[ERROR]阿里云域名创建证书一直失败 dns_ali API和官方的对不上

why5684784 commented 2 years ago

Error add txt for domain:_acme-challenge.why46954774.top Steps to reproduce ------------------ Debug log ----------------- `[Sun Oct 2 04:18:45 GMT 2022] Running cmd: issue [Sun Oct 2 04:18:45 GMT 2022] _main_domain='why46954774.top' [Sun Oct 2 04:18:45 GMT 2022] _alt_domains='*.why46954774.top' [Sun Oct 2 04:18:45 GMT 2022] Using config home:/root/.acme.sh [Sun Oct 2 04:18:45 GMT 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/directory' [Sun Oct 2 04:18:45 GMT 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Sun Oct 2 04:18:45 GMT 2022] DOMAIN_PATH='/root/.acme.sh/why46954774.top' [Sun Oct 2 04:18:46 GMT 2022] Le_NextRenewTime [Sun Oct 2 04:18:46 GMT 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory [Sun Oct 2 04:18:46 GMT 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Sun Oct 2 04:18:46 GMT 2022] GET [Sun Oct 2 04:18:46 GMT 2022] url='https://acme-v02.api.letsencrypt.org/directory' [Sun Oct 2 04:18:46 GMT 2022] timeout= [Sun Oct 2 04:18:46 GMT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/acme.shwefADf24sf.1664655526.tmp -g --insecure ' [Sun Oct 2 04:18:48 GMT 2022] ret='0' [Sun Oct 2 04:18:48 GMT 2022] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change' [Sun Oct 2 04:18:48 GMT 2022] ACME_NEW_AUTHZ [Sun Oct 2 04:18:48 GMT 2022] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order' [Sun Oct 2 04:18:48 GMT 2022] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct' [Sun Oct 2 04:18:48 GMT 2022] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert' [Sun Oct 2 04:18:48 GMT 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf' [Sun Oct 2 04:18:48 GMT 2022] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Sun Oct 2 04:18:49 GMT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory [Sun Oct 2 04:18:49 GMT 2022] _on_before_issue [Sun Oct 2 04:18:49 GMT 2022] _chk_main_domain='why46954774.top' [Sun Oct 2 04:18:49 GMT 2022] _chk_alt_domains='*.why46954774.top' [Sun Oct 2 04:18:49 GMT 2022] Le_LocalAddress [Sun Oct 2 04:18:50 GMT 2022] d='why46954774.top' [Sun Oct 2 04:18:50 GMT 2022] Check for domain='why46954774.top' [Sun Oct 2 04:18:50 GMT 2022] _currentRoot='dns_ali' [Sun Oct 2 04:18:50 GMT 2022] d='*.why46954774.top' [Sun Oct 2 04:18:50 GMT 2022] Check for domain='*.why46954774.top' [Sun Oct 2 04:18:50 GMT 2022] _currentRoot='dns_ali' [Sun Oct 2 04:18:50 GMT 2022] d [Sun Oct 2 04:18:51 GMT 2022] _saved_account_key_hash is not changed, skip register account. [Sun Oct 2 04:18:51 GMT 2022] Read key length:2048 [Sun Oct 2 04:18:51 GMT 2022] _createcsr [Sun Oct 2 04:18:52 GMT 2022] Multi domain='DNS:why46954774.top,DNS:*.why46954774.top' [Sun Oct 2 04:18:52 GMT 2022] Getting domain auth token for each domain [Sun Oct 2 04:18:52 GMT 2022] d='*.why46954774.top' [Sun Oct 2 04:18:53 GMT 2022] d [Sun Oct 2 04:18:53 GMT 2022] url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Sun Oct 2 04:18:53 GMT 2022] payload='{"identifiers": [{"type":"dns","value":"why46954774.top"},{"type":"dns","value":"*.why46954774.top"}]}' [Sun Oct 2 04:18:53 GMT 2022] RSA key [Sun Oct 2 04:18:54 GMT 2022] HEAD [Sun Oct 2 04:18:54 GMT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Sun Oct 2 04:18:54 GMT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/acme.shwefADf24sf.1664655534.tmp -g --insecure -I ' [Sun Oct 2 04:18:55 GMT 2022] _ret='0' [Sun Oct 2 04:18:56 GMT 2022] POST [Sun Oct 2 04:18:56 GMT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Sun Oct 2 04:18:56 GMT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/acme.shwefADf24sf.1664655534.tmp -g --insecure ' [Sun Oct 2 04:18:57 GMT 2022] _ret='0' [Sun Oct 2 04:18:57 GMT 2022] code='201' [Sun Oct 2 04:18:58 GMT 2022] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/756529126/130641328996' [Sun Oct 2 04:18:58 GMT 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/756529126/130641328996' [Sun Oct 2 04:18:58 GMT 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/159727966456' [Sun Oct 2 04:18:58 GMT 2022] payload [Sun Oct 2 04:18:59 GMT 2022] POST [Sun Oct 2 04:18:59 GMT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/159727966456' [Sun Oct 2 04:18:59 GMT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/acme.shwefADf24sf.1664655534.tmp -g --insecure ' [Sun Oct 2 04:19:00 GMT 2022] _ret='0' [Sun Oct 2 04:19:00 GMT 2022] code='200' [Sun Oct 2 04:19:01 GMT 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/159727966466' [Sun Oct 2 04:19:01 GMT 2022] payload [Sun Oct 2 04:19:01 GMT 2022] POST [Sun Oct 2 04:19:01 GMT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/159727966466' [Sun Oct 2 04:19:02 GMT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/acme.shwefADf24sf.1664655534.tmp -g --insecure ' [Sun Oct 2 04:19:02 GMT 2022] _ret='0' [Sun Oct 2 04:19:03 GMT 2022] code='200' [Sun Oct 2 04:19:03 GMT 2022] d='why46954774.top' [Sun Oct 2 04:19:03 GMT 2022] Getting webroot for domain='why46954774.top' [Sun Oct 2 04:19:03 GMT 2022] _w='dns_ali' [Sun Oct 2 04:19:03 GMT 2022] _currentRoot='dns_ali' [Sun Oct 2 04:19:04 GMT 2022] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/159727966466/zkgvtA","token":"xqyJYwTlsDrYIl9daK-L-WpE5uDQWPXhQFPL5QcTBnM"' [Sun Oct 2 04:19:04 GMT 2022] token='xqyJYwTlsDrYIl9daK-L-WpE5uDQWPXhQFPL5QcTBnM' [Sun Oct 2 04:19:04 GMT 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/159727966466/zkgvtA' [Sun Oct 2 04:19:04 GMT 2022] keyauthorization='xqyJYwTlsDrYIl9daK-L-WpE5uDQWPXhQFPL5QcTBnM.K3dlPEOQVf9G0cfLgCY94a_Xazs7tYh26m-Upq2dcVY' [Sun Oct 2 04:19:04 GMT 2022] dvlist='why46954774.top#xqyJYwTlsDrYIl9daK-L-WpE5uDQWPXhQFPL5QcTBnM.K3dlPEOQVf9G0cfLgCY94a_Xazs7tYh26m-Upq2dcVY#https://acme-v02.api.letsencrypt.org/acme/chall-v3/159727966466/zkgvtA#dns-01#dns_ali' [Sun Oct 2 04:19:04 GMT 2022] d='*.why46954774.top' [Sun Oct 2 04:19:04 GMT 2022] Getting webroot for domain='*.why46954774.top' [Sun Oct 2 04:19:04 GMT 2022] _w='dns_ali' [Sun Oct 2 04:19:04 GMT 2022] _currentRoot='dns_ali' [Sun Oct 2 04:19:05 GMT 2022] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/159727966456/cNxp6g","token":"hum0rVdae4q6W9iWPT66UZYxIHLRaKzXrrC_PsJxB34"' [Sun Oct 2 04:19:05 GMT 2022] token='hum0rVdae4q6W9iWPT66UZYxIHLRaKzXrrC_PsJxB34' [Sun Oct 2 04:19:05 GMT 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/159727966456/cNxp6g' [Sun Oct 2 04:19:05 GMT 2022] keyauthorization='hum0rVdae4q6W9iWPT66UZYxIHLRaKzXrrC_PsJxB34.K3dlPEOQVf9G0cfLgCY94a_Xazs7tYh26m-Upq2dcVY' [Sun Oct 2 04:19:05 GMT 2022] dvlist='*.why46954774.top#hum0rVdae4q6W9iWPT66UZYxIHLRaKzXrrC_PsJxB34.K3dlPEOQVf9G0cfLgCY94a_Xazs7tYh26m-Upq2dcVY#https://acme-v02.api.letsencrypt.org/acme/chall-v3/159727966456/cNxp6g#dns-01#dns_ali' [Sun Oct 2 04:19:05 GMT 2022] d [Sun Oct 2 04:19:05 GMT 2022] vlist='why46954774.top#xqyJYwTlsDrYIl9daK-L-WpE5uDQWPXhQFPL5QcTBnM.K3dlPEOQVf9G0cfLgCY94a_Xazs7tYh26m-Upq2dcVY#https://acme-v02.api.letsencrypt.org/acme/chall-v3/159727966466/zkgvtA#dns-01#dns_ali,*.why46954774.top#hum0rVdae4q6W9iWPT66UZYxIHLRaKzXrrC_PsJxB34.K3dlPEOQVf9G0cfLgCY94a_Xazs7tYh26m-Upq2dcVY#https://acme-v02.api.letsencrypt.org/acme/chall-v3/159727966456/cNxp6g#dns-01#dns_ali,' [Sun Oct 2 04:19:05 GMT 2022] d='why46954774.top' [Sun Oct 2 04:19:06 GMT 2022] _d_alias [Sun Oct 2 04:19:06 GMT 2022] txtdomain='_acme-challenge.why46954774.top' [Sun Oct 2 04:19:06 GMT 2022] txt='etB4YPE7TSulCSUdn7gEXt_2Rmf6DLMV4I-MX6zco2k' [Sun Oct 2 04:19:06 GMT 2022] d_api='/jffs/.koolshare/acme/dnsapi/dns_ali.sh' [Sun Oct 2 04:19:06 GMT 2022] Found domain api file: /jffs/.koolshare/acme/dnsapi/dns_ali.sh [Sun Oct 2 04:19:06 GMT 2022] Adding txt value: etB4YPE7TSulCSUdn7gEXt_2Rmf6DLMV4I-MX6zco2k for domain: _acme-challenge.why46954774.top [Sun Oct 2 04:19:06 GMT 2022] First detect the root zone [Sun Oct 2 04:19:13 GMT 2022] GET [Sun Oct 2 04:19:13 GMT 2022] url='https://alidns.aliyuncs.com/?AccessKeyId=key&Action=DescribeDomainRecords&DomainName=why46954774.top&Format=json&SignatureMethod=HMAC-SHA1&SignatureNonce=1664655546%N&SignatureVersion=1.0&Timestamp=2022-10-01T20%3A19%3A06Z&Version=2015-01-09&Signature=mGX4A2yYAvDOpW5ixoRGhJZV%2Fug%3D' [Sun Oct 2 04:19:13 GMT 2022] timeout= [Sun Oct 2 04:19:13 GMT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/acme.shwefADf24sf.1664655534.tmp -g --insecure ' [Sun Oct 2 04:19:14 GMT 2022] ret='0' [Sun Oct 2 04:19:20 GMT 2022] GET [Sun Oct 2 04:19:20 GMT 2022] url='https://alidns.aliyuncs.com/?AccessKeyId=key&Action=DescribeDomainRecords&DomainName=top&Format=json&SignatureMethod=HMAC-SHA1&SignatureNonce=1664655554%N&SignatureVersion=1.0&Timestamp=2022-10-01T20%3A19%3A14Z&Version=2015-01-09&Signature=hwgnaeuX9N%2FFqHVNeeyGhjW6QD0%3D' [Sun Oct 2 04:19:20 GMT 2022] timeout= [Sun Oct 2 04:19:20 GMT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/acme.shwefADf24sf.1664655534.tmp -g --insecure ' [Sun Oct 2 04:19:21 GMT 2022] ret='0' [Sun Oct 2 04:19:21 GMT 2022] Error add txt for domain:_acme-challenge.why46954774.top [Sun Oct 2 04:19:21 GMT 2022] _on_issue_err [Sun Oct 2 04:19:21 GMT 2022] Please check log file for more details: /root/.acme.sh/acme.sh.log [Sun Oct 2 04:19:21 GMT 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/159727966466/zkgvtA' [Sun Oct 2 04:19:21 GMT 2022] payload='{}' [Sun Oct 2 04:19:22 GMT 2022] POST [Sun Oct 2 04:19:22 GMT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/159727966466/zkgvtA' [Sun Oct 2 04:19:22 GMT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/acme.shwefADf24sf.1664655534.tmp -g --insecure ' [Sun Oct 2 04:19:23 GMT 2022] _ret='0' [Sun Oct 2 04:19:23 GMT 2022] code='200' [Sun Oct 2 04:19:24 GMT 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/159727966456/cNxp6g' [Sun Oct 2 04:19:24 GMT 2022] payload='{}' [Sun Oct 2 04:19:24 GMT 2022] POST [Sun Oct 2 04:19:25 GMT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/159727966456/cNxp6g' [Sun Oct 2 04:19:25 GMT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/acme.shwefADf24sf.1664655534.tmp -g --insecure ' [Sun Oct 2 04:19:26 GMT 2022] _ret='0' [Sun Oct 2 04:19:26 GMT 2022] code='200' [Sun Oct 2 04:19:26 GMT 2022] socat doesn't exist. [Sun Oct 2 04:19:26 GMT 2022] Diagnosis versions: openssl:openssl OpenSSL 1.0.2n 7 Dec 2017 apache: apache doesn't exist. nginx: nginx doesn't exist. socat: [Sun Oct 2 04:19:27 GMT 2022] pid [Sun Oct 2 04:19:27 GMT 2022] No need to restore nginx, skip. [Sun Oct 2 04:19:27 GMT 2022] _clearupdns [Sun Oct 2 04:19:27 GMT 2022] dns_entries [Sun Oct 2 04:19:27 GMT 2022] skip dns. ` ``` acme.sh --issue ..... --debug 2 ``` 我查了一下阿里云官方的API，和dns_ali.sh里面的Api信息对不上。阿里云的API在2022年7月4日更新了(文档更新日期) 下面是阿里云官方的文档地址: [https://help.aliyun.com/document_detail/124923.html](https://help.aliyun.com/document_detail/124923.html)

tomcatzh commented 1 year ago

没有问题啊，dns_ali.sh直接使用curl调用，访问的API接口依然是Version=2015-01-09 https://next.api.aliyun.com/document/Alidns/2015-01-09/overview

刚刚测试成功，不过，目前不支持EcsRamRole模式，所以请使用用户AccessKey

ooking commented 6 months ago

没有问题啊，dns_ali.sh直接使用curl调用，访问的API接口依然是Version=2015-01-09 https://next.api.aliyun.com/document/Alidns/2015-01-09/overview

刚刚测试成功，不过，目前不支持EcsRamRole模式，所以请使用用户AccessKey

刚测试的确是用用户 AccessKey 就可以了，否则有InvalidVersion错误。不过这也是个大坑，官文档是提示用 RAM API key！汗死，浪费了不少时间，还花时间看了 dns_ali.sh 源码。 https://github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ali

acmesh-official / acme.sh

[ERROR]阿里云域名创建证书一直失败 dns_ali API和官方的对不上 #4333