Open NovaViper opened 4 years ago
If this is a bug report, please upgrade to the latest code and try again:
如果有 bug, 请先更新到最新版试试:
acme.sh --upgrade
please also provide the log with --debug 2
.
同时请提供调试输出 --debug 2
see: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Without --debug 2
log, your issue will NEVER get replied.
没有调试输出, 你的 issue 不会得到任何解答.
Same issue - also duckdns
Same issue - also duckdns
I just had the exact same issue with DuckDNS. Acme.sh has worked brilliantly for years to issue and renew certificates through its dnsapi for DuckDNS, but now I get the same error in adding TXT record and can't renew or issue new certificates. My level 2 debug log looks exactly like the one above other than different domain. Thanks for looking into this.
I just tried my duckdns, it works as expected.
please check your duckdns token.
I also added more dubug info. please upgrade to the latest dev branch and try again.
acme.sh --upgrade -b dev
acme.sh --issue -d ...... --debug 2
I'm having the same issue, it seems like duckdns doesn't allow creation/updates of subdomains anymore https://www.duckdns.org/update?domains=_acme-challenge.mydomain.duckdns.org&token=myToken&txt=aValue&verbose=true
only return: KO
while: https://www.duckdns.org/update?domains=mydomain.duckdns.org&token=myToken&txt=aValue&verbose=true returns:
OK
aValue
UPDATED
After playing a bit with their API. I found that if you set a TXT-value to mydomain.duckdns.org. What ever subdomain.mydomain.duckdns.org you ask for you get that value.
IE:
if a do a GET against:
https://www.duckdns.org/update?domains=mydomain.duckdns.org&token=myToken&txt=aUniqueValue
the response is: OK
If i then do:
dig _something_random.mydomain.duckdns.org TXT @ns1.duckdns.org
i get the value: aUniqueValue
I can't find somewhere that they've changed their API's, but i certainly seems like they have...
I just verified an extremly ugly workaround/quickfix.
In the _get method i just removed the _acme-challenge part from the query string. IE changing the domain from: _acme-challenge.mydomain.duckdns.org
to mydomain.duckdns.org
And it worked.... So DuckDNS must've changed their API's (without changing the documentation)
So any news on a fix after these findings? Or do we have to do a manual hack to get it working again?
Again, I tried with my duckdns domain. it works as expected.
If anyone has problems, please provide your log with --debug 2
. Otherwise, I can not help you.
You can add '--domain-alias mydomain.duckdns.org' to the command and it will work.
Just upgraded and the issue persists.
You can add '--domain-alias mydomain.duckdns.org' to the command and it will work.
If I understand this correctly I ran;
acme.sh --renew -d 'mydomain.duckdns.org' --domain-alias 'mydomain.duckdns.org'
Still getting TXT record response=KO.
Managed to get a log file using --debug 2;
Again, I tried with my duckdns domain. it works as expected.
If anyone has problems, please provide your log with
--debug 2
. Otherwise, I can not help you.
Any news? Or value in the log I posted?
Again, I tried with my duckdns domain. it works as expected. If anyone has problems, please provide your log with
--debug 2
. Otherwise, I can not help you.Any news? Or value in the log I posted?
The problem is here, you can't add this record to DuckDNS:
Error add txt for domain:_acme-challenge.myDomain.duckdns.org
However it's working for me (single domain not multi) using --domain-alias mydomain.duckdns.org
add the domain/IP once manually on the duckdns website, then attempt the cert creation/renewal. it works this way
I can't seem to make acme.sh v2.8.6 (i've ran acme.sh --upgrade and it gave me that version) issue a certificate on my raspberry pi 3B+, it throws an error immediately saying while trying to add the TXT record,
Steps to reproduce
acme.sh --insecure --issue --dns dns_duckdns -d novaender.duckdns.org --renew-hook "cat /root/.acme.sh/novaender.duckdns.org/fullchain.cer /root/.acme.sh/novaender.duckdns.org/novaender.duckdns.org.key >/etc/ssl/snakeoil.pem && systemctl reload haproxy"
Debug log