github-actions[bot]
commented
1 year ago Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.
I am trying to issue a cert for a domain using the DNS alias mode. I have 2 other domains and the challenge domain listed as subject alt names on the same cert. In total this is four domains on one cert. Each domain also has a wildcard subdomain as well. These are all .cf freenom domains. Three of the domains are pointed to Cloudflare for DNS. Cloudlfare blocks freenom domains from being used with the API. As a workaround for this I have a challenge domain on LuaDNS and use their API to verify through alias mode.
I've changed the actual domain names with placeholders for privacy purposes.
When it attempts to verify the main domain it fails with the error: [Tue 06 Dec 2022 11:16:33 AM PST] invalid domain [Tue 06 Dec 2022 11:16:33 AM PST] Error add txt for domain:_acme-challenge.primarydomain.cf
I've made sure all of the domains are functional and namerservers are pointed to the correct dns provider. Each domain on cloudflare has a cname "_acme-challenge" pointing to _acme-challenge.mychallengedomain..cf. The challenge domain is registered on LuaDNS and the nameservers are pointed correctly. I've tried uninstalling acme.sh and deleting the folder, then reinstalling it clean with no success. I've also tried using a new API key from LuaDNS.
I used the same command seen in the terminal log below 3 months ago to issue the cert with no issue. The only difference being I want to make a new cert due to the addition of alternatedomain2.cf as a SAN.
The logs look like the API has an issue adding a txt record to the challenge domain for the primary domain but unless LuaDNS is having an issue I don't know why else this would be happening. My control panel shows the API key was successfully used at the time in the log.
Just to restate this worked perfectly fine 3 months ago.
Is it possible to confirm if this might be an issue with LuaDNS or acme.sh?
Terminal log
root@localhost:~# acme.sh --issue -d primarydomain.cf --challenge-alias mychallengedomain.cf --dns dns_lua -d .primarydomain.cf -d alternatedomain1.cf -d .alternatedomain1.cf -d alternatedomain2.cf -d .alternatedomain2.cf -d mychallengedomain.cf --challenge-alias no -d .mychallengedomain.cf --challenge-alias no --keylength ec-256 --log --log-level 2 [Tue 06 Dec 2022 11:16:30 AM PST] Using CA: https://acme-v02.api.letsencrypt.org/directory [Tue 06 Dec 2022 11:16:30 AM PST] Multi domain='DNS:primarydomain.cf,DNS:.primarydomain.cf,DNS:alternatedomain1.cf,DNS:.alternatedomain1.cf,DNS:alternatedomain2.cf,DNS:.alternatedomain2.cf,DNS:mychallengedomain.cf,DNS:.mychallengedomain.cf' [Tue 06 Dec 2022 11:16:30 AM PST] Getting domain auth token for each domain [Tue 06 Dec 2022 11:16:33 AM PST] Getting webroot for domain='primarydomain.cf' [Tue 06 Dec 2022 11:16:33 AM PST] Getting webroot for domain='.primarydomain.cf' [Tue 06 Dec 2022 11:16:33 AM PST] Getting webroot for domain='alternatedomain1.cf' [Tue 06 Dec 2022 11:16:33 AM PST] Getting webroot for domain='.alternatedomain1.cf' [Tue 06 Dec 2022 11:16:33 AM PST] Getting webroot for domain='alternatedomain2.cf' [Tue 06 Dec 2022 11:16:33 AM PST] Getting webroot for domain='.alternatedomain2.cf' [Tue 06 Dec 2022 11:16:33 AM PST] Getting webroot for domain='mychallengedomain.cf' [Tue 06 Dec 2022 11:16:33 AM PST] Getting webroot for domain='.mychallengedomain.cf' [Tue 06 Dec 2022 11:16:33 AM PST] Adding txt value: tbgv4yP-2SAmopAAB7iEU4ffDY6N UF4vy9Zc-dczoyw for domain: _acme-challenge.primarydomain.cf [Tue 06 Dec 2022 11:16:33 AM PST] invalid domain [Tue 06 Dec 2022 11:16:33 AM PST] Error add txt for domain:_acme-challenge.primarydomain.cf [Tue 06 Dec 2022 11:16:33 AM PST] Please check log file for more details: /root/.acme.sh/acme.sh.log
Debug log
https://gist.github.com/KemikalElite/101d809ab5cb530d358dd88c77aeaaef