search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.37k stars 4.97k forks source link

dns mode seems broken. Using dns_azure then switches to Cloudflare #2517

Open JimPyeCSS opened 5 years ago

JimPyeCSS commented 5 years ago

Steps to reproduce

I have just upgraded to latest version. v2.8.3 When running with the --dns dns_azure option it starts out OK, but after the 20 second count down the script seems to switch to CloudFlare's DNS Server. In our setup our proxy does not allow access to cloudflare-dns so it errors with the curl code 60.

To work around I need to change the --dns option to use: dnsapi/dns_azure

Guessing there is some variable not using the path properly and it is defaulting back to Cloudflare?

Debug log

Relevant parts: As you can see it works fine up to the countdown, then errors trying to get to Cloudflare which we do not allow.

:~$ acme.sh --renew --force --dns dns_azure --challenge-alias aliasdomanname -d domainnamehere -d *.domainnamehere --log --debug [Tue Oct 1 17:45:41 NZDT 2019] Lets find script dir. [Tue Oct 1 17:45:41 NZDT 2019] SCRIPT='/home/username/.acme.sh/acme.sh' [Tue Oct 1 17:45:41 NZDT 2019] _script='/home/username/.acme.sh/acme.sh' [Tue Oct 1 17:45:41 NZDT 2019] _script_home='/home/username/.acme.sh' [Tue Oct 1 17:45:41 NZDT 2019] Using default home:/home/username/.acme.sh [Tue Oct 1 17:45:41 NZDT 2019] Using config home:/home/username/.acme.sh https://github.com/Neilpang/acme.sh v2.8.3 [Tue Oct 1 17:45:41 NZDT 2019] Running cmd: renew . . . Snip . . . [Tue Oct 1 17:45:54 NZDT 2019] PUT [Tue Oct 1 17:45:54 NZDT 2019] _post_url='https://management.azure.com/subscriptions/xxxx/resourceGroups/common-services/providers/Microsoft.Network/dnszones/aliasdomanname/TXT/_acme-challenge?api-version=2017-09-01' [Tue Oct 1 17:45:54 NZDT 2019] _CURL='curl -L --silent --dump-header /home/username/.acme.sh/http.header -g ' [Tue Oct 1 17:45:56 NZDT 2019] _ret='0' [Tue Oct 1 17:45:56 NZDT 2019] http response code 200 [Tue Oct 1 17:45:56 NZDT 2019] validation value added [Tue Oct 1 17:45:56 NZDT 2019] The txt record is added: Success. [Tue Oct 1 17:45:56 NZDT 2019] Let's check each dns records now. Sleep 20 seconds first. [Tue Oct 1 17:46:17 NZDT 2019] d='domainnamehere' [Tue Oct 1 17:46:17 NZDT 2019] txtdomain='_acme-challenge.domainnamehere' [Tue Oct 1 17:46:17 NZDT 2019] aliasDomain='_acme-challenge.aliasdomanname' [Tue Oct 1 17:46:17 NZDT 2019] txt='xxxxxx' [Tue Oct 1 17:46:17 NZDT 2019] d_api='/home/username/.acme.sh/dnsapi/dns_azure.sh' [Tue Oct 1 17:46:17 NZDT 2019] Checking domainnamehere for _acme-challenge.aliasdomanname [Tue Oct 1 17:46:17 NZDT 2019] _c_txtdomain='_acme-challenge.domainnamehere' [Tue Oct 1 17:46:17 NZDT 2019] _c_aliasdomain='_acme-challenge.aliasdomanname' [Tue Oct 1 17:46:17 NZDT 2019] _c_txt='xxxxxx' [Tue Oct 1 17:46:17 NZDT 2019] GET [Tue Oct 1 17:46:17 NZDT 2019] url='https://cloudflare-dns.com/dns-query?name=_acme-challenge.aliasdomanname&type=TXT' [Tue Oct 1 17:46:17 NZDT 2019] timeout= [Tue Oct 1 17:46:17 NZDT 2019] _CURL='curl -L --silent --dump-header /home/username/.acme.sh/http.header -g ' [Tue Oct 1 17:46:17 NZDT 2019] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60 [Tue Oct 1 17:46:17 NZDT 2019] ret='60' [Tue Oct 1 17:46:17 NZDT 2019] Not valid yet, let's wait 10 seconds and check next one. [Tue Oct 1 17:46:17 NZDT 2019] _p_txtdomain='_acme-challenge.domainnamehere' [Tue Oct 1 17:46:17 NZDT 2019] Cloudflare purge TXT record for domain _acme-challenge.domainnamehere [Tue Oct 1 17:46:17 NZDT 2019] POST [Tue Oct 1 17:46:17 NZDT 2019] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.domainnamehere&type=TXT' [Tue Oct 1 17:46:17 NZDT 2019] _CURL='curl -L --silent --dump-header /home/username/.acme.sh/http.header -g ' [Tue Oct 1 17:46:17 NZDT 2019] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60 [Tue Oct 1 17:46:17 NZDT 2019] _ret='60' [Tue Oct 1 17:46:17 NZDT 2019] _p_txtdomain='_acme-challenge.aliasdomanname' [Tue Oct 1 17:46:17 NZDT 2019] Cloudflare purge TXT record for domain _acme-challenge.aliasdomanname [Tue Oct 1 17:46:17 NZDT 2019] POST [Tue Oct 1 17:46:17 NZDT 2019] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.aliasdomanname&type=TXT' [Tue Oct 1 17:46:17 NZDT 2019] _CURL='curl -L --silent --dump-header /home/username/.acme.sh/http.header -g ' [Tue Oct 1 17:46:17 NZDT 2019] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60 [Tue Oct 1 17:46:17 NZDT 2019] _ret='60' [Tue Oct 1 17:46:28 NZDT 2019] d='domainnamehere' [Tue Oct 1 17:46:28 NZDT 2019] txtdomain='_acme-challenge.domainnamehere' [Tue Oct 1 17:46:28 NZDT 2019] aliasDomain='_acme-challenge.aliasdomanname' [Tue Oct 1 17:46:28 NZDT 2019] txt='xxxxxx' [Tue Oct 1 17:46:28 NZDT 2019] d_api='/home/username/.acme.sh/dnsapi/dns_azure.sh' [Tue Oct 1 17:46:28 NZDT 2019] Checking domainnamehere for _acme-challenge.aliasdomanname [Tue Oct 1 17:46:28 NZDT 2019] _c_txtdomain='_acme-challenge.domainnamehere' [Tue Oct 1 17:46:28 NZDT 2019] _c_aliasdomain='_acme-challenge.aliasdomanname' [Tue Oct 1 17:46:28 NZDT 2019] _c_txt='xxxxxx' [Tue Oct 1 17:46:28 NZDT 2019] GET [Tue Oct 1 17:46:28 NZDT 2019] url='https://cloudflare-dns.com/dns-query?name=_acme-challenge.aliasdomanname&type=TXT' [Tue Oct 1 17:46:28 NZDT 2019] timeout= [Tue Oct 1 17:46:28 NZDT 2019] _CURL='curl -L --silent --dump-header /home/username/.acme.sh/http.header -g ' [Tue Oct 1 17:46:28 NZDT 2019] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60 [Tue Oct 1 17:46:28 NZDT 2019] ret='60' [Tue Oct 1 17:46:28 NZDT 2019] Not valid yet, let's wait 10 seconds and check next one. [Tue Oct 1 17:46:28 NZDT 2019] _p_txtdomain='_acme-challenge.domainnamehere' [Tue Oct 1 17:46:28 NZDT 2019] Cloudflare purge TXT record for domain _acme-challenge.domainnamehere [Tue Oct 1 17:46:28 NZDT 2019] POST [Tue Oct 1 17:46:28 NZDT 2019] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.domainnamehere&type=TXT' [Tue Oct 1 17:46:28 NZDT 2019] _CURL='curl -L --silent --dump-header /home/username/.acme.sh/http.header -g ' [Tue Oct 1 17:46:28 NZDT 2019] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60 [Tue Oct 1 17:46:28 NZDT 2019] _ret='60' [Tue Oct 1 17:46:28 NZDT 2019] _p_txtdomain='_acme-challenge.aliasdomanname' [Tue Oct 1 17:46:28 NZDT 2019] Cloudflare purge TXT record for domain _acme-challenge.aliasdomanname [Tue Oct 1 17:46:28 NZDT 2019] POST [Tue Oct 1 17:46:28 NZDT 2019] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.aliasdomanname&type=TXT' [Tue Oct 1 17:46:28 NZDT 2019] _CURL='curl -L --silent --dump-header /home/username/.acme.sh/http.header -g ' [Tue Oct 1 17:46:28 NZDT 2019] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60 [Tue Oct 1 17:46:28 NZDT 2019] _ret='60'

acme.sh  --issue .....   --debug 2
portah commented 5 years ago

I believe it is not switching it is designed that way. However, https://cloudflare-dns.com/dns-query? does not response properly anymore.

That URL is hardcoded into acme.sh and used by __check_txt

portah commented 5 years ago

If you sure that everything works right (txt record is added, etc) only problem with CF verification you can comment that out in bash script, but I'm not quite sure, what those purge and check_txt supposed todo

Neilpang commented 5 years ago

please upgrade to the latest code and try again.

acme.sh  --upgrade
JimPyeCSS commented 5 years ago

I did the upgrade to 2.8.4. Ran the script for a new certificate (--issue). It seems to have worked OK. I have several Certificates due for renewal in a couple of days, so will keep an eye on them to make sure they also work.

Cheers Jim

90rdon commented 5 years ago

What is the status on this issue? I'm running into the same problem as mentioned above. I was able to add the challenge to azure with the dns_azure option. It failed to verify afterwards, because it seems to connect to CloudFlare for verification. I'd upgraded to 2.8.4 and the issue still persist.

paul-court commented 4 years ago

Hit a very similar error today.

In my case, it was because simething in acme.sh did not like a space in my path. I switched from "/srv/Filestore/SSL Certs/acme.sh/" to "/srv/Filestore/ssl_certs/acme.sh" and it worked fine.

(Just in-case it helps anyone else out)