acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.34k stars 4.97k forks source link

Report bugs to cPanel dns api #3732

Open arnebjarne opened 3 years ago

arnebjarne commented 3 years ago

This is the place to report bugs in the cPanel DNS API.

If you experience a bug, please report it in this issue.

Thanks!

deejayexe commented 3 years ago

Hi! i install acme.sh in docker with last release acme.sh:dev But when i try it with my api user cPanel_Username, cPanel_Apitoken, cPanel_Hostname , find this error: No matching root domain for _acme-challenge.subdomain.domain.com found

docker exec acme.sh --issue --force --log --dns dns_cpanel -d subdomain.domain.com

[Mon Oct 11 10:52:13 UTC 2021] Getting domain auth token for each domain [Mon Oct 11 10:52:15 UTC 2021] Getting webroot for domain='subdomain.domain.com' [Mon Oct 11 10:52:15 UTC 2021] Adding txt value: XXXXXXXXX_Tfe_Aj1I9cO63CQl249J-vs4OBdYdEYgnA for domain: _acme-challenge.subdomain.domain.com [Mon Oct 11 10:52:15 UTC 2021] Adding TXT record to cPanel based system [Mon Oct 11 10:52:15 UTC 2021] No matching root domain for _acme-challenge.subdomain.domain.com found [Mon Oct 11 10:52:15 UTC 2021] Error add txt for domain:_acme-challenge.subdomain.domain.com [Mon Oct 11 10:52:15 UTC 2021] Please check log file for more details: /acme.sh/acme.sh.log

This error of matching root domain also i have with domain or other subdomain. In acme.sh.log:

[Mon Oct 11 10:41:36 UTC 2021] timeout= [Mon Oct 11 10:41:36 UTC 2021] displayError='1' [Mon Oct 11 10:41:36 UTC 2021] _CURL='curl --silent --dump-header /acme.sh/http.header -L ' [Mon Oct 11 10:41:36 UTC 2021] ret='0' [Mon Oct 11 10:41:36 UTC 2021] _hcode='0' [Mon Oct 11 10:41:36 UTC 2021] First detect the root zone [Mon Oct 11 10:41:36 UTC 2021] Retrying GET [Mon Oct 11 10:41:36 UTC 2021] GET [Mon Oct 11 10:41:36 UTC 2021] url='https://xxxxxxxxxxxxxxxxx:2083/json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' [Mon Oct 11 10:41:36 UTC 2021] timeout= [Mon Oct 11 10:41:36 UTC 2021] displayError='1' [Mon Oct 11 10:41:36 UTC 2021] _CURL='curl --silent --dump-header /acme.sh/http.header -L ' [Mon Oct 11 10:41:37 UTC 2021] ret='0' [Mon Oct 11 10:41:37 UTC 2021] _hcode='0' [Mon Oct 11 10:41:37 UTC 2021] _result is: {"cpanelresult":{"apiversion":"2","error":"Access denied","data":{"reason":"Access denied","result":"0"},"type":"text"}} [Mon Oct 11 10:41:37 UTC 2021] _domains is: apiversion [Mon Oct 11 10:41:37 UTC 2021] Checking if _acme-challenge.subdomain.domain.com ends with apiversion [Mon Oct 11 10:41:37 UTC 2021] No matching root domain for _acme-challenge.subdomain.domain.com found [Mon Oct 11 10:41:37 UTC 2021] Error add txt for domain:_acme-challenge.subdomain.domain.com [Mon Oct 11 10:41:37 UTC 2021] _on_issue_err [Mon Oct 11 10:41:37 UTC 2021] Please check log file for more details: /acme.sh/acme.sh.log [Mon Oct 11 10:41:37 UTC 2021] url='https://acme.zerossl.com/v2/DV90/chall/cb5CcYBuWDYV4RsKp4h-7Q' [Mon Oct 11 10:41:37 UTC 2021] payload='{}' [Mon Oct 11 10:41:37 UTC 2021] Retrying post [Mon Oct 11 10:41:37 UTC 2021] POST [Mon Oct 11 10:41:37 UTC 2021] _post_url='https://acme.zerossl.com/v2/DV90/chall/cb5CcYBuWDYV4RsKp4h-7Q' [Mon Oct 11 10:41:37 UTC 2021] _CURL='curl --silent --dump-header /acme.sh/http.header -L ' [Mon Oct 11 10:41:37 UTC 2021] _ret='0' [Mon Oct 11 10:41:37 UTC 2021] _hcode='0' [Mon Oct 11 10:41:37 UTC 2021] code='200' [Mon Oct 11 10:41:37 UTC 2021] pid [Mon Oct 11 10:41:37 UTC 2021] No need to restore nginx, skip. [Mon Oct 11 10:41:37 UTC 2021] _clearupdns [Mon Oct 11 10:41:37 UTC 2021] dns_entries [Mon Oct 11 10:41:37 UTC 2021] skip dns.

Also i test with manual (--dns \ --yes-I-know-dns-manual-mode-enough-go-ahead-please) --issue and i dont have problem if i put txt acme challenge but manual it isnt a solution becasue i need to automation it.

Thanks.

arnebjarne commented 3 years ago

result is: {"cpanelresult":{"apiversion":"2","error":"Access denied","data":{"reason":"Access denied","result":"0"},"type":"text"}}

Your username or api token is not right.

deejayexe commented 3 years ago

result is: {"cpanelresult":{"apiversion":"2","error":"Access denied","data":{"reason":"Access denied","result":"0"},"type":"text"}}

Your username or api token is not right.

No it is correct, also I deleted and created newly but always say same error, maybe it is other problem?

arnebjarne commented 3 years ago

result is: {"cpanelresult":{"apiversion":"2","error":"Access denied","data":{"reason":"Access denied","result":"0"},"type":"text"}} Your username or api token is not right.

No it is correct, also I deleted and created newly but always say same error, maybe it is other problem?

May I ask how you have configured your username, token and url inside the docker container?

deejayexe commented 3 years ago

Inside -v /share/acme account.conf i put export cPanel_Username=username, export cPanel_Apitoken=xxxxxxxxxx, export cPanel_Hostname=https://url:2083 , if i put wrong url it dont connect and if i put incorrect username o apitoken return [Tue Oct 12 18:04:43 UTC 2021] cPanel Login failed for user username111 I put this export cPanel_Username=username export cPanel_Apitoken=xxxxxxxxxx export cPanel_Hostname=https://url:2083

and return this in account.conf: SAVED_cPanel_Username='username' SAVED_cPanel_Apitoken='xxxxxxxxxx' SAVED_cPanel_Hostname='https://url:2083'

But without luck always same message: No matching root domain for _acme-challenge.subdomain.domain.com found [Tue Oct 12 18:08:48 UTC 2021] Error add txt for domain:_acme-challenge.subdomain.domain.com

arnebjarne commented 3 years ago

Inside -v /share/acme account.conf i put export cPanel_Username=username, export cPanel_Apitoken=xxxxxxxxxx, export cPanel_Hostname=https://url:2083 , if i put wrong url it dont connect and if i put incorrect username o apitoken return [Tue Oct 12 18:04:43 UTC 2021] cPanel Login failed for user username111 I put this export cPanel_Username=username export cPanel_Apitoken=xxxxxxxxxx export cPanel_Hostname=https://url:2083

and return this in account.conf: SAVED_cPanel_Username='username' SAVED_cPanel_Apitoken='xxxxxxxxxx' SAVED_cPanel_Hostname='https://url:2083'

But without luck always same message: No matching root domain for _acme-challenge.subdomain.domain.com found [Tue Oct 12 18:08:48 UTC 2021] Error add txt for domain:_acme-challenge.subdomain.domain.com

I cannot say why it fails for you. I have just tested with a docker image

docker run --rm  -it -v "$(pwd)/out":/acme.sh --net=host neilpang/acme.sh --issue -d example.com --standalone

echo "SAVED_cPanel_Username='MY_CPANEL_ADMIN_ACCOUNT'" | sudo tee -a $(pwd)/out/account.conf
echo "SAVED_cPanel_Apitoken='MY_CPANEL_TOKEN'" | sudo tee -a $(pwd)/out/account.conf
echo "SAVED_cPanel_Hostname='https://cp04.nordicway.dk:2083'" | sudo tee -a $(pwd)/out/account.conf

docker run --rm -it -v "$(pwd)/out":/acme.sh --net=host neilpang/acme.sh --set-default-ca --server letsencrypt
docker run --rm -it -v "$(pwd)/out":/acme.sh --net=host neilpang/acme.sh --issue --force --staging --dns dns_cpanel --dnssleep 300 -d '*.saltbaek.dk'

works for me (note I used LE's staging environment).

arnebjarne commented 3 years ago

Inside -v /share/acme account.conf i put export cPanel_Username=username, export cPanel_Apitoken=xxxxxxxxxx, export cPanel_Hostname=https://url:2083 , if i put wrong url it dont connect and if i put incorrect username o apitoken return [Tue Oct 12 18:04:43 UTC 2021] cPanel Login failed for user username111 I put this export cPanel_Username=username export cPanel_Apitoken=xxxxxxxxxx export cPanel_Hostname=https://url:2083

and return this in account.conf: SAVED_cPanel_Username='username' SAVED_cPanel_Apitoken='xxxxxxxxxx' SAVED_cPanel_Hostname='https://url:2083'

But without luck always same message: No matching root domain for _acme-challenge.subdomain.domain.com found [Tue Oct 12 18:08:48 UTC 2021] Error add txt for domain:_acme-challenge.subdomain.domain.com

You can test your api key with

curl -s -H 'Authorization: cpanel CPANEL_ADMIN_ACCOUNT:CPANEL_TOKEN' 'https://CPANEL_URL:2083/json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones'

Of course replace CPANEL_ADMIN_ACCOUNT and CPANEL_TOKEN with your settings...

Xebozone commented 3 years ago

Hello,

I'm trying to the the cPanel API with NameCheap cPanel. I've exported the correct data and ran command: acme.sh --issue --dns dns_cpanel -d SOMEDOMAIN.com

This fails. The command appears to have the error: Token authentication allows access to UAPI or API 2 calls only

Log attached: log.log

Note: I tried testing the API key with: curl -s -H 'Authorization: USERNAME:KEY' 'https://URL:2083/json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' and this was fine

arnebjarne commented 3 years ago

Hello,

I'm trying to the the cPanel API with NameCheap cPanel. I've exported the correct data and ran command: acme.sh --issue --dns dns_cpanel -d SOMEDOMAIN.com

This fails. The command appears to have the error: Token authentication allows access to UAPI or API 2 calls only

Log attached: log.log

Note: I tried testing the API key with: curl -s -H 'Authorization: USERNAME:KEY' 'https://URL:2083/json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' and this was fine

[Fri Oct 15 22:05:54 EDT 2021] url='premium131.web-hosting.com:2083/json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones'

From the log it looks like you have set the URL to premium131.web-hosting.com without the https It must be

cPanel_Hostname=https://premium131.web-hosting.com

It might be confusing to people that i named the variable Hostname and not URL. A hostname is only a name wereas a URL can/may be prefixed with protocol (http://, https://, ftp:// etc)

Xebozone commented 3 years ago

I want to slap myself now. Thanks!

deejayexe commented 3 years ago

result is: {"cpanelresult":{"apiversion":"2","error":"Access denied","data":{"reason":"Access denied","result":"0"},"type":"text"}}

Your username or api token is not right.

Finally i solve it, with hosting and api token, now i can run command without issues. Thanks for ur pattient.

mcn18 commented 3 years ago

This script does not work when a subdomain is the main cPanel domain. For example, my CP account domain is sub.example.com so it should add DNS record to the sub.example.com zone but instead it tried to add it to the example.com zone.

arnebjarne commented 3 years ago

This script does not work when a subdomain is the main cPanel domain. For example, my CP account domain is sub.example.com so it should add DNS record to the sub.example.com zone but instead it tried to add it to the example.com zone.

Yes, this was how I made the script.

Neilpang commented 3 years ago

@arnebjarne

Yes, this was how I made the script.

why?

nezam05 commented 2 years ago

When a subdomain is added to cPanel only as a dns record, instead of using subdomain feature, the client returns

[Thu 09 Dec 2021 07:34:11 PM UTC] No matching root domain for _acme-challenge.mydomain.net found [Thu 09 Dec 2021 07:34:11 PM UTC] Error add txt for domain:_acme-challenge.mydomain.net the --debug shows that the client is able to fetch all dns records from cPanel dns.

bradpoulton commented 2 years ago

@arnebjarne Hello, I am having an issue with the dns_cpanel script. It looks like it is not able to find my dns record even though it is there.

[Mon Jan 10 17:47:47 MST 2022] Using CA: https://acme.zerossl.com/v2/DV90
[Mon Jan 10 17:47:47 MST 2022] Single domain='*.home.mydomain.com'
[Mon Jan 10 17:47:47 MST 2022] Getting domain auth token for each domain
[Mon Jan 10 17:48:00 MST 2022] Getting webroot for domain='*.home.mydomain.com'
[Mon Jan 10 17:48:00 MST 2022] Adding txt value: cnESzRSA4xxU-p5sometokenasdf for domain:  _acme-challenge.home.mydomain.com
[Mon Jan 10 17:48:00 MST 2022] Adding TXT record to cPanel based system
[Mon Jan 10 17:48:02 MST 2022] No matching root domain for _acme-challenge.home.mydomain.com found
[Mon Jan 10 17:48:02 MST 2022] Error add txt for domain:_acme-challenge.home.mydomain.com

When I look at the _result variable around line 123 in dns_cpanel.sh, it looks like sometimes the script is getting the correct values and sometimes it is not. Any help is appreciated.

Xebozone commented 2 years ago

@arnebjarne I still cannot get this to work. It may be because I have multiple domains on my hosting? When it does Checking if DOMAIN ends with DOMAIN , it doesn't check for all the zones in the JSON it found from CPANEL, just the first one? If I tried multiple times, it may be successful as CPANEL API seems to return zones randomly. One of my domains may have luckily renewed at a time because of this randomness. My log attached. acme.sh.log

EDIT: I can confirm, I put the renew script in a while loop and eventually all my domains got issued. Looks like a real script bug. while true; do acme.sh --renew-all; sleep 3; done

F03SD commented 2 years ago

Hiya All. have some problem with provider: reg[.]ru

Fully debug outpud here:

root@certbot:/home/crt# acme.sh --issue --force --dns dns_cpanel --dnssleep 300 --debug -d vcsa.mydomain.ru [Thu 27 Jan 2022 02:06:52 PM MSK] Lets find script dir. [Thu 27 Jan 2022 02:06:52 PM MSK] _SCRIPT_='/root/.acme.sh/acme.sh' [Thu 27 Jan 2022 02:06:52 PM MSK] _script='/root/.acme.sh/acme.sh' [Thu 27 Jan 2022 02:06:52 PM MSK] _script_home='/root/.acme.sh' [Thu 27 Jan 2022 02:06:52 PM MSK] Using config home:/root/.acme.sh https://github.com/acmesh-official/acme.sh v3.0.2 [Thu 27 Jan 2022 02:06:52 PM MSK] Running cmd: issue [Thu 27 Jan 2022 02:06:52 PM MSK] _main_domain='vcsa.mydomain.ru' [Thu 27 Jan 2022 02:06:52 PM MSK] _alt_domains='no' [Thu 27 Jan 2022 02:06:52 PM MSK] Using config home:/root/.acme.sh [Thu 27 Jan 2022 02:06:52 PM MSK] default_acme_server='https://acme-v02.api.letsencrypt.org/directory' [Thu 27 Jan 2022 02:06:52 PM MSK] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Thu 27 Jan 2022 02:06:52 PM MSK] DOMAIN_PATH='/root/.acme.sh/vcsa.mydomain.ru' [Thu 27 Jan 2022 02:06:52 PM MSK] Le_NextRenewTime [Thu 27 Jan 2022 02:06:52 PM MSK] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory [Thu 27 Jan 2022 02:06:52 PM MSK] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Thu 27 Jan 2022 02:06:52 PM MSK] GET [Thu 27 Jan 2022 02:06:52 PM MSK] url='https://acme-v02.api.letsencrypt.org/directory' [Thu 27 Jan 2022 02:06:52 PM MSK] timeout= [Thu 27 Jan 2022 02:06:52 PM MSK] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Thu 27 Jan 2022 02:06:52 PM MSK] ret='0' [Thu 27 Jan 2022 02:06:52 PM MSK] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change' [Thu 27 Jan 2022 02:06:52 PM MSK] ACME_NEW_AUTHZ [Thu 27 Jan 2022 02:06:52 PM MSK] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order' [Thu 27 Jan 2022 02:06:52 PM MSK] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct' [Thu 27 Jan 2022 02:06:52 PM MSK] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert' [Thu 27 Jan 2022 02:06:52 PM MSK] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Thu 27 Jan 2022 02:06:52 PM MSK] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Thu 27 Jan 2022 02:06:52 PM MSK] Using CA: https://acme-v02.api.letsencrypt.org/directory [Thu 27 Jan 2022 02:06:52 PM MSK] _on_before_issue [Thu 27 Jan 2022 02:06:52 PM MSK] _chk_main_domain='vcsa.mydomain.ru' [Thu 27 Jan 2022 02:06:52 PM MSK] _chk_alt_domains [Thu 27 Jan 2022 02:06:52 PM MSK] Le_LocalAddress [Thu 27 Jan 2022 02:06:52 PM MSK] d='vcsa.mydomain.ru' [Thu 27 Jan 2022 02:06:52 PM MSK] Check for domain='vcsa.mydomain.ru' [Thu 27 Jan 2022 02:06:52 PM MSK] _currentRoot='dns_cpanel' [Thu 27 Jan 2022 02:06:52 PM MSK] d [Thu 27 Jan 2022 02:06:52 PM MSK] _saved_account_key_hash is not changed, skip register account. [Thu 27 Jan 2022 02:06:52 PM MSK] Read key length: [Thu 27 Jan 2022 02:06:52 PM MSK] _createcsr [Thu 27 Jan 2022 02:06:52 PM MSK] Single domain='vcsa.mydomain.ru' [Thu 27 Jan 2022 02:06:52 PM MSK] Getting domain auth token for each domain [Thu 27 Jan 2022 02:06:52 PM MSK] d [Thu 27 Jan 2022 02:06:52 PM MSK] url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Thu 27 Jan 2022 02:06:52 PM MSK] payload='{"identifiers": [{"type":"dns","value":"vcsa.mydomain.ru"}]}' [Thu 27 Jan 2022 02:06:52 PM MSK] RSA key [Thu 27 Jan 2022 02:06:53 PM MSK] HEAD [Thu 27 Jan 2022 02:06:53 PM MSK] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Thu 27 Jan 2022 02:06:53 PM MSK] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g -I ' [Thu 27 Jan 2022 02:06:53 PM MSK] _ret='0' [Thu 27 Jan 2022 02:06:53 PM MSK] POST [Thu 27 Jan 2022 02:06:53 PM MSK] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Thu 27 Jan 2022 02:06:53 PM MSK] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Thu 27 Jan 2022 02:06:54 PM MSK] _ret='0' [Thu 27 Jan 2022 02:06:54 PM MSK] code='201' [Thu 27 Jan 2022 02:06:54 PM MSK] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/359004860/58874341370' [Thu 27 Jan 2022 02:06:54 PM MSK] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/359004860/58874341370' [Thu 27 Jan 2022 02:06:54 PM MSK] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/72398394180' [Thu 27 Jan 2022 02:06:54 PM MSK] payload [Thu 27 Jan 2022 02:06:54 PM MSK] POST [Thu 27 Jan 2022 02:06:54 PM MSK] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/72398394180' [Thu 27 Jan 2022 02:06:54 PM MSK] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Thu 27 Jan 2022 02:06:54 PM MSK] _ret='0' [Thu 27 Jan 2022 02:06:54 PM MSK] code='200' [Thu 27 Jan 2022 02:06:54 PM MSK] d='vcsa.mydomain.ru' [Thu 27 Jan 2022 02:06:54 PM MSK] Getting webroot for domain='vcsa.mydomain.ru' [Thu 27 Jan 2022 02:06:54 PM MSK] _w='dns_cpanel' [Thu 27 Jan 2022 02:06:54 PM MSK] _currentRoot='dns_cpanel' [Thu 27 Jan 2022 02:06:55 PM MSK] entry='"type":"dns-01","status":"pending","url":https://acme-v02.api.letsencrypt.org/acme/chall-v3/72398394180/178krA,"token":"mytoken"' [Thu 27 Jan 2022 02:06:55 PM MSK] token='mytoken' [Thu 27 Jan 2022 02:06:55 PM MSK] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/72398394180/178krA' [Thu 27 Jan 2022 02:06:55 PM MSK] keyauthorization='mytoken.mytokenv2' [Thu 27 Jan 2022 02:06:55 PM MSK] dvlist='vcsa.mydomain.ru#mytoken.mytokenv2#https://acme-v02.api.letsencrypt.org/acme/chall-v3/72398394180/178krA#dns-01#dns_cpanel' [Thu 27 Jan 2022 02:06:55 PM MSK] d [Thu 27 Jan 2022 02:06:55 PM MSK] vlist='vcsa.mydomain.ru#mytoken.mytokenv2#https://acme-v02.api.letsencrypt.org/acme/chall-v3/72398394180/178krA#dns-01#dns_cpanel,' [Thu 27 Jan 2022 02:06:55 PM MSK] d='vcsa.mydomain.ru' [Thu 27 Jan 2022 02:06:55 PM MSK] _d_alias [Thu 27 Jan 2022 02:06:55 PM MSK] txtdomain='_acme-challenge.vcsa.mydomain.ru' [Thu 27 Jan 2022 02:06:55 PM MSK] txt='xs3zv8QvZc6konZtgtv5Kxa4J4OU6m3UAzwvlm6riYI' [Thu 27 Jan 2022 02:06:55 PM MSK] d_api='/root/.acme.sh/dnsapi/dns_cpanel.sh' [Thu 27 Jan 2022 02:06:55 PM MSK] Found domain api file: /root/.acme.sh/dnsapi/dns_cpanel.sh [Thu 27 Jan 2022 02:06:55 PM MSK] Adding txt value: xs3zv8QvZc6konZtgtv5Kxa4J4OU6m3UAzwvlm6riYI for domain: _acme-challenge.vcsa.mydomain.ru [Thu 27 Jan 2022 02:06:55 PM MSK] Adding TXT record to cPanel based system [Thu 27 Jan 2022 02:06:55 PM MSK] fulldomain='_acme-challenge.vcsa.mydomain.ru' [Thu 27 Jan 2022 02:06:55 PM MSK] txtvalue='xs3zv8QvZc6konZtgtv5Kxa4J4OU6m3UAzwvlm6riYI' [Thu 27 Jan 2022 02:06:55 PM MSK] cPanel_Username [Thu 27 Jan 2022 02:06:55 PM MSK] cPanel_Apitoken [Thu 27 Jan 2022 02:06:55 PM MSK] cPanel_Hostname [Thu 27 Jan 2022 02:06:55 PM MSK] GET [Thu 27 Jan 2022 02:06:55 PM MSK] url='https://scp109.hosting.reg.ru:2083/json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=CustInfo&cpanel_jsonapi_func=displaycontactinfo' [Thu 27 Jan 2022 02:06:55 PM MSK] timeout= [Thu 27 Jan 2022 02:06:55 PM MSK] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Thu 27 Jan 2022 02:06:55 PM MSK] ret='0' [Thu 27 Jan 2022 02:06:55 PM MSK] First detect the root zone [Thu 27 Jan 2022 02:06:55 PM MSK] GET [Thu 27 Jan 2022 02:06:55 PM MSK] url='https://scp109.hosting.reg.ru:2083/json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' [Thu 27 Jan 2022 02:06:55 PM MSK] timeout= [Thu 27 Jan 2022 02:06:55 PM MSK] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Thu 27 Jan 2022 02:06:55 PM MSK] ret='0' [Thu 27 Jan 2022 02:06:55 PM MSK] _result is: {"cpanelresult":{"module":"ZoneEdit","data":[{"status":1,"zones":{"mydomaintrols.ru":["; cPanel first:100.0.5 (update_time):1640788293 Cpanel::ZoneFile::VERSION:1.3 hostname:scp109.hosting.reg.ru latest:100.0.5","; Zone file for mydomaintrols.ru","$TTL 14400","mydomaintrols.ru.\t86400\tIN\tSOA\tns1.hosting.reg.ru.\thakimov.reg.ru.\t [Thu 27 Jan 2022 02:06:55 PM MSK] _domains is: mydomaintrols.ru [Thu 27 Jan 2022 02:06:55 PM MSK] Checking if _acme-challenge.vcsa.mydomain.ru ends with mydomaintrols.ru [Thu 27 Jan 2022 02:06:55 PM MSK] No matching root domain for _acme-challenge.vcsa.mydomain.ru found [Thu 27 Jan 2022 02:06:55 PM MSK] Error add txt for domain:_acme-challenge.vcsa.mydomain.ru [Thu 27 Jan 2022 02:06:55 PM MSK] _on_issue_err [Thu 27 Jan 2022 02:06:55 PM MSK] Please check log file for more details: /root/.acme.sh/acme.sh.log [Thu 27 Jan 2022 02:06:55 PM MSK] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/72398394180/178krA' [Thu 27 Jan 2022 02:06:55 PM MSK] payload='{}' [Thu 27 Jan 2022 02:06:55 PM MSK] POST [Thu 27 Jan 2022 02:06:55 PM MSK] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/72398394180/178krA' [Thu 27 Jan 2022 02:06:55 PM MSK] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Thu 27 Jan 2022 02:06:56 PM MSK] _ret='0' [Thu 27 Jan 2022 02:06:56 PM MSK] code='200' [Thu 27 Jan 2022 02:06:56 PM MSK] Diagnosis versions: openssl:openssl OpenSSL 1.1.1f 31 Mar 2020 apache: apache doesn't exist. nginx: nginx doesn't exist. socat: socat by Gerhard Rieger and contributors - see www.dest-unreach.org socat version 1.7.3.3 on Oct 26 2019 17:42:04 running on Linux version #109-Ubuntu SMP Wed Jan 12 16:49:16 UTC 2022, release 5.4.0-96-generic, machine x86_64 features: #define WITH_STDIO 1 #define WITH_FDNUM 1 #define WITH_FILE 1 #define WITH_CREAT 1 #define WITH_GOPEN 1 #define WITH_TERMIOS 1 #define WITH_PIPE 1 #define WITH_UNIX 1 #define WITH_ABSTRACT_UNIXSOCKET 1 #define WITH_IP4 1 #define WITH_IP6 1 #define WITH_RAWIP 1 #define WITH_GENERICSOCKET 1 #define WITH_INTERFACE 1 #define WITH_TCP 1 #define WITH_UDP 1 #define WITH_SCTP 1 #define WITH_LISTEN 1 #define WITH_SOCKS4 1 #define WITH_SOCKS4A 1 #define WITH_PROXY 1 #define WITH_SYSTEM 1 #define WITH_EXEC 1 #undef WITH_READLINE #define WITH_TUN 1 #define WITH_PTY 1 #define WITH_OPENSSL 1 #undef WITH_FIPS #define WITH_LIBWRAP 1 #define WITH_SYCLS 1 #define WITH_FILAN 1 #define WITH_RETRY 1 #define WITH_MSGLEVEL 0 /*debug*/ [Thu 27 Jan 2022 02:06:56 PM MSK] pid [Thu 27 Jan 2022 02:06:56 PM MSK] No need to restore nginx, skip. [Thu 27 Jan 2022 02:06:56 PM MSK] _clearupdns [Thu 27 Jan 2022 02:06:56 PM MSK] dns_entries [Thu 27 Jan 2022 02:06:56 PM MSK] skip dns.

Any one knew how to solve this?

Xebozone commented 2 years ago

Hiya All. have some problem with provider: reg[.]ru

Fully debug outpud here:

Any one knew how to solve this?

See my post above. Try putting your command in a while loop and waiting. Eg: while true; do acme.sh --renew-all; sleep 3; done I think the script has a bug.

F03SD commented 2 years ago

See my post above. Try putting your command in a while loop and waiting. Eg: while true; do acme.sh --renew-all; sleep 3; done I think the script has a bug.

Do you use this command to extend an existing one? Because this method does not work for new ones.

Xebozone commented 2 years ago

See my post above. Try putting your command in a while loop and waiting. Eg: while true; do acme.sh --renew-all; sleep 3; done I think the script has a bug.

Do you use this command to extend an existing one? Because this method does not work for new ones.

I used this for new ones too. You will need to try issue once (as you already did). This will add the domain it to the list of domains to renew. You can then try run my command until it's successful. Then CTRL+C to stop the loop.

benjaminrickels commented 2 years ago

I cobbled together some grep and sed regexes and modified the way the zones are extracted from the cPanel API call such that now all potentially viable DNS zones are returned and not just one. At least for me this works with several addon and subdomains, but it is likely still far from perfect, let alone correct in all use cases. It would probably be best if there was an option that allowed users to specify/overwrite the DNS zone that should be used for creating the TXT record when issuing a cert. Nevertheless, if you want to try if it works for you too, you can download the dns_cpanel.sh and replace it in your .acme.sh/dnsapi directory.

TFX-Fahzan commented 2 years ago

I cobbled together some grep and sed regexes and modified the way the zones are extracted from the cPanel API call such that now all potentially viable DNS zones are returned and not just one. At least for me this works with several addon and subdomains, but it is likely still far from perfect, let alone correct in all use cases. It would probably be best if there was an option that allowed users to specify/overwrite the DNS zone that should be used for creating the TXT record when issuing a cert. Nevertheless, if you want to try if it works for you too, you can download the dns_cpanel.sh and replace it in your .acme.sh/dnsapi directory.

Thanks @benjaminrickels that script works well for me as I have multiple domains in my hosted Namecheap account and I wanted to add wildcard domains.

However, there's another bug in deleting the acme TXT records in the domain - the _findentry function sed regex assumes the json data is in order (line, domain, txt value) but it quite often isn't. This can fail or even return the previous line number and attempt to delete the wrong record! So I wrote a replacement line which hopefully fixes it.

_findentry Original: 149: _id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain.*$txtvalue\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1)

Replacement: 149: _id=$(echo "$_result" | sed "s/.*{\(.*$txtvalue.*\).*/\1/" | cut -d '}' -f 1 | sed "s/.*\"line\":\([0-9]\+\).*/\1/")

Explanation: Search for the txtvalue and return data from the first start curly brace ("{"), cut the search result at the first end curly brace ("}") (as there might not be a lazy search option in sed), search for the "line": entry and return the numeric value.

Hope that helps!

BR

scoggins commented 2 years ago

Thanks @benjaminrickels and @TFX-Fahzan. That solved my issue. I had to modify @TFX-Fahzan's replacement tho as + doesn't work for me I changed it to *.

Replacement: 149: _id=$(echo "$_result" | sed "s/.*{\(.*$txtvalue.*\).*/\1/" | cut -d '}' -f 1 | sed "s/.*\"line\":\([0-9]*\).*/\1/")

gnanet commented 2 years ago

Had to change the zones-list parsing and the record-id parsing to be able to work with our cpanel installation.

cPanel Version: 102.0 (build 16)

Please have a look at the diff:

@@ -120,7 +120,7 @@

 _get_root() {
   _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones'
-  _domains=$(echo "$_result" | sed 's/.*\(zones.*\[\).*/\1/' | cut -d':' -f2 | sed 's/"//g' | sed 's/{//g')
+  _domains=$(echo "$_result" | grep -oE '"[a-z0-9\.\-]*":\["; cPanel first' | cut -d':' -f1 | sed 's/"//g' | sed 's/{//g')
   _debug "_result is: $_result"
   _debug "_domains is: $_domains"
   if [ -z "$_domains" ]; then
@@ -146,7 +146,7 @@
   _debug "In _findentry"
   #returns id of dns entry, if it exists
   _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain"
-  _id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain.*$txtvalue\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1)
+  _id=$(echo "$_result" | sed -e "s/},{/},\n{/g" | grep "$fulldomain" | grep "$txtvalue" | grep -oE 'line":[0-9]+' | cut -d ':' -f 2)
   _debug "_result is: $_result"
   _debug "fulldomain. is $fulldomain."
   _debug "txtvalue is $txtvalue"
sm622 commented 2 years ago

Had to change the zones-list parsing and the record-id parsing to be able to work with our cpanel installation.

cPanel Version: 102.0 (build 16)

  • The fetchzones responds with a JSON string, where the zone name is followed by a JSON array, where the first string starts with "; cPanel first"
  • The fetchzone_records responds with a JSON string, where the records contain the values not in a fixed order, so it was best to explode the records at },{ to separate lines, and grep in two steps for the fulldomain, and then the txtvalue, to have one line with the key "line": in it. (This allows multiple txt for the same fulldomain if its for a wildcard cert)

Please have a look at the diff:

@@ -120,7 +120,7 @@

 _get_root() {
   _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones'
-  _domains=$(echo "$_result" | sed 's/.*\(zones.*\[\).*/\1/' | cut -d':' -f2 | sed 's/"//g' | sed 's/{//g')
+  _domains=$(echo "$_result" | grep -oE '"[a-z0-9\.\-]*":\["; cPanel first' | cut -d':' -f1 | sed 's/"//g' | sed 's/{//g')
   _debug "_result is: $_result"
   _debug "_domains is: $_domains"
   if [ -z "$_domains" ]; then
@@ -146,7 +146,7 @@
   _debug "In _findentry"
   #returns id of dns entry, if it exists
   _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain"
-  _id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain.*$txtvalue\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1)
+  _id=$(echo "$_result" | sed -e "s/},{/},\n{/g" | grep "$fulldomain" | grep "$txtvalue" | grep -oE 'line":[0-9]+' | cut -d ':' -f 2)
   _debug "_result is: $_result"
   _debug "fulldomain. is $fulldomain."
   _debug "txtvalue is $txtvalue"

Thanks, It worked like charm. Please push these changes

arnebjarne commented 2 years ago

Should be fixed in https://github.com/acmesh-official/acme.sh/pull/4190

zanhecht commented 1 year ago

Not sure if this goes here or no, but once you've used this script to issue a wildcard certificate. how do you deploy it? The cpanel_uapi script filters out wildcard certificates.

Zabadam commented 1 year ago

Hello and thank you for your work on this software.

I can successfully install a letsencrypt cert on one subdomain, but my primary domain continues to display my outdated old cert--even after fully deleting it through cPanel.

The new certificate appears in cPanel and seems to be installed correctly, but this is never reflected when trying to visit the site.

When using the cpanel deploy hook, I receive two errors, seemingly related to regex. I am no expert, but I tried digging through to find these lines to make corrections, but I fear I need to download and build the whole source, no?

Despite these errors, the script reports a successful certificate installation...

Log Snippet ``` . . . [Thu Mar 2 20:22:26 EST 2023] Applying sitelist filter DEPLOY_CPANEL_AUTO_INCLUDE: * [Thu Mar 2 20:22:26 EST 2023] Applying sitelist filter DEPLOY_CPANEL_AUTO_EXCLUDE: [2023-03-02 20:22:28 -0500] info [uapi] STDERR output from hook: /var/cpanel/perl5/lib/NcCustomHooks/SSL_PEM_HOOK.pl [2023-03-02 20:22:28 -0500] info [uapi] Use of uninitialized value $mod in pattern match (m//) at /usr/local/cpanel/Cpanel/SSLStorage/Utils.pm line 229, line 1. Use of uninitialized value in substr at /var/cpanel/perl5/lib/NcCustomHooks/SSL_PEM_GENERATOR.pm line 234, line 1. [2023-03-02 20:22:28 -0500] info [uapi] End STDERR from hook [Thu Mar 2 20:22:28 EST 2023] Succcessfully deployed to SITE.TLD [2023-03-02 20:22:29 -0500] info [uapi] STDERR output from hook: /var/cpanel/perl5/lib/NcCustomHooks/SSL_PEM_HOOK.pl [2023-03-02 20:22:29 -0500] info [uapi] Use of uninitialized value $mod in pattern match (m//) at /usr/local/cpanel/Cpanel/SSLStorage/Utils.pm line 229, line 1. Use of uninitialized value in substr at /var/cpanel/perl5/lib/NcCustomHooks/SSL_PEM_GENERATOR.pm line 234, line 1. [2023-03-02 20:22:29 -0500] info [uapi] End STDERR from hook [Thu Mar 2 20:22:29 EST 2023] Succcessfully deployed to SITE2.TLD [Thu Mar 2 20:22:29 EST 2023] Successfully deployed certificate to 2 of 2 sites via UAPI [Thu Mar 2 20:22:29 EST 2023] Success ```
arnebjarne commented 1 year ago

I think I need to build in some error handling

if I curl my cpanel host multiple times in a row it randomly do not get me all my dns zones

like

curl "https://MYHOST:2083/json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones" -H 'Authorization: cpanel MYUSER:MYTOKEN"

I think i need to build in some checking if you request multiple domains and check if cpanel returns the domains. if not then try up to X times until all the zones are returned. Dont know if its the version 96.0.15 of cPanel which is buggy.

cyraid commented 3 months ago

Not sure if this is the area to post this but:

[2024-08-10 13:34:50 -0400] warn [Internal Warning while parsing unknown 1045776] Use of uninitialized value in goto at /var/cpanel/perl5/lib/NcCustomHooks/SSL.pm line 32.
 at /var/cpanel/perl5/lib/NcCustomHooks/SSL.pm line 32.
        NcCustomHooks::SSL::get_api_client("/var/cpanel/perl5/lib/NcCustomHooks/.hAPIcPanel.conf") called at /var/cpanel/perl5/lib/NcCustomHooks/SSL.pm line 100
        NcCustomHooks::SSL::NotifyChanges(HASH(0x3142320), HASH(0x3142380)) called at /usr/local/cpanel/Cpanel/Hooks.pm line 563
        eval {...} called at /usr/local/cpanel/Cpanel/Hooks.pm line 561
        Cpanel::Hooks::_exec_module("main", HASH(0x3269610), HASH(0x3142320), HASH(0x3142380)) called at /usr/local/cpanel/Cpanel/Hooks.pm line 376
        Cpanel::Hooks::_exec_hook("main", HASH(0x3269610), HASH(0x3142320), HASH(0x3142380)) called at /usr/local/cpanel/Cpanel/Hooks.pm line 276
        eval {...} called at /usr/local/cpanel/Cpanel/Hooks.pm line 271
        Cpanel::Hooks::hook(HASH(0x3142320), HASH(0x3108238)) called at /usr/local/cpanel/Cpanel/EventHandler.pm line 146
        Cpanel::EventHandler::_uapi_std_hook("SSL", "install_ssl", Cpanel::Args=HASH(0x2da9c90), Cpanel::Result=HASH(0x3108490), "post") called at /usr/local/cpanel/Cpanel/EventHandler.pm line 123
        Cpanel::EventHandler::post_api("SSL", "install_ssl", Cpanel::Args=HASH(0x2da9c90), Cpanel::Result=HASH(0x3108490)) called at /usr/local/cpanel/Cpanel/API.pm line 260
        Cpanel::API::execute("SSL", "install_ssl", HASH(0x3108310)) called at /usr/local/cpanel/Cpanel/API.pm line 654
        Cpanel::API::run_api_mode(HASH(0x3108310)) called at uapi.pl line 307
        main::script() called at uapi.pl line 139

[2024-08-10 13:34:50 -0400] warn [uapi] Use of uninitialized value in concatenation (.) or string at /var/cpanel/perl5/lib/NameCheap/RestApiClient.pm line 31.