search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.67k stars 4.91k forks source link

DNS alias mode failing when checking DNS records #4860

Open pingram3541 opened 10 months ago

pingram3541 commented 10 months ago

Steps to reproduce

  1. Setup DNS @ target domain per instructions -> https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode#1-first-set-domain-cname site1.com DNS settings, new CNAM record as follows:

    _acme-challenge.site1.com
=> _acme-challenge.site2.com

    Screen Shot 2023-11-06 at 5 56 56 PM

  2. Setup DNS at Alias domain per instructions acme.sh suggests when TXT record is missing: site2.com DNS settings, new TXT record as follows:

    _acme-challenge.site1.com
=> q2hJ9XxxxxxxxxxihC1fCVCRfNF5X1yWOTc

    *TXT record cannot be empty, so I used a random string Screen Shot 2023-11-06 at 5 58 07 PM

  3. Run command at site1.com:

    acme.sh --issue \
-d site1.com --challenge-alias site2.com --dns dns_cf -w $HOME/public_html/site1.com

Debug log

acme.sh --upgrade
[Mon Nov  6 20:51:46 EST 2023] Already uptodate!
[Mon Nov  6 20:51:46 EST 2023] Upgrade success!

acme.sh --issue \
>   -d site1.com --challenge-alias site2.com --dns dns_cf -w $HOME/public_html/site1.com
[Mon Nov  6 20:52:27 EST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Nov  6 20:52:27 EST 2023] Single domain='site1.com'
[Mon Nov  6 20:52:27 EST 2023] Getting domain auth token for each domain
[Mon Nov  6 20:52:29 EST 2023] Getting webroot for domain='site1.com'
[Mon Nov  6 20:52:29 EST 2023] Adding txt value: q2hJ9XxxxxxxxxxihC1fCVCRfNF5X1yWOTc for domain:  _acme-challenge.site2.com

[Mon Nov  6 20:52:30 EST 2023] Adding record
[Mon Nov  6 20:52:31 EST 2023] Added, OK
[Mon Nov  6 20:52:31 EST 2023] The txt record is added: Success.

[Mon Nov  6 20:52:31 EST 2023] Let's check each DNS record now. Sleep 20 seconds first.
[Mon Nov  6 20:52:52 EST 2023] You can use '--dnssleep' to disable public dns checks.
[Mon Nov  6 20:52:52 EST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Mon Nov  6 20:52:52 EST 2023] Checking site1.com for _acme-challenge.site2.com
[Mon Nov  6 20:52:53 EST 2023] Not valid yet, let's wait 10 seconds and check next one.

[Mon Nov  6 20:53:06 EST 2023] Let's wait 10 seconds and check again.
[Mon Nov  6 20:53:17 EST 2023] You can use '--dnssleep' to disable public dns checks.
[Mon Nov  6 20:53:17 EST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Mon Nov  6 20:53:17 EST 2023] Checking site1.com for _acme-challenge.site2.com
[Mon Nov  6 20:53:17 EST 2023] Not valid yet, let's wait 10 seconds and check next one.

[Mon Nov  6 20:53:30 EST 2023] Let's wait 10 seconds and check again.
...rinse/repeat
github-actions[bot] commented 10 months ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.