Lexicon support is not correctly differentiating between a Zone and a Domain

[alexhorner]

I have not followed the template here because I can see the issue in the repo's code and thought it would be best to just point it out in a less end-user way and more developer way, hopefully that's okay.

I'm investigating an issue where creating _acme-challenge TXT records for one or more domains via DDNS is silently failing via lexicon.

There appears to be both a bug in acme.sh (which I will explain below) and one which exacerbates the issue in lexicon (https://github.com/AnalogJ/lexicon/issues/1840)

In the following places:

• https://github.com/acmesh-official/acme.sh/blob/afacdfcb95e063325d8f01ebc8daa57322307d92/dnsapi/dns_lexicon.sh#L95
• https://github.com/acmesh-official/acme.sh/blob/afacdfcb95e063325d8f01ebc8daa57322307d92/dnsapi/dns_lexicon.sh#L111

acme.sh is passing through the raw domain specified with the -d option one or more times, which is using that specified domain as the Zone to update on the DDNS server. This will work fine if the -d parameter is passed once and only once, and its value is exactly matching the Zone on the server, but if you pass a subdomain which does not match the zone this will not work.

The issue is exacerbated because lexicon should be throwing an error when this occurs (because the DDNS server errors, but lexicon does not report this) therefore stopping acme.sh from continuing aimlessly after a non recoverable error.

Further examples of a Zone mismatch failure and a success can be seen in the lexicon issue mentioned above.

[github-actions[bot]]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.