Open jradxl opened 3 years ago
jradxl
commented
3 years ago Seems to be working today. Was changing from subdomains to wildcard, so may have had something wrong in the DNS records on dynu.com. I deleted the entry and started again, and it worked.
spoolio
commented
3 years ago Having this same issues with Dynu as well, but sleeping on it hasn't helped. I'm running it from within a pfSense install.
It seems to be failing on/after the https://api.dynu.com/v2/dns/getroot/net hit. I put my output below. I'd also tried the non-wildcarded domain previously, with the same results. Just trying to get a cert for a captive portal for the pfsense server itself underneath the third level domain.
pfsense_PortalGUI Renewing certificate account: pfsense.spool-GUI-key server: letsencrypt-staging-2
/usr/local/pkg/acme/acme.sh --issue --domain '.XXXX.dynu.net' --dns 'dns_dynu' --home '/tmp/acme/pfsense_PortalGUI/' --accountconf '/tmp/acme/pfsense_PortalGUI/accountconf.conf' --force --reloadCmd '/tmp/acme/pfsense_PortalGUI/reloadcmd.sh' --dnssleep '600' --log-level 3 --log '/tmp/acme/pfsense_PortalGUI/acme_issuecert.log' Array ( [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/ [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/ [Dynu_ClientId] => XXXXXXXXXXXXXXXXXX [Dynu_Secret] => XXXXXXXXXXXXXXXX ) [Sun Dec 6 16:25:53 UTC 2020] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory [Sun Dec 6 16:25:54 UTC 2020] Single domain='.XXXXX.dynu.net' [Sun Dec 6 16:25:54 UTC 2020] Getting domain auth token for each domain [Sun Dec 6 16:25:58 UTC 2020] Getting webroot for domain='*.XXXXXX.dynu.net' [Sun Dec 6 16:25:58 UTC 2020] Adding txt value: XXXXXXXXXXXXXXXXXXXXXXXXXX for domain: _acme-challenge.XXXXX.dynu.net [Sun Dec 6 16:25:58 UTC 2020] Getting Dynu token. [Sun Dec 6 16:25:59 UTC 2020] Getting https://api.dynu.com/v2/dns/getroot/XXXXXXXX.dynu.net [Sun Dec 6 16:25:59 UTC 2020] Getting https://api.dynu.com/v2/dns/getroot/dynu.net [Sun Dec 6 16:26:00 UTC 2020] Getting https://api.dynu.com/v2/dns/getroot/net [Sun Dec 6 16:26:01 UTC 2020] Invalid domain. [Sun Dec 6 16:26:01 UTC 2020] Error add txt for domain:_acme-challenge.XXXXXXXXX.dynu.net [Sun Dec 6 16:26:01 UTC 2020] Please check log file for more details: /tmp/acme/pfsense_PortalGUI/acme_issuecert.log
litsiew
commented
1 month ago Hi All, I'm having this same problem with Dynu DNS. I had 10 certificates to be renewed and only 8 renewed successfully through the ACME app in Pfsense, except for 2 with the same error "add text for domain:_acme-challenge.xxxxxxx.mydomain.com.
Note that I've purchased that "mydomain.com" in Dynu as well. Any help will be appreciated.
acme.sh --version
https://github.com/acmesh-official/acme.sh v2.8.8
Steps to reproduce
/root/.acme.sh/acme.sh \ --issue \ --dns dns_dynu \ -d XXXXX.dynu.net \ --test
Debug log
Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory Using CA: https://acme-staging-v02.api.letsencrypt.org/directory Single domain='XXXXX.dynu.net' Getting domain auth token for each domain Getting webroot for domain='XXXXX.dynu.net' Adding txt value: s6uIrpoAsSTswfPWaAKOF2r9s5Ud378XA2hnpPY89Zo for domain: _acme-challenge.XXXXX.dynu.net Getting Dynu token. Getting https://api.dynu.com/v2/dns/getroot/XXXXX.dynu.net Getting https://api.dynu.com/v2/dns/getroot/dynu.net Getting https://api.dynu.com/v2/dns/getroot/net Invalid domain. Error add txt for domain:_acme-challenge.XXXXX.dynu.net Please check log file for more details: /root/.acme.sh/acme.sh.log
Running cmd: issue _main_domain='XXXXX.dynu.net' _alt_domains='no' Using config home:/root/.acme.sh Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory' DOMAIN_PATH='/root/.acme.sh/XXXXX.dynu.net' Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory GET url='https://acme-staging-v02.api.letsencrypt.org/directory' timeout= _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.SxWxsBND7x -g ' ret='0' ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change' ACME_NEW_AUTHZ ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct' ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert' ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' ACME_VERSION='2' Le_NextRenewTime Using CA: https://acme-staging-v02.api.letsencrypt.org/directory _on_before_issue _chk_main_domain='XXXXX.dynu.net' _chk_alt_domains Le_LocalAddress d='XXXXX.dynu.net' Check for domain='XXXXX.dynu.net' _currentRoot='dns_dynu' d _saved_account_key_hash is not changed, skip register account. Read key length: _createcsr Single domain='XXXXX.dynu.net' Getting domain auth token for each domain d url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' payload='{"identifiers": [{"type":"dns","value":"XXXXX.dynu.net"}]}' RSA key HEAD _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.fv6LYDna8e -g -I ' _ret='0' POST _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.fv6LYDna8e -g ' _ret='0' code='201' Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/16078653/165917035' Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/16078653/165917035' url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/131280515' payload POST _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/131280515' _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.fv6LYDna8e -g ' _ret='0' code='200' d='XXXXX.dynu.net' Getting webroot for domain='XXXXX.dynu.net' _w='dns_dynu' _currentRoot='dns_dynu' entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/131280515/BFks6w","token":"SfKv5CUDX5N0M77LM3MCx0XhAcWOTXdfSTeBLEo_YVs"' token='SfKv5CUDX5N0M77LM3MCx0XhAcWOTXdfSTeBLEo_YVs' uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/131280515/BFks6w' keyauthorization='SfKv5CUDX5N0M77LM3MCx0XhAcWOTXdfSTeBLEo_YVs.Jl66jHMdxc_UjUxnQDuuHsXX_Fc3_UCcrfZGLdxaQ7k' dvlist='XXXXX.dynu.net#SfKv5CUDX5N0M77LM3MCx0XhAcWOTXdfSTeBLEo_YVs.Jl66jHMdxc_UjUxnQDuuHsXX_Fc3_UCcrfZGLdxaQ7k#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/131280515/BFks6w#dns-01#dns_dynu' d vlist='XXXXX.dynu.net#SfKv5CUDX5N0M77LM3MCx0XhAcWOTXdfSTeBLEo_YVs.Jl66jHMdxc_UjUxnQDuuHsXX_Fc3_UCcrfZGLdxaQ7k#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/131280515/BFks6w#dns-01#dns_dynu,' d='XXXXX.dynu.net' _d_alias txtdomain='_acme-challenge.XXXXX.dynu.net' txt='qUb6KNJWUQiSqDXHSX9caw-lBm1cjc_OfHi2ACuZTTI' d_api='/root/.acme.sh/dnsapi/dns_dynu.sh' Found domain api file: /root/.acme.sh/dnsapi/dns_dynu.sh Adding txt value: qUb6KNJWUQiSqDXHSX9caw-lBm1cjc_OfHi2ACuZTTI for domain: _acme-challenge.XXXXX.dynu.net Getting Dynu token. GET url='https://api.dynu.com/v2/oauth2/token' timeout= _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.fv6LYDna8e -g ' ret='0' Detect root zone h='XXXXX.dynu.net' dns/getroot/XXXXX.dynu.net Getting https://api.dynu.com/v2/dns/getroot/XXXXX.dynu.net GET url='https://api.dynu.com/v2/dns/getroot/XXXXX.dynu.net' timeout= _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.fv6LYDna8e -g ' ret='0' h='dynu.net' dns/getroot/dynu.net Getting https://api.dynu.com/v2/dns/getroot/dynu.net GET url='https://api.dynu.com/v2/dns/getroot/dynu.net' timeout= _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.fv6LYDna8e -g ' ret='0' h='net' dns/getroot/net Getting https://api.dynu.com/v2/dns/getroot/net GET url='https://api.dynu.com/v2/dns/getroot/net' timeout= _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.fv6LYDna8e -g ' ret='0' h Invalid domain. Error add txt for domain:_acme-challenge.XXXXX.dynu.net _on_issue_err Please check log file for more details: /root/.acme.sh/acme.sh.log url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/131280515/BFks6w' payload='{}' POST _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/131280515/BFks6w' _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.fv6LYDna8e -g ' _ret='0' code='200' socat doesn't exist. Diagnosis versions: openssl:openssl OpenSSL 1.1.1f 31 Mar 2020 apache: apache doesn't exist. nginx: nginx version: nginx/1.18.0 (Ubuntu) built with OpenSSL 1.1.1f 31 Mar 2020 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-5J5hor/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-5J5hor/nginx-1.18.0/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-5J5hor/nginx-1.18.0/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-5J5hor/nginx-1.18.0/debian/modules/http-echo --add-dynamic-module=/build/nginx-5J5hor/nginx-1.18.0/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-5J5hor/nginx-1.18.0/debian/modules/http-subs-filter --add-dynamic-module=/build/nginx-5J5hor/nginx-1.18.0/debian/modules/http-geoip2 socat: pid No need to restore nginx, skip. _clearupdns dns_entries skip dns.