simonlerpard
commented
5 years ago I got the same error as well for loopia.
Error add txt for domain:_acme-challenge.example.com
- I solved it by double checking the privileges for the api user to. I added the ones I thought would be needed, maybe it's possible to remove some, but these worked for me:
- addSubdomain
- removeZoneRecord
- updateZoneRecord
- addZoneRecord
- getDomains
- getSubdomains
- getZoneRecords
- removeSubdomains
- I also changed the password for the api user to not have any special characters. I tried with a password of 46 characters containing lowercases, uppercases and numbers.
After these two changes it just worked :)
Jacobh2
RasmusWesterlundh
gabbe
Steps to reproduce
Trying to issue a certificate with regular renewal for a device in my home. Though, I cannot issue the certificate as the process stops as per below. Should you require any additional information then I will be happy to support. I just hope you can tell me what's either missing or what I'm doing wrong. Thank you!
NOTE! I have followed the instructions at: https://www.naschenweng.info/2017/01/06/securing-ubiquiti-unifi-cloud-key-encrypt-automatic-dns-01-challenge/
Debug log
[Sat Jul 28 23:46:25 CEST 2018] Creating domain key [Sat Jul 28 23:46:32 CEST 2018] The domain key is here: /root/.acme.sh/example.com/example.com.key [Sat Jul 28 23:46:32 CEST 2018] Single domain='example.com' [Sat Jul 28 23:46:32 CEST 2018] Getting domain auth token for each domain [Sat Jul 28 23:46:32 CEST 2018] Getting webroot for domain='example.com' [Sat Jul 28 23:46:32 CEST 2018] Getting new-authz for domain='example.com' [Sat Jul 28 23:46:35 CEST 2018] The new-authz request is ok. [Sat Jul 28 23:46:35 CEST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns _loopia.sh [Sat Jul 28 23:46:36 CEST 2018] invalid domain [Sat Jul 28 23:46:36 CEST 2018] Error add txt for domain:_acme-challenge.example.com [Sat Jul 28 23:46:36 CEST 2018] Please check log file for more details: /root/.acme.sh/acme.sh.log
Log file (/root/.acme.sh/acme.sh.log):
[Sun Jul 29 00:15:36 CEST 2018] _main_domain='example.com' [Sun Jul 29 00:15:36 CEST 2018] _alt_domains='unifi.example.com' [Sun Jul 29 00:15:36 CEST 2018] Using config home:/root/.acme.sh [Sun Jul 29 00:15:36 CEST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory' [Sun Jul 29 00:15:36 CEST 2018] DOMAIN_PATH='/root/.acme.sh/example.com' [Sun Jul 29 00:15:36 CEST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory [Sun Jul 29 00:15:36 CEST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory [Sun Jul 29 00:15:36 CEST 2018] GET [Sun Jul 29 00:15:36 CEST 2018] url='https://acme-v01.api.letsencrypt.org/directory' [Sun Jul 29 00:15:36 CEST 2018] timeout= [Sun Jul 29 00:15:36 CEST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g ' [Sun Jul 29 00:15:36 CEST 2018] ret='0' [Sun Jul 29 00:15:37 CEST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change' [Sun Jul 29 00:15:37 CEST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Sun Jul 29 00:15:37 CEST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert' [Sun Jul 29 00:15:37 CEST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg' [Sun Jul 29 00:15:37 CEST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert' [Sun Jul 29 00:15:37 CEST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Sun Jul 29 00:15:37 CEST 2018] ACME_NEW_NONCE [Sun Jul 29 00:15:37 CEST 2018] ACME_VERSION [Sun Jul 29 00:15:37 CEST 2018] Le_NextRenewTime [Sun Jul 29 00:15:37 CEST 2018] _on_before_issue [Sun Jul 29 00:15:37 CEST 2018] _chk_main_domain='example.com' [Sun Jul 29 00:15:37 CEST 2018] _chk_alt_domains='unifi.example.com' [Sun Jul 29 00:15:37 CEST 2018] Le_LocalAddress [Sun Jul 29 00:15:37 CEST 2018] d='example.com' [Sun Jul 29 00:15:37 CEST 2018] Check for domain='example.com' [Sun Jul 29 00:15:37 CEST 2018] _currentRoot='dns_loopia' [Sun Jul 29 00:15:38 CEST 2018] _saved_account_key_hash is not changed, skip register account. [Sun Jul 29 00:15:38 CEST 2018] Read key length: [Sun Jul 29 00:15:38 CEST 2018] _createcsr [Sun Jul 29 00:15:38 CEST 2018] Multi domain='DNS:example.com,DNS:unifi.example.com' [Sun Jul 29 00:15:38 CEST 2018] Getting domain auth token for each domain [Sun Jul 29 00:15:38 CEST 2018] d='example.com' [Sun Jul 29 00:15:38 CEST 2018] Getting webroot for domain='example.com' [Sun Jul 29 00:15:38 CEST 2018] _w='dns_loopia' [Sun Jul 29 00:15:38 CEST 2018] _currentRoot='dns_loopia' [Sun Jul 29 00:15:38 CEST 2018] Getting new-authz for domain='example.com' [Sun Jul 29 00:15:38 CEST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory [Sun Jul 29 00:15:38 CEST 2018] Try new-authz for the 0 time. [Sun Jul 29 00:15:38 CEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Sun Jul 29 00:15:38 CEST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "example.com"}}' [Sun Jul 29 00:15:38 CEST 2018] RSA key [Sun Jul 29 00:15:38 CEST 2018] GET [Sun Jul 29 00:15:38 CEST 2018] url='https://acme-v01.api.letsencrypt.org/directory' [Sun Jul 29 00:15:38 CEST 2018] timeout= [Sun Jul 29 00:15:39 CEST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g ' [Sun Jul 29 00:15:39 CEST 2018] ret='0' [Sun Jul 29 00:15:39 CEST 2018] POST [Sun Jul 29 00:15:39 CEST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Sun Jul 29 00:15:39 CEST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g ' [Sun Jul 29 00:15:40 CEST 2018] _ret='0' [Sun Jul 29 00:15:40 CEST 2018] code='201' [Sun Jul 29 00:15:40 CEST 2018] The new-authz request is ok. [Sun Jul 29 00:15:41 CEST 2018] entry='"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/iHBgf2TS8eJEqSClpaqFoKgsH-P-WJwFAW0ucc6J_kw/6011780244","token":"N/A [Sun Jul 29 00:15:41 CEST 2018] token='N/A' [Sun Jul 29 00:15:41 CEST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/iHBgf2TS8eJEqSClpaqFoKgsH-P-WJwFAW0ucc6J_kw/6011780244' [Sun Jul 29 00:15:41 CEST 2018] keyauthorization='N' [Sun Jul 29 00:15:41 CEST 2018] dvlist='example.com#bbhR3HHWD80I6ZvEvslgvjCn6UxUYcuCkcjz_Fz-xOA.lqQVCaUB4XK2mP9ctBbH8Q-oIqZCmxXeUgVPZlQdrQ#https://acme-v01.api.letsencrypt.org/acme/challenge/iHBgf2TS8eJEqSClpaqFoKgsH-P-WJwFAW0ucc6J$ [Sun Jul 29 00:15:41 CEST 2018] d='unifi.example.com' [Sun Jul 29 00:15:41 CEST 2018] Getting webroot for domain='unifi.example.com' [Sun Jul 29 00:15:41 CEST 2018] _w='dns_loopia' [Sun Jul 29 00:15:41 CEST 2018] _currentRoot='dns_loopia' [Sun Jul 29 00:15:41 CEST 2018] Getting new-authz for domain='unifi.example.com' [Sun Jul 29 00:15:41 CEST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory [Sun Jul 29 00:15:41 CEST 2018] Try new-authz for the 0 time. [Sun Jul 29 00:15:41 CEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Sun Jul 29 00:15:41 CEST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "unifi.example.com"}}' [Sun Jul 29 00:15:41 CEST 2018] POST [Sun Jul 29 00:15:41 CEST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Sun Jul 29 00:15:41 CEST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g ' [Sun Jul 29 00:15:42 CEST 2018] _ret='0' [Sun Jul 29 00:15:42 CEST 2018] code='201' [Sun Jul 29 00:15:42 CEST 2018] The new-authz request is ok. [Sun Jul 29 00:15:43 CEST 2018] entry='"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/LssBrM1T2iall1u9jNj1GxLmAfjweYIJLKGz9qb9BEY/6011780992","token":"N/A [Sun Jul 29 00:15:43 CEST 2018] token='N/A' [Sun Jul 29 00:15:43 CEST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/LssBrM1T2iall1u9jNj1GxLmAfjweYIJLKGz9qb9BEY/6011780992' [Sun Jul 29 00:15:43 CEST 2018] keyauthorization='N/A' [Sun Jul 29 00:15:43 CEST 2018] dvlist='unifi.example.com#U4t7CBFFdl8N6JiXqv7gUThmY1G3itiqZtQOX_tqTwo.lqQVCaUB4XK2mP9ctBbH8Q-oIqZ_CmxXeUgVPZlQdrQ#https://acme-v01.api.letsencrypt.org/acme/challenge/LssBrM1T2iall1u9jNj1GxLmAfjweYIJLKG$ [Sun Jul 29 00:15:43 CEST 2018] d [Sun Jul 29 00:15:43 CEST 2018] vlist='example.com#bbhR3HHWD80I6ZvEvslgvjCn6UxUYcuCkcjz_Fz-xOA.lqQVCaUB4XK2mP9ctBbH8Q-oIqZ_CmxXeUgVPZlQdrQ#https://acme-v01.api.letsencrypt.org/acme/challenge/iHBgf2TS8eJEqSClpaqFoKgsH-P-WJwFAW0ucc6J_k$ [Sun Jul 29 00:15:43 CEST 2018] d='example.com' [Sun Jul 29 00:15:43 CEST 2018] _d_alias [Sun Jul 29 00:15:43 CEST 2018] txtdomain='_acme-challenge.example.com' [Sun Jul 29 00:15:43 CEST 2018] txt='6aZCXFJeE3jeP_Z-RRZZPChVCNhVjyqs0JYh6e2YCg4' [Sun Jul 29 00:15:43 CEST 2018] d_api='/root/.acme.sh/dnsapi/dns_loopia.sh' [Sun Jul 29 00:15:43 CEST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_loopia.sh [Sun Jul 29 00:15:43 CEST 2018] First detect the root zone [Sun Jul 29 00:15:43 CEST 2018] get root [Sun Jul 29 00:15:43 CEST 2018] POST [Sun Jul 29 00:15:43 CEST 2018] _post_url='https://api.loopia.se/RPCSERV' [Sun Jul 29 00:15:43 CEST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g ' [Sun Jul 29 00:15:44 CEST 2018] _ret='0' [Sun Jul 29 00:15:44 CEST 2018] invalid domain [Sun Jul 29 00:15:44 CEST 2018] Error add txt for domain:_acme-challenge.example.com [Sun Jul 29 00:15:44 CEST 2018] pid [Sun Jul 29 00:15:44 CEST 2018] No need to restore nginx, skip. [Sun Jul 29 00:15:44 CEST 2018] _clearupdns [Sun Jul 29 00:15:44 CEST 2018] skip dns.