search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.2k stars 4.96k forks source link

dnsapi: netcup: Api key missing. JSON decode failed while validating request. #2167

Closed alexander-lindner closed 1 month ago

alexander-lindner commented 5 years ago

Steps to reproduce

When using acme.sh --renew-all --dns (setup was created using https://github.com/Neilpang/acme.sh/blob/44c1572b8f5b399e17b11ba65b73af747088ad11/dnsapi/dns_netcup.sh, acme.sh --issue --dnssleep 500 --dns dns_netcup -d example.com) I got this error:

{"serverrequestid":"702MMOE5gDzM4bk2H6cT1w38Tk5","clientrequestid":"","action":"undefined","status":"error","statuscode":4013,"shortmessage":"Validation Error.","longmessage":"Api key missing. JSON decode failed while validating request.","responsedata":""}
[Sat Mar 16 09:32:23 UTC 2019] Error add txt for domain:_acme-challenge.sub.domain.tld
[Sat Mar 16 09:32:23 UTC 2019] _on_issue_err
[Sat Mar 16 09:32:23 UTC 2019] Please check log file for more details: /acme.sh/acme.sh.log

Found Bug

After some debugging I found this bug

account.conf

SAVED_NC_Apikey='"key"'
SAVED_NC_Apipw='"pw"'
SAVED_NC_CID='"id"'

This variables are used here https://github.com/Neilpang/acme.sh/blob/44c1572b8f5b399e17b11ba65b73af747088ad11/dnsapi/dns_netcup.sh#L118 which results in double ". After hardcoding this three variables below https://github.com/Neilpang/acme.sh/blob/44c1572b8f5b399e17b11ba65b73af747088ad11/dnsapi/dns_netcup.sh#L6 it now works as expected and the correct values without the " get saved to account.conf

I don't know if this is a special error for my setup or a common one.....

Neilpang commented 5 years ago

I just added more debug info, please upgrade to dev branch and give me full log with --debug 2

acme.sh --upgrade -b dev
alexander-lindner commented 5 years ago 
/ # cat /acme.sh/account.conf 

LOG_FILE='/acme.sh/acme.sh.log'
#LOG_LEVEL=1

AUTO_UPGRADE='1'

#NO_TIMESTAMP=1

SAVED_NC_Apikey='"NETCUP_API_KEY"'
SAVED_NC_Apipw='"NETCUP_API_PW"'
SAVED_NC_CID='"NETCUP_CID"'

USER_PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
/ # acme.sh --issue --dns dns_netcup --dnssleep 520  -d *.test.domain.tld --debug 2
[Sat Mar 16 13:27:20 UTC 2019] Lets find script dir.
[Sat Mar 16 13:27:20 UTC 2019] _SCRIPT_='/usr/local/bin/acme.sh'
[Sat Mar 16 13:27:20 UTC 2019] _script='/root/.acme.sh/acme.sh'
[Sat Mar 16 13:27:20 UTC 2019] _script_home='/root/.acme.sh'
[Sat Mar 16 13:27:20 UTC 2019] Using default home:/root/.acme.sh
[Sat Mar 16 13:27:20 UTC 2019] Using config home:/acme.sh
[Sat Mar 16 13:27:20 UTC 2019] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.8.1
[Sat Mar 16 13:27:20 UTC 2019] _main_domain='*.test.domain.tld'
[Sat Mar 16 13:27:20 UTC 2019] _alt_domains='no'
[Sat Mar 16 13:27:20 UTC 2019] Using config home:/acme.sh
[Sat Mar 16 13:27:20 UTC 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sat Mar 16 13:27:20 UTC 2019] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Sat Mar 16 13:27:20 UTC 2019] DOMAIN_PATH='/acme.sh/*.test.domain.tld'
[Sat Mar 16 13:27:20 UTC 2019] 'dns_netcup' does not contain 'dns'
[Sat Mar 16 13:27:20 UTC 2019] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sat Mar 16 13:27:20 UTC 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sat Mar 16 13:27:20 UTC 2019] GET
[Sat Mar 16 13:27:20 UTC 2019] url='https://acme-v02.api.letsencrypt.org/directory'
[Sat Mar 16 13:27:20 UTC 2019] timeout=
[Sat Mar 16 13:27:21 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header  --trace-ascii /tmp/tmp.uZfsqRSeIz  -g '
[Sat Mar 16 13:27:21 UTC 2019] ret='0'
[Sat Mar 16 13:27:21 UTC 2019] response='{
  "49zzcd2lr-g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sat Mar 16 13:27:21 UTC 2019] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sat Mar 16 13:27:21 UTC 2019] ACME_NEW_AUTHZ
[Sat Mar 16 13:27:21 UTC 2019] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Mar 16 13:27:21 UTC 2019] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sat Mar 16 13:27:21 UTC 2019] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sat Mar 16 13:27:21 UTC 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sat Mar 16 13:27:21 UTC 2019] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Mar 16 13:27:21 UTC 2019] ACME_VERSION='2'
[Sat Mar 16 13:27:21 UTC 2019] Le_NextRenewTime
[Sat Mar 16 13:27:21 UTC 2019] _on_before_issue
[Sat Mar 16 13:27:21 UTC 2019] _chk_main_domain='*.test.domain.tld'
[Sat Mar 16 13:27:21 UTC 2019] _chk_alt_domains
[Sat Mar 16 13:27:21 UTC 2019] 'dns_netcup' does not contain 'no'
[Sat Mar 16 13:27:21 UTC 2019] Le_LocalAddress
[Sat Mar 16 13:27:21 UTC 2019] d='*.test.domain.tld'
[Sat Mar 16 13:27:21 UTC 2019] Check for domain='*.test.domain.tld'
[Sat Mar 16 13:27:21 UTC 2019] _currentRoot='dns_netcup'
[Sat Mar 16 13:27:21 UTC 2019] d
[Sat Mar 16 13:27:21 UTC 2019] 'dns_netcup' does not contain 'apache'
[Sat Mar 16 13:27:21 UTC 2019] _saved_account_key_hash='HASH'
[Sat Mar 16 13:27:21 UTC 2019] _saved_account_key_hash is not changed, skip register account.
[Sat Mar 16 13:27:21 UTC 2019] Read key length:
[Sat Mar 16 13:27:21 UTC 2019] _createcsr
[Sat Mar 16 13:27:21 UTC 2019] domain='*.test.domain.tld'
[Sat Mar 16 13:27:21 UTC 2019] domainlist
[Sat Mar 16 13:27:21 UTC 2019] csrkey='/acme.sh/*.test.domain.tld/*.test.domain.tld.key'
[Sat Mar 16 13:27:21 UTC 2019] csr='/acme.sh/*.test.domain.tld/*.test.domain.tld.csr'
[Sat Mar 16 13:27:21 UTC 2019] csrconf='/acme.sh/*.test.domain.tld/*.test.domain.tld.csr.conf'
[Sat Mar 16 13:27:21 UTC 2019] Single domain='*.test.domain.tld'
[Sat Mar 16 13:27:21 UTC 2019] _is_idn_d='*.test.domain.tld'
[Sat Mar 16 13:27:21 UTC 2019] _idn_temp
[Sat Mar 16 13:27:21 UTC 2019] _csr_cn='*.test.domain.tld'
[Sat Mar 16 13:27:21 UTC 2019] Getting domain auth token for each domain
[Sat Mar 16 13:27:21 UTC 2019] d
[Sat Mar 16 13:27:21 UTC 2019] _identifiers='{"type":"dns","value":"*.test.domain.tld"}'
[Sat Mar 16 13:27:21 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Mar 16 13:27:21 UTC 2019] payload='{"identifiers": [{"type":"dns","value":"*.test.domain.tld"}]}'
[Sat Mar 16 13:27:21 UTC 2019] RSA key
[Sat Mar 16 13:27:21 UTC 2019] _URGLY_PRINTF
[Sat Mar 16 13:27:21 UTC 2019] xargs
[Sat Mar 16 13:27:21 UTC 2019] _URGLY_PRINTF
[Sat Mar 16 13:27:21 UTC 2019] xargs
[Sat Mar 16 13:27:21 UTC 2019] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Mar 16 13:27:21 UTC 2019] HEAD
[Sat Mar 16 13:27:21 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Mar 16 13:27:21 UTC 2019] body
[Sat Mar 16 13:27:21 UTC 2019] _postContentType='application/jose+json'
[Sat Mar 16 13:27:21 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header  --trace-ascii /tmp/tmp.pawrXL75If  -g '
[Sat Mar 16 13:27:21 UTC 2019] _ret='0'
[Sat Mar 16 13:27:21 UTC 2019] _headers='HTTP/1.1 200 OK
Server: nginx
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: SbiTl3R2MKYqCOJIOiNXEyfv3ZAqtGsoXYDZTc_3A60
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 0
Expires: Sat, 16 Mar 2019 13:27:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 16 Mar 2019 13:27:21 GMT
Connection: keep-alive
'
[Sat Mar 16 13:27:21 UTC 2019] _CACHED_NONCE='SbiTl3R2MKYqCOJIOiNXEyfv3ZAqtGsoXYDZTc_3A60'
[Sat Mar 16 13:27:21 UTC 2019] nonce='SbiTl3R2MKYqCOJIOiNXEyfv3ZAqtGsoXYDZTc_3A60'
[Sat Mar 16 13:27:22 UTC 2019] POST
[Sat Mar 16 13:27:22 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Mar 16 13:27:22 UTC 2019] body='{"protected": "PROTECED", "payload": "PAYLOAD", "signature": "LtD7KuAEb_IG7OeO00zXHaC-k5gzsX8Z0AiV8a4UZakBOb5lqWlUtgokzb73ZLyICTjU6HM54z4YbMxjkFgOS-vrJlWbn-IsMPenLiXZhs_ohtCbkmHDmiJsLF7alRX3CcXDG-qeN-VyGhvuLM9Zt_wads3iW7bJvquwZ6cABFu5uSu5ByLx6OaeLa85yBqkXlklGwSsz_xOmOdg-uZt4bfNOTn9nNsxyCOingh0y97J33YPI9tbxjCZho-WxO3agd8gk_4woQ6b7ZeYwRB6h8xASbREnmztTZH8yWwXIYVPu-jcgqwEHz76J_Lspaqu_xYcHJ9YNg6BaGC-SPDMwQ"}'
[Sat Mar 16 13:27:22 UTC 2019] _postContentType='application/jose+json'
[Sat Mar 16 13:27:22 UTC 2019] Http already initialized.
[Sat Mar 16 13:27:22 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header  --trace-ascii /tmp/tmp.pawrXL75If  -g '
[Sat Mar 16 13:27:22 UTC 2019] _ret='0'
[Sat Mar 16 13:27:22 UTC 2019] responseHeaders='HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 374
Boulder-Requester: 47291477
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/47291477/357611130
Replay-Nonce: BgHfyJZsuJ8g0Sq9l4f1Bsf_WgnVvCMUDLzosD4yDN0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 16 Mar 2019 13:27:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 16 Mar 2019 13:27:22 GMT
Connection: keep-alive
'
[Sat Mar 16 13:27:22 UTC 2019] code='201'
[Sat Mar 16 13:27:22 UTC 2019] original='{
  "status": "pending",
  "expires": "2019-03-23T13:27:22.281315755Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.test.domain.tld"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/AUTHID2"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/47291477/357611130"
}'
[Sat Mar 16 13:27:22 UTC 2019] response='{"status":"pending","expires":"2019-03-23T13:27:22.281315755Z","identifiers":[{"type":"dns","value":"*.test.domain.tld"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz/AUTHID2"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/47291477/357611130"}'
[Sat Mar 16 13:27:22 UTC 2019] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/47291477/357611130'
[Sat Mar 16 13:27:22 UTC 2019] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz/AUTHID2'
[Sat Mar 16 13:27:22 UTC 2019] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/AUTHID2'
[Sat Mar 16 13:27:22 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/authz/AUTHID2'
[Sat Mar 16 13:27:22 UTC 2019] payload
[Sat Mar 16 13:27:22 UTC 2019] Use cached jwk for file: /acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
[Sat Mar 16 13:27:22 UTC 2019] Use _CACHED_NONCE='BgHfyJZsuJ8g0Sq9l4f1Bsf_WgnVvCMUDLzosD4yDN0'
[Sat Mar 16 13:27:22 UTC 2019] nonce='BgHfyJZsuJ8g0Sq9l4f1Bsf_WgnVvCMUDLzosD4yDN0'
[Sat Mar 16 13:27:22 UTC 2019] POST
[Sat Mar 16 13:27:22 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/AUTHID2'
[Sat Mar 16 13:27:22 UTC 2019] body='{"protected": "PROTECED_STUFF", "payload": "", "signature": "SIGNATURE"}'
[Sat Mar 16 13:27:22 UTC 2019] _postContentType='application/jose+json'
[Sat Mar 16 13:27:22 UTC 2019] Http already initialized.
[Sat Mar 16 13:27:22 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header  --trace-ascii /tmp/tmp.pawrXL75If  -g '
[Sat Mar 16 13:27:22 UTC 2019] _ret='0'
[Sat Mar 16 13:27:22 UTC 2019] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 424
Boulder-Requester: 47291477
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: Ud2-2juZvdVYrPjCQrtUeVOIDyrrObuf3qyeFkBEykg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 16 Mar 2019 13:27:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 16 Mar 2019 13:27:22 GMT
Connection: keep-alive
'
[Sat Mar 16 13:27:22 UTC 2019] code='200'
[Sat Mar 16 13:27:22 UTC 2019] original='{
  "identifier": {
    "type": "dns",
    "value": "test.domain.tld"
  },
  "status": "pending",
  "expires": "2019-03-23T13:27:22Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID",
      "token": "TOKEN"
    }
  ],
  "wildcard": true
}'
[Sat Mar 16 13:27:22 UTC 2019] response='{"identifier":{"type":"dns","value":"test.domain.tld"},"status":"pending","expires":"2019-03-23T13:27:22Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID","token":"TOKEN"}],"wildcard": true}'
[Sat Mar 16 13:27:22 UTC 2019] response='{"identifier":{"type":"dns","value":"test.domain.tld"},"status":"pending","expires":"2019-03-23T13:27:22Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID","token":"TOKEN"}],"wildcard": true}'
[Sat Mar 16 13:27:22 UTC 2019] _d='*.test.domain.tld'
[Sat Mar 16 13:27:22 UTC 2019] _authorizations_map='*.test.domain.tld,{"identifier":{"type":"dns","value":"test.domain.tld"},"status":"pending","expires":"2019-03-23T13:27:22Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID","token":"TOKEN"}],"wildcard": true}
'
[Sat Mar 16 13:27:22 UTC 2019] d='*.test.domain.tld'
[Sat Mar 16 13:27:22 UTC 2019] Getting webroot for domain='*.test.domain.tld'
[Sat Mar 16 13:27:22 UTC 2019] _w='dns_netcup'
[Sat Mar 16 13:27:22 UTC 2019] _currentRoot='dns_netcup'
[Sat Mar 16 13:27:22 UTC 2019] response='{"identifier":{"type":"dns","value":"test.domain.tld"},"status":"pending","expires":"2019-03-23T13:27:22Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID","token":"TOKEN"}],"wildcard": true}'
[Sat Mar 16 13:27:22 UTC 2019] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID","token":"TOKEN"'
[Sat Mar 16 13:27:22 UTC 2019] token='TOKEN'
[Sat Mar 16 13:27:22 UTC 2019] uri='https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID'
[Sat Mar 16 13:27:22 UTC 2019] keyauthorization='TOKEN.AUTHKEY'
[Sat Mar 16 13:27:22 UTC 2019] dvlist='*.test.domain.tld#TOKEN.AUTHKEY#https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID#dns-01#dns_netcup'
[Sat Mar 16 13:27:22 UTC 2019] d
[Sat Mar 16 13:27:22 UTC 2019] vlist='*.test.domain.tld#TOKEN.AUTHKEY#https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID#dns-01#dns_netcup,'
[Sat Mar 16 13:27:22 UTC 2019] d='*.test.domain.tld'
[Sat Mar 16 13:27:23 UTC 2019] _d_alias
[Sat Mar 16 13:27:23 UTC 2019] txtdomain='_acme-challenge.test.domain.tld'
[Sat Mar 16 13:27:23 UTC 2019] txt='IAj3SVtEXoSQ-ActbA0bRCsbSsIqpKHdqOaatTpe1XY'
[Sat Mar 16 13:27:23 UTC 2019] d_api='/root/.acme.sh/dnsapi/dns_netcup.sh'
[Sat Mar 16 13:27:23 UTC 2019] dns_entry='test.domain.tld,_acme-challenge.test.domain.tld,,dns_netcup,IAj3SVtEXoSQ-ActbA0bRCsbSsIqpKHdqOaatTpe1XY,/root/.acme.sh/dnsapi/dns_netcup.sh'
[Sat Mar 16 13:27:23 UTC 2019] Found domain api file: /root/.acme.sh/dnsapi/dns_netcup.sh
[Sat Mar 16 13:27:23 UTC 2019] NC_Apikey='"NETCUP_API_KEY"'
[Sat Mar 16 13:27:23 UTC 2019] POST
[Sat Mar 16 13:27:23 UTC 2019] _post_url='https://ccp.netcup.net/run/webservice/servers/endpoint.php?JSON'
[Sat Mar 16 13:27:23 UTC 2019] body='{"action": "login", "param": {"apikey": ""NETCUP_API_KEY"", "apipassword": ""NETCUP_API_PW"", "customernumber": ""NETCUP_CID""}}'
[Sat Mar 16 13:27:23 UTC 2019] _postContentType
[Sat Mar 16 13:27:23 UTC 2019] Http already initialized.
[Sat Mar 16 13:27:23 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header  --trace-ascii /tmp/tmp.pawrXL75If  -g '
[Sat Mar 16 13:27:23 UTC 2019] _ret='0'
[Sat Mar 16 13:27:23 UTC 2019] {"serverrequestid":"k376HRcB3ThmU2N8M3zWNGa0447","clientrequestid":"","action":"undefined","status":"error","statuscode":4013,"shortmessage":"Validation Error.","longmessage":"Api key missing. JSON decode failed while validating request.","responsedata":""}
[Sat Mar 16 13:27:23 UTC 2019] 
[Sat Mar 16 13:27:23 UTC 2019] POST
[Sat Mar 16 13:27:23 UTC 2019] _post_url='https://ccp.netcup.net/run/webservice/servers/endpoint.php?JSON'
[Sat Mar 16 13:27:23 UTC 2019] body='{"action": "updateDnsRecords", "param": {"apikey": ""NETCUP_API_KEY"", "apisessionid": ""responsedata":""}", "customernumber": ""NETCUP_CID"","clientrequestid": "" , "domainname": "domain.tld", "dnsrecordset": { "dnsrecords": [ {"id": "", "hostname": "_acme-challenge.test.domain.tld.", "type": "TXT", "priority": "", "destination": "IAj3SVtEXoSQ-ActbA0bRCsbSsIqpKHdqOaatTpe1XY", "deleterecord": "false", "state": "yes"} ]}}}'
[Sat Mar 16 13:27:23 UTC 2019] _postContentType
[Sat Mar 16 13:27:23 UTC 2019] Http already initialized.
[Sat Mar 16 13:27:23 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header  --trace-ascii /tmp/tmp.pawrXL75If  -g '
[Sat Mar 16 13:27:23 UTC 2019] _ret='0'
[Sat Mar 16 13:27:23 UTC 2019] {"serverrequestid":"jQ4NZW7X74NJc306tMzE4HMzZ8N","clientrequestid":"","action":"undefined","status":"error","statuscode":4013,"shortmessage":"Validation Error.","longmessage":"Api key missing. JSON decode failed while validating request.","responsedata":""}
[Sat Mar 16 13:27:23 UTC 2019] {"serverrequestid":"jQ4NZW7X74NJc306tMzE4HMzZ8N","clientrequestid":"","action":"undefined","status":"error","statuscode":4013,"shortmessage":"Validation Error.","longmessage":"Api key missing. JSON decode failed while validating request.","responsedata":""}
[Sat Mar 16 13:27:23 UTC 2019] Error add txt for domain:_acme-challenge.test.domain.tld
[Sat Mar 16 13:27:23 UTC 2019] _on_issue_err
[Sat Mar 16 13:27:23 UTC 2019] Please check log file for more details: /acme.sh/acme.sh.log
[Sat Mar 16 13:27:23 UTC 2019] _chk_vlist='*.test.domain.tld#TOKEN.AUTHKEY#https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID#dns-01#dns_netcup,'
[Sat Mar 16 13:27:23 UTC 2019] start to deactivate authz
[Sat Mar 16 13:27:23 UTC 2019] Trigger domain validation.
[Sat Mar 16 13:27:23 UTC 2019] _t_url='https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID'
[Sat Mar 16 13:27:23 UTC 2019] _t_key_authz='TOKEN.AUTHKEY'
[Sat Mar 16 13:27:23 UTC 2019] _t_vtype
[Sat Mar 16 13:27:23 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID'
[Sat Mar 16 13:27:23 UTC 2019] payload='{}'
[Sat Mar 16 13:27:23 UTC 2019] Use cached jwk for file: /acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
[Sat Mar 16 13:27:23 UTC 2019] Use _CACHED_NONCE='Ud2-2juZvdVYrPjCQrtUeVOIDyrrObuf3qyeFkBEykg'
[Sat Mar 16 13:27:23 UTC 2019] nonce='Ud2-2juZvdVYrPjCQrtUeVOIDyrrObuf3qyeFkBEykg'
[Sat Mar 16 13:27:23 UTC 2019] POST
[Sat Mar 16 13:27:23 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID'
[Sat Mar 16 13:27:23 UTC 2019] body='{"protected": "PROTECED2", "payload": "e30", "signature": "O0ZlTrlyuweVFmEyyouBU4Thr7T9KewGEJ88Zr2iPulTTJ0s2PoC9vo6oLuRD4qC-h2kkPL4ZZ3Rc0yoUbbYstczRb3G_bDGINHrU7i8aYXUFHutOwn3vsBNeWEfMDgXphjTOAS1ZnjoIvzdQLg6mLfsZ64VZ0RLE0jsvKMBkOYMTUpWeAIO1Gx4Br4zrI24W-lob2xbCVYtiogijFvrF2cISsNwvRNPRwKsaGw8MUtOuc2oBEZKGbvw7QSmvj6Gf5CQDUukps8osituxYozYpoCHbwtxbJZ-y1tKy31XzZwhX3SK5KnEgmvjis6xfD1pS-7BfT70ZOKSNvcDl8VyQ"}'
[Sat Mar 16 13:27:23 UTC 2019] _postContentType='application/jose+json'
[Sat Mar 16 13:27:23 UTC 2019] Http already initialized.
[Sat Mar 16 13:27:23 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header  --trace-ascii /tmp/tmp.pawrXL75If  -g '
[Sat Mar 16 13:27:24 UTC 2019] _ret='0'
[Sat Mar 16 13:27:24 UTC 2019] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 223
Boulder-Requester: 47291477
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Link: <https://acme-v02.api.letsencrypt.org/acme/authz/AUTHID2>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID
Replay-Nonce: cX-swynuUuXcHTGso-gzwXn1TZrRGagR4bPFUbkSJas
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 16 Mar 2019 13:27:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 16 Mar 2019 13:27:24 GMT
Connection: keep-alive
'
[Sat Mar 16 13:27:24 UTC 2019] code='200'
[Sat Mar 16 13:27:24 UTC 2019] original='{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID",
  "token": "TOKEN"
}'
[Sat Mar 16 13:27:24 UTC 2019] response='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/CHALLENGE_ID","token":"TOKEN"}'
[Sat Mar 16 13:27:24 UTC 2019] Diagnosis versions: 
openssl:openssl
OpenSSL 1.0.2q  20 Nov 2018
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>]     groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>        groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>       groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>  groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>      groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>        groups=FD,SOCKET,RETRY,UNIX
      create:<filename> groups=FD,REG,NAMED
      exec:<command-line>       groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface>     groups=FD,SOCKET
      ip-datagram:<host>:<protocol>     groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>        groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>       groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>       groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>      groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>       groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>      groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port>     groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port>     groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty       groups=FD,NAMED,TERMIOS,PTY
      readline  groups=FD,READLINE,TERMIOS
      sctp-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>       groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>       groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>        groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>      groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]    groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>        groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>  groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>        groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port>     groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>  groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>        groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>       groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>      groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>      groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
[Sat Mar 16 13:27:24 UTC 2019] pid
[Sat Mar 16 13:27:24 UTC 2019] No need to restore nginx, skip.
[Sat Mar 16 13:27:24 UTC 2019] _clearupdns
[Sat Mar 16 13:27:24 UTC 2019] dns_entries
[Sat Mar 16 13:27:24 UTC 2019] skip dns.
Vuk996 commented 10 months ago

same problem here. I get the same error message with netcup hoster.