search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.42k stars 4.89k forks source link

cloudxns invalid domain #717

Closed wasas closed 7 years ago

wasas commented 7 years ago 
./acme.sh --issue --dns dns_cx -d oo.ooo.com --debug 2
[Fri Mar 10 04:54:43 GMT 2017] Lets find script dir.
[Fri Mar 10 04:54:43 GMT 2017] _SCRIPT_='/*************/acme.sh'
[Fri Mar 10 04:54:43 GMT 2017] _script='/*************/acme.sh'
[Fri Mar 10 04:54:43 GMT 2017] _script_home='/*************'
[Fri Mar 10 04:54:43 GMT 2017] Using default home:/root/.acme.sh
[Fri Mar 10 04:54:43 GMT 2017] Using config home:/root/.acme.sh
[Fri Mar 10 04:54:43 GMT 2017] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.7
[Fri Mar 10 04:54:43 GMT 2017] Using api: 
[Fri Mar 10 04:54:43 GMT 2017] Using config home:/root/.acme.sh
[Fri Mar 10 04:54:43 GMT 2017] DOMAIN_PATH='/root/.acme.sh/oo.ooo.com'
[Fri Mar 10 04:54:44 GMT 2017] Le_NextRenewTime
[Fri Mar 10 04:54:44 GMT 2017] _on_before_issue
[Fri Mar 10 04:54:44 GMT 2017] 'dns_cx' does not contain 'no'
[Fri Mar 10 04:54:44 GMT 2017] Le_LocalAddress
[Fri Mar 10 04:54:45 GMT 2017] Check for domain='oo.ooo.com'
[Fri Mar 10 04:54:45 GMT 2017] _currentRoot='dns_cx'
[Fri Mar 10 04:54:45 GMT 2017] 'dns_cx' does not contain 'apache'
[Fri Mar 10 04:54:45 GMT 2017] _saved_account_key_hash='t67Ragf3rgEtfljLXFV2e4Yofif='
[Fri Mar 10 04:54:46 GMT 2017] _saved_account_key_hash is not changed, skip register account.
[Fri Mar 10 04:54:46 GMT 2017] Read key length:
[Fri Mar 10 04:54:46 GMT 2017] _createcsr
[Fri Mar 10 04:54:46 GMT 2017] domain='oo.ooo.com'
[Fri Mar 10 04:54:46 GMT 2017] domainlist
[Fri Mar 10 04:54:46 GMT 2017] csrkey='/root/.acme.sh/oo.ooo.com/oo.ooo.com.key'
[Fri Mar 10 04:54:46 GMT 2017] csr='/root/.acme.sh/oo.ooo.com/oo.ooo.com.csr'
[Fri Mar 10 04:54:46 GMT 2017] csrconf='/root/.acme.sh/oo.ooo.com/oo.ooo.com.csr.conf'
[Fri Mar 10 04:54:46 GMT 2017] Single domain='oo.ooo.com'
[Fri Mar 10 04:54:46 GMT 2017] _is_idn_d='oo.ooo.com'
[Fri Mar 10 04:54:46 GMT 2017] _idn_temp
[Fri Mar 10 04:54:46 GMT 2017] _csr_cn='oo.ooo.com'
[Fri Mar 10 04:54:46 GMT 2017] Getting domain auth token for each domain
[Fri Mar 10 04:54:46 GMT 2017] Getting webroot for domain='oo.ooo.com'
[Fri Mar 10 04:54:47 GMT 2017] _w='dns_cx'
[Fri Mar 10 04:54:47 GMT 2017] _currentRoot='dns_cx'
[Fri Mar 10 04:54:47 GMT 2017] Getting new-authz for domain='oo.ooo.com'
[Fri Mar 10 04:54:47 GMT 2017] Try new-authz for the 0 time.
[Fri Mar 10 04:54:47 GMT 2017] _is_idn_d='oo.ooo.com'
[Fri Mar 10 04:54:47 GMT 2017] _idn_temp
[Fri Mar 10 04:54:47 GMT 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Fri Mar 10 04:54:47 GMT 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "oo.ooo.com"}}'
[Fri Mar 10 04:54:47 GMT 2017] RSA key
[Fri Mar 10 04:54:58 GMT 2017] Get nonce.
[Fri Mar 10 04:54:58 GMT 2017] GET
[Fri Mar 10 04:54:58 GMT 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Fri Mar 10 04:54:58 GMT 2017] timeout
[Fri Mar 10 04:54:58 GMT 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/acme.hwefD4sf.1898.tmp '
[Fri Mar 10 04:55:02 GMT 2017] ret='0'
[Fri Mar 10 04:55:02 GMT 2017] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: mglAXMsYiUFrZu-m6sh8GGtJ6ihtwoE
Replay-Nonce: lrGrwQh2_*****************************************y4LTlNA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 09 Mar 2017 20:55:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 09 Mar 2017 20:55:02 GMT
Connection: keep-alive
'
[Fri Mar 10 04:55:02 GMT 2017] _CACHED_NONCE='lrGDQ2_53I0CXqE-FVS5szMqtp4tTlA'
[Fri Mar 10 04:55:02 GMT 2017] nonce='lrrwQh2_***************************************TlNA'
[Fri Mar 10 04:55:02 GMT 2017] POST
[Fri Mar 10 04:55:02 GMT 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Fri Mar 10 04:55:02 GMT 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uekh8IzKEqCQVb_tgXvKsV_FzykujB4PPrNB17QF***************************QmCnhOXw6CO0RhTimqaITL5eITnV5VxJgdhKg0rDi_zPT-sz0F9Q5BGNiOrD6S3pTIwHwpY******************************VxVoRcBnkxhme_JHkysDqfMujosbLDp0hAuvyo6M126OYNo7SGuwTiN31i6REQlJfyj5elCssrjTrAVgwylaWXJNDEhOpu03aPGjMG05w"}}, "protected": *************************************************************************************************************************************************************************************************************************************************************************************************************************************", "payload": "eyZXNvXJjZSI6JuZXctV0aHoiAiaWRlbpmllciI6IsiHlwZSI6IJnMiLCidmFdWUOAid2EWFvb5uXiX0", "signature": "YXQtofrJORSCyyT2rsOOuk7gfpzE48CVHaGC3dMyZpS9NMeVlskoYTBVKljZJal2lfCAvLcBHBqXU8UgH1UYbfaGfpVESvbJ0WpeAzQFkX*****************************pvK8dwP11ABh8syHq_Iectx2iA3YMacW3GmlIZZpadA2StI0Y3_uF-DtNk5hmdTiVFm4GmXJCt5rc_doadGsj57QJ_TQRNRdS7-9_0Wax15Y8oXAPIxU-ApOe6mqd46E3vLw_A"}'
[Fri Mar 10 04:55:03 GMT 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/acme.shwfDf4sf.1489292.tmp '
[Fri Mar 10 04:55:04 GMT 2017] _ret='0'
[Fri Mar 10 04:55:04 GMT 2017] original='{
  "identifier": {
    "type": "dns",
    "value": "oo.ooo.com"
  },
  "status": "pending",
  "expires": "2017-03-16T20:55:04.7323",
  "challenges": [
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/3jbXLoBdxiuPiLTNjIdoyo9mikxo/76296",
      "token": "BmgF7DFYe7LtzLNDNHbAZs58IJFk"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/3jpbXLoBfcxisPHiMvNFjIdoRo9mikx8o/7692947",
      "token": "dxRkipcOhOX6tdQgnfdj6b_utV0d6I"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/3jpsbLoBfxiusHiLTMNFjIoyR9UkJ8/76329",
      "token": "iO92GOZ96ygDRD8ZPbIKXyAPHiXw"
    }
  ],
  "combinations": [
    [
      2
    ],
    [
      0
    ],
    [
      1
    ]
  ]
}'
[Fri Mar 10 04:55:04 GMT 2017] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 09 Mar 2017 20:55:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 996
Boulder-Request-Id: qGFeuQUIA66DpqqJomE3dCtMT0Ia3Nve
Boulder-Requester: 1061948
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/3jpsXLofdxuPiLTMvFIdoyomik8o
Replay-Nonce: ozg6g9AfC0jrJAZjURiII3ZFDRZ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 09 Mar 2017 20:55:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 09 Mar 2017 20:55:04 GMT
Connection: keep-alive
'
[Fri Mar 10 04:55:04 GMT 2017] response='{"identifier":{"type":"dns","value":"oo.ooo.com"},"status":"pending","expires":"2017-03-16T20:55:04.73620023","challenges":[{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/3jpbXLofdiusPiTvYFjIdoy9mikx8/76396","token":"BmFUMYeGQFtzvDEfHbAw5JQk"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/3jpWLofcxisPiLMvNjIdoyo9Uix8o/76947","token":"dxRip7cqOEOXEc6tdyQnJdj6b_ut706I"},{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/3jpWLBfcdiusPiLMvYNjIyRUmkJx8/7698","token":"i9n2OOoX6yhDRD8ZPb0IXWfPHBq"}],"combinations":[[2],[0],[1]]}'
[Fri Mar 10 04:55:05 GMT 2017] code='201'
[Fri Mar 10 04:55:05 GMT 2017] The new-authz request is ok.
[Fri Mar 10 04:55:05 GMT 2017] entry='"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/3jpsboBfcxiuPHLTvYjIoyRo9kJx8/734","token":"i9n2OOZl9ygRDaQZb20KyWAHXBw"'
[Fri Mar 10 04:55:05 GMT 2017] token='iOn2GOOl9yghDa8Zb2IXyAfHiX'
[Fri Mar 10 04:55:05 GMT 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/3psXLoBcdxuPHLMvYFIdoo9mJxo/7698'
[Fri Mar 10 04:55:05 GMT 2017] keyauthorization='iO9GOOZo96ygRDa8Zb2IKXA3fPiqw.NwRh4aL96Y9QLUpConH_FgG93'
[Fri Mar 10 04:55:05 GMT 2017] dvlist='oo.ooo.com#iO9nGOZoX96gDRaQZPb2IKyW3fHXBq.NGgh4aJLR9Y9xQHUCH6oC_FgGp3a#https://acme-v01.api.letsencrypt.org/acme/challenge/3jpWXLoBcdiuPHTMvYFIdoyRomikJ8o/7692#ns-0#dns_cx'
[Fri Mar 10 04:55:05 GMT 2017] vlist='oo.ooo.com#iO92GOOZlo9ghDRDQZPb2IKX3fHiXBq.NwRgOhaLV6Y9xQHUH6nfjC_Gh9a#https://acme-v01.api.letsencrypt.org/acme/challenge/3jpsWLfcdxisPiTvYNFdoyRoikx8o/7924#dns-01#dns_cx,'
[Fri Mar 10 04:55:05 GMT 2017] txtdomain='_acme-challenge.oo.ooo.com'
[Fri Mar 10 04:55:05 GMT 2017] txt='gCtmRpSwPXm3Ng2G3s64S2oulnI'
[Fri Mar 10 04:55:05 GMT 2017] d_api='/*************/dnsapi/dns_cx.sh'
[Fri Mar 10 04:55:06 GMT 2017] Found domain api file: /*************/dnsapi/dns_cx.sh
[Fri Mar 10 04:55:06 GMT 2017] First detect the root zone
[Fri Mar 10 04:55:06 GMT 2017] ep='domain'
[Fri Mar 10 04:55:06 GMT 2017] url='https://www.cloudxns.net/api2/domain'
[Fri Mar 10 04:55:06 GMT 2017] cdate='2017-03-09 20:55:06 UTC'
[Fri Mar 10 04:55:06 GMT 2017] data
[Fri Mar 10 04:55:06 GMT 2017] sec='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXhttps://www.cloudxns.net/api2/domain2017-03-09 20:55:06 UTCXXXXXXXXXXXXXXXX'
[Fri Mar 10 04:55:06 GMT 2017] hmac='1c7b4f76e4a7bd1a'
[Fri Mar 10 04:55:06 GMT 2017] GET
[Fri Mar 10 04:55:06 GMT 2017] url='https://www.cloudxns.net/api2/domain'
[Fri Mar 10 04:55:06 GMT 2017] timeout
[Fri Mar 10 04:55:07 GMT 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/acme.shfAD2f.140.tmp '
[Fri Mar 10 04:55:07 GMT 2017] ret='0'
[Fri Mar 10 04:55:07 GMT 2017] response='{"code":1,"message":"Operate successfully","total":"1","data":[{"id":"3270","domain":"ooo.com.","status":"ok","level":"8","take_over_status":"Taken over","create_time":"2017-********","update_time":"2017-*********","ttl":"20000"}]}' (这里已经提取到所有域名了)
[Fri Mar 10 04:55:07 GMT 2017] invalid domain
[Fri Mar 10 04:55:07 GMT 2017] Error add txt for domain:_acme-challenge.oo.ooo.com
[Fri Mar 10 04:55:08 GMT 2017] pid
[Fri Mar 10 04:55:08 GMT 2017] No need to restore nginx, skip.
[Fri Mar 10 04:55:08 GMT 2017] _clearupdns
[Fri Mar 10 04:55:08 GMT 2017] Dns not added, skip.
[Fri Mar 10 04:55:08 GMT 2017] _on_issue_err
[Fri Mar 10 04:55:08 GMT 2017] Please add '--debug' or '--log' to check more details.
[Fri Mar 10 04:55:08 GMT 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Fri Mar 10 04:55:08 GMT 2017] Diagnosis versions: 
openssl:openssl
OpenSSL 1.0.2k  26 Jan 2017
apache:
apache doesn't exists.
nc:
nc: invalid option -- h
BusyBox v1.25.1 (2017-02-04 09:35:28 CST) multi-call binary.

Usage: nc [-iN] [-wN] [-f FILE|IPADDR PORT] [-e PROG]

Open a pipe to IP:PORT or FILE

    -w SEC  Connect timeout
    -i SEC  Delay interval for lines sent
    -f FILE Use file (ala /dev/ttyS0) instead of network
    -e PROG Run PROG after connect

以上, API 都是正确的.

./acme.sh --install --home /安装地址 --config-home /安装地址 好像没有生效.. 看这里还是 Using config home:/root/.acme.sh 下载地址和安装地址不同

使用这种方式 ./acme.sh --issue --dns dns_cx -d oo.ooo.com --install-cert --certpath /证书地址/cert.pem --keypath /证书地址/key.pem --fullchainpath /证书地址/server.pem 提示: Domain is not valid:'oo.ooo.com' 估计是要先 生成证书再 install-cert ?

Moekr commented 7 years ago

真巧也遇到了这个问题。。。 debug看了一下,发现是API文档和实际返回不一致导致的 找到dnsapi/dns_cx.sh的最后几行,原来应该是这样的:

if ! _contains "$response" '"message":"success"'; then
    return 1
fi

这里的判断按照API文档的话应该是对的,但是在get domain list的时候实际返回的内容却是......"message":"Operate successfully"......,导致脚本以为请求失败,所以只要改一下判断逻辑,让两种返回都通过即可。

Neilpang commented 7 years ago

@Moekr 谢谢.