11:21:47 PST 2018] Getting new-authz for domain='cAPStest01.ttl.one'
[Thu Feb 15 11:21:50 PST 2018] The new-authz request is ok.
[Thu Feb 15 11:21:50 PST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Thu Feb 15 11:21:52 PST 2018] Adding record
[Thu Feb 15 11:21:53 PST 2018] Add txt record error.
[Thu Feb 15 11:21:53 PST 2018] Error add txt for domain:_acme-challenge.cAPStest01.ttl.one
[Thu Feb 15 11:21:53 PST 2018] Please add '--debug' or '--log' to check more details.
[Thu Feb 15 11:21:53 PST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
capstest01.ttl.one
[root@gateway acme.sh]# /root/.acme.sh/acme.sh --issue -d capstest01.ttl.one --dns dns_cf --dnssleep 10 --test
[Thu Feb 15 11:22:08 PST 2018] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
[Thu Feb 15 11:22:09 PST 2018] Single domain='capstest01.ttl.one'
[Thu Feb 15 11:22:09 PST 2018] Getting domain auth token for each domain
[Thu Feb 15 11:22:09 PST 2018] Getting webroot for domain='capstest01.ttl.one'
[Thu Feb 15 11:22:09 PST 2018] Getting new-authz for domain='capstest01.ttl.one'
[Thu Feb 15 11:22:12 PST 2018] The new-authz request is ok.
[Thu Feb 15 11:22:12 PST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Thu Feb 15 11:22:14 PST 2018] Adding record
[Thu Feb 15 11:22:15 PST 2018] Added, OK
[Thu Feb 15 11:22:15 PST 2018] Sleep 10 seconds for the txt records to take effect
[Thu Feb 15 11:22:26 PST 2018] Verifying:capstest01.ttl.one
[Thu Feb 15 11:22:31 PST 2018] Success
[Thu Feb 15 11:22:33 PST 2018] Verify finished, start to sign.
[Thu Feb 15 11:22:35 PST 2018] Cert success.
Neilpang
commented
6 years ago
Acme.sh, at least when using the CloudFlare API, does not handle DNS records with capitalization. Could you either add case insensitivity, do input sanitization that converts all DNS entries to lowercase, or add this as a limitation to the Wiki?
Thanks!
Example below:
cAPStest01.ttl.one [root@gateway acme.sh]# /root/.acme.sh/acme.sh --issue -d cAPStest01.ttl.one --dns dns_cf --dnssleep 10 --test [Thu Feb 15 11:21:46 PST 2018] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory [Thu Feb 15 11:21:47 PST 2018] Creating domain key [Thu Feb 15 11:21:47 PST 2018] The domain key is here: /root/.acme.sh/cAPStest01.ttl.one/cAPStest01.ttl.one.key [Thu Feb 15 11:21:47 PST 2018] Single domain='cAPStest01.ttl.one' [Thu Feb 15 11:21:47 PST 2018] Getting domain auth token for each domain [Thu Feb 15 11:21:47 PST 2018] Getting webroot for domain='cAPStest01.ttl.one' [Thu Feb 15 11:21:47 PST 2018] Getting new-authz for domain='cAPStest01.ttl.one' [Thu Feb 15 11:21:50 PST 2018] The new-authz request is ok. [Thu Feb 15 11:21:50 PST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh [Thu Feb 15 11:21:52 PST 2018] Adding record [Thu Feb 15 11:21:53 PST 2018] Add txt record error. [Thu Feb 15 11:21:53 PST 2018] Error add txt for domain:_acme-challenge.cAPStest01.ttl.one [Thu Feb 15 11:21:53 PST 2018] Please add '--debug' or '--log' to check more details. [Thu Feb 15 11:21:53 PST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
capstest01.ttl.one [root@gateway acme.sh]# /root/.acme.sh/acme.sh --issue -d capstest01.ttl.one --dns dns_cf --dnssleep 10 --test [Thu Feb 15 11:22:08 PST 2018] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory [Thu Feb 15 11:22:09 PST 2018] Single domain='capstest01.ttl.one' [Thu Feb 15 11:22:09 PST 2018] Getting domain auth token for each domain [Thu Feb 15 11:22:09 PST 2018] Getting webroot for domain='capstest01.ttl.one' [Thu Feb 15 11:22:09 PST 2018] Getting new-authz for domain='capstest01.ttl.one' [Thu Feb 15 11:22:12 PST 2018] The new-authz request is ok. [Thu Feb 15 11:22:12 PST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh [Thu Feb 15 11:22:14 PST 2018] Adding record [Thu Feb 15 11:22:15 PST 2018] Added, OK [Thu Feb 15 11:22:15 PST 2018] Sleep 10 seconds for the txt records to take effect [Thu Feb 15 11:22:26 PST 2018] Verifying:capstest01.ttl.one [Thu Feb 15 11:22:31 PST 2018] Success [Thu Feb 15 11:22:33 PST 2018] Verify finished, start to sign. [Thu Feb 15 11:22:35 PST 2018] Cert success.