Open mandrakey opened 4 months ago
Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade
If it's still not working, please provide the log with --debug 2
, otherwise, nobody can help you.
Hi team,
I just stumbled on this when trying to issue a certificate for 'g.berlight.de'. Took me a minute to debug.
Steps to reproduce
--dns dns_inwx
active and use a subdomain 'g', like-d g.berlight.de
or-d g.domain.com
, ...Debug log
Traceable in the normal log, the following entries are of interest:
Notice how a
-d g.berlight.de
gets to beAdding record: domain=g.berlight.de sub=_acme-challenge
- it should beAdding record: domain=berlight.de sub=_acme-challenge.g
.I traced it to the
_contains
function in acme.sh, which looks like this:Now the INWX api returns XML by default and has type hints in it. In this particular case, you can find, among a lot of other stuff, the string
<string>berlight.de</string>
in it, on which_contains "...XML..." "g.berlight.de"
returns a hit as it uses regular expressions:g>berlight.de
matches (confirmed on Fedora and Alpine).I was able to issue my certificate by altering _contains to use
grep -F
, though I am not sure if that would be a generally acceptable solution, or if that might break some feature I am not using.Another idea might be to alter
dns_inwx.sh
to replace dots in it's_get_root
function with a\.
so it will match actual dots, and not "any character".It is an edge case and thus probably not very important, just wanted to point it out.
Thanks for all the work!