search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.57k stars 4.98k forks source link

dns_opnsense.sh can't remove DNS record. #4959

Open kanata3249 opened 10 months ago

kanata3249 commented 10 months ago

Steps to reproduce

use challenge type DNS01 and dns_opnsense.sh as DNS API.

/usr/local/sbin/acme.sh --issue --syslog 7 --debug 2  --dns 'dns_opnsense' --dnssleep '60' ........

Version

/usr/local/sbin/acme.sh --version
https://github.com/acmesh-official/acme.sh
v3.0.7

Debug log

[Mon Jan 22 23:13:14 JST 2024] Removing DNS records.
[Mon Jan 22 23:13:14 JST 2024] d='holodeck.home.arpa'
[Mon Jan 22 23:13:14 JST 2024] txtdomain='_acme-challenge.holodeck.home.arpa'
[Mon Jan 22 23:13:14 JST 2024] aliasDomain='_acme-challenge.holodeck.home.arpa'
[Mon Jan 22 23:13:14 JST 2024] _currentRoot='dns_opnsense'
[Mon Jan 22 23:13:14 JST 2024] txt='5Sr-f0xi9jo9XV-sMuf5e_ovGi_omxWxRe4N6IO8kKg'
[Mon Jan 22 23:13:15 JST 2024] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_opnsense.sh'
[Mon Jan 22 23:13:15 JST 2024] Removing txt: 5Sr-f0xi9jo9XV-sMuf5e_ovGi_omxWxRe4N6IO8kKg for domain: _acme-challenge.holodeck.home.arpa
[Mon Jan 22 23:13:15 JST 2024] GET
[Mon Jan 22 23:13:15 JST 2024] url='https://6bYVansN8rRDpHEUiKMyvUeYZNLO%2fdKJEouEJh5CTy8dBa7Uk5RRGN3oirI9TB%2bwn%2fkuIh5UV8lS74Cx:oe9MUtNXVXm02FccAfRiTzbm9lbsFFO8Mv9cGug6%2fYdgrWquLkq%2fC3R51X%2ftH9y2Fg2lh0N7kTKPOnt4@opnsense.home.arpa:443/api/bind/general/get'
[Mon Jan 22 23:13:15 JST 2024] timeout=
[Mon Jan 22 23:13:15 JST 2024] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.CO45WSo8  -g  --insecure  '
[Mon Jan 22 23:13:15 JST 2024] ret='0'
[Mon Jan 22 23:13:15 JST 2024] Remove record _acme-challenge.holodeck.home.arpa with challenge: 5Sr-f0xi9jo9XV-sMuf5e_ovGi_omxWxRe4N6IO8kKg
[Mon Jan 22 23:13:15 JST 2024] Detect root zone
[Mon Jan 22 23:13:15 JST 2024] GET
[Mon Jan 22 23:13:15 JST 2024] url='https://6bYVansN8rRDpHEUiKMyvUeYZNLO%2fdKJEouEJh5CTy8dBa7Uk5RRGN3oirI9TB%2bwn%2fkuIh5UV8lS74Cx:oe9MUtNXVXm02FccAfRiTzbm9lbsFFO8Mv9cGug6%2fYdgrWquLkq%2fC3R51X%2ftH9y2Fg2lh0N7kTKPOnt4@opnsense.home.arpa:443/api/bind/domain/searchPrimaryDomain'
[Mon Jan 22 23:13:15 JST 2024] timeout=
[Mon Jan 22 23:13:15 JST 2024] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.CO45WSo8  -g  --insecure  '
[Mon Jan 22 23:13:15 JST 2024] ret='0'
[Mon Jan 22 23:13:15 JST 2024] h='holodeck.home.arpa'
[Mon Jan 22 23:13:15 JST 2024] h='home.arpa'
[Mon Jan 22 23:13:15 JST 2024] id='c5ce6504-7428-4825-948a-e2b055273600'
[Mon Jan 22 23:13:15 JST 2024] _domain='home.arpa'
[Mon Jan 22 23:13:15 JST 2024] _host='_acme-challenge.holodeck'
[Mon Jan 22 23:13:15 JST 2024] _domainid='c5ce6504-7428-4825-948a-e2b055273600'
[Mon Jan 22 23:13:15 JST 2024] GET
[Mon Jan 22 23:13:15 JST 2024] url='https://6bYVansN8rRDpHEUiKMyvUeYZNLO%2fdKJEouEJh5CTy8dBa7Uk5RRGN3oirI9TB%2bwn%2fkuIh5UV8lS74Cx:oe9MUtNXVXm02FccAfRiTzbm9lbsFFO8Mv9cGug6%2fYdgrWquLkq%2fC3R51X%2ftH9y2Fg2lh0N7kTKPOnt4@opnsense.home.arpa:443/api/bind/record/searchRecord'
[Mon Jan 22 23:13:15 JST 2024] timeout=
[Mon Jan 22 23:13:15 JST 2024] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.CO45WSo8  -g  --insecure  '
[Mon Jan 22 23:13:15 JST 2024] ret='0'
[Mon Jan 22 23:13:15 JST 2024] uuid='0a4e18c6-9ee8-4097-84cb-c6c20715de94'
[Mon Jan 22 23:13:15 JST 2024] data='\{\}'
[Mon Jan 22 23:13:15 JST 2024] POST
[Mon Jan 22 23:13:15 JST 2024] _post_url='https://6bYVansN8rRDpHEUiKMyvUeYZNLO%2fdKJEouEJh5CTy8dBa7Uk5RRGN3oirI9TB%2bwn%2fkuIh5UV8lS74Cx:oe9MUtNXVXm02FccAfRiTzbm9lbsFFO8Mv9cGug6%2fYdgrWquLkq%2fC3R51X%2ftH9y2Fg2lh0N7kTKPOnt4@opnsense.home.arpa:443/api/bind/record/delRecord/0a4e18c6-9ee8-4097-84cb-c6c20715de94'
[Mon Jan 22 23:13:15 JST 2024] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.CO45WSo8  -g  --insecure  '
[Mon Jan 22 23:13:15 JST 2024] _ret='0'
[Mon Jan 22 23:13:15 JST 2024] Error deleting record _acme-challenge.holodeck from domain _acme-challenge.holodeck.home.arpa
[Mon Jan 22 23:13:15 JST 2024] Error removing txt for domain:_acme-challenge.holodeck.home.arpa
[Mon Jan 22 23:13:15 JST 2024] d='home.arpa'
[Mon Jan 22 23:13:15 JST 2024] txtdomain='_acme-challenge.home.arpa'
[Mon Jan 22 23:13:15 JST 2024] aliasDomain='_acme-challenge.home.arpa'
[Mon Jan 22 23:13:15 JST 2024] _currentRoot='dns_opnsense'
[Mon Jan 22 23:13:15 JST 2024] txt='NUJCX6_7kVT7eDuuktUIF_UQcbgjZKl6odKSZhcYg38'
[Mon Jan 22 23:13:15 JST 2024] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_opnsense.sh'
[Mon Jan 22 23:13:15 JST 2024] Removing txt: NUJCX6_7kVT7eDuuktUIF_UQcbgjZKl6odKSZhcYg38 for domain: _acme-challenge.home.arpa
[Mon Jan 22 23:13:15 JST 2024] GET
[Mon Jan 22 23:13:15 JST 2024] url='https://6bYVansN8rRDpHEUiKMyvUeYZNLO%2fdKJEouEJh5CTy8dBa7Uk5RRGN3oirI9TB%2bwn%2fkuIh5UV8lS74Cx:oe9MUtNXVXm02FccAfRiTzbm9lbsFFO8Mv9cGug6%2fYdgrWquLkq%2fC3R51X%2ftH9y2Fg2lh0N7kTKPOnt4@opnsense.home.arpa:443/api/bind/general/get'
[Mon Jan 22 23:13:15 JST 2024] timeout=
[Mon Jan 22 23:13:15 JST 2024] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.CO45WSo8  -g  --insecure  '
[Mon Jan 22 23:13:15 JST 2024] ret='0'
[Mon Jan 22 23:13:15 JST 2024] Remove record _acme-challenge.home.arpa with challenge: NUJCX6_7kVT7eDuuktUIF_UQcbgjZKl6odKSZhcYg38
[Mon Jan 22 23:13:15 JST 2024] Detect root zone
[Mon Jan 22 23:13:15 JST 2024] GET
[Mon Jan 22 23:13:15 JST 2024] url='https://6bYVansN8rRDpHEUiKMyvUeYZNLO%2fdKJEouEJh5CTy8dBa7Uk5RRGN3oirI9TB%2bwn%2fkuIh5UV8lS74Cx:oe9MUtNXVXm02FccAfRiTzbm9lbsFFO8Mv9cGug6%2fYdgrWquLkq%2fC3R51X%2ftH9y2Fg2lh0N7kTKPOnt4@opnsense.home.arpa:443/api/bind/domain/searchPrimaryDomain'
[Mon Jan 22 23:13:15 JST 2024] timeout=
[Mon Jan 22 23:13:15 JST 2024] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.CO45WSo8  -g  --insecure  '
[Mon Jan 22 23:13:15 JST 2024] ret='0'
[Mon Jan 22 23:13:15 JST 2024] h='home.arpa'
[Mon Jan 22 23:13:15 JST 2024] id='c5ce6504-7428-4825-948a-e2b055273600'
[Mon Jan 22 23:13:15 JST 2024] _domain='home.arpa'
[Mon Jan 22 23:13:15 JST 2024] _host='_acme-challenge'
[Mon Jan 22 23:13:15 JST 2024] _domainid='c5ce6504-7428-4825-948a-e2b055273600'
[Mon Jan 22 23:13:15 JST 2024] GET
[Mon Jan 22 23:13:15 JST 2024] url='https://6bYVansN8rRDpHEUiKMyvUeYZNLO%2fdKJEouEJh5CTy8dBa7Uk5RRGN3oirI9TB%2bwn%2fkuIh5UV8lS74Cx:oe9MUtNXVXm02FccAfRiTzbm9lbsFFO8Mv9cGug6%2fYdgrWquLkq%2fC3R51X%2ftH9y2Fg2lh0N7kTKPOnt4@opnsense.home.arpa:443/api/bind/record/searchRecord'
[Mon Jan 22 23:13:15 JST 2024] timeout=
[Mon Jan 22 23:13:15 JST 2024] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.CO45WSo8  -g  --insecure  '
[Mon Jan 22 23:13:15 JST 2024] ret='0'
[Mon Jan 22 23:13:15 JST 2024] uuid='d1020f05-e76a-4831-9318-e8b165cc9815'
[Mon Jan 22 23:13:15 JST 2024] data='\{\}'
[Mon Jan 22 23:13:15 JST 2024] POST
[Mon Jan 22 23:13:15 JST 2024] _post_url='https://6bYVansN8rRDpHEUiKMyvUeYZNLO%2fdKJEouEJh5CTy8dBa7Uk5RRGN3oirI9TB%2bwn%2fkuIh5UV8lS74Cx:oe9MUtNXVXm02FccAfRiTzbm9lbsFFO8Mv9cGug6%2fYdgrWquLkq%2fC3R51X%2ftH9y2Fg2lh0N7kTKPOnt4@opnsense.home.arpa:443/api/bind/record/delRecord/d1020f05-e76a-4831-9318-e8b165cc9815'
[Mon Jan 22 23:13:15 JST 2024] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.CO45WSo8  -g  --insecure  '
[Mon Jan 22 23:13:15 JST 2024] _ret='0'
[Mon Jan 22 23:13:15 JST 2024] Error deleting record _acme-challenge from domain _acme-challenge.home.arpa
[Mon Jan 22 23:13:15 JST 2024] Error removing txt for domain:_acme-challenge.home.arpa

My suggestion to fix this issue

https://github.com/kanata3249/acme.sh/commit/25ed8d7748777c0b7b3a916a037b2cd29a7f83b9

github-actions[bot] commented 10 months ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.