search

icing / mod_md

Let's Encrypt (ACME) in Apache httpd
https://icing.github.io/mod_md/
Apache License 2.0
337 stars 27 forks source link

DNS challenge on Windows #289

Closed FX8350 closed 2 years ago

FX8350 commented 2 years ago

Sorry for my poor English.

Hello,

I 'm running Apache on Windows.

I have written a simple script using powershell for a DNS challenge. When I run this script manually with arguments from the powershell terminal, the TXT records are added/removed correctly via the DNS API.

However, when I specify this script for MDChallengeDns01, I get errors. Is it possible to specify a Powershell script in MDChallengeDns01?

Apache config

MDCAChallenges dns-01
MDChallengeDns01 D:\bin\PowerShell-7.2.4-win-x64\pwsh.exe -File D:\bin\Apache24\md\dns.ps1
MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
MDCertificateAgreement accepted
<MDomain example.net>
    MDMember *.example.net
</MDomain>
<VirtualHost *:443>
    ServerName example.net
    DocumentRoot "${SRVROOT}/htdocs"
    SSLEngine on
    CustomLog "|bin/rotatelogs.exe logs/access_%y-%m-%d_443.log 86400 540" combined
</VirtualHost>

my script as dns.ps1

Param (
    [parameter(Mandatory)]
    $Mode,
    [parameter(Mandatory)]
    $Domain,
    [parameter()]
    $Challenge
)

# remove *.
$Domain = $Domain -replace "^\*\.", ""

# Clooudflare API URI
$Api = "https://api.cloudflare.com/client/v4"

# Cloudflare API Token
$Token = "my_token"
$ZoneId = "my_zone_id"

# Set Headers
$Headers = @{
    "Authorization" = "Bearer $Token"
}

if ($Mode -match "^setup$") {
    $SetupUri = "$Api/zones/$ZoneID/dns_records/"
    $Body = (@{
        "type" = "TXT"
        "name" = "_acme-challenge.$Domain"
        "content" = $Challenge
    } | ConvertTo-Json)
    $Response = Invoke-RestMethod -Method Post -Uri $SetupUri -Body $Body -Headers $Headers -ContentType 'application/json'
} elseif ($Mode -match "^teardown$") {
    $TxtIdUri = "$Api/zones/$ZoneID/dns_records?name=_acme-challenge.$domain&type=TXT"
    $Response = Invoke-RestMethod -Method Get -Uri $TxtIdUri -Headers $Headers -ContentType 'application/json'
    $TxtId = $Response.result.id
    $TeardownUri = "$Api/zones/$ZoneID/dns_records/$TxtId"
    $Response = Invoke-RestMethod -Method Delete -Uri $TeardownUri -Body $Body -Headers $Headers -ContentType 'application/json'
}

error message

[Thu May 26 11:10:40.704723 2022] [md:warn] [pid 4984:tid 636] (OS 2)指定されたファイルが見つかりません。  : example.net: dns-01 setup command failed to execute for example.net
[Thu May 26 11:10:40.704723 2022] [md:error] [pid 4984:tid 636] (OS 2)指定されたファイルが見つかりません。  : md[example.net] while[Setting up challenge 'dns-01' for domain example.net] problem[challenge-setup-failure] detail[None of the offered challenge types example.net offered for domain http-01 dns-01 tls-alpn-01 could be setup successfully. Please check the log for errors.]
[Thu May 26 11:10:40.704723 2022] [md:error] [pid 4984:tid 636] (OS 2)指定されたファイルが見つかりません。  : AH10056: processing example.net: None of the offered challenge typesexample.net offered for domain http-01 dns-01 tls-alpn-01 could be setup successfully. Please check the log for errors.

指定されたファイルが見つかりません。 means The specified file could not be found.

I also tried the following batch file as run.bat

MDChallengeDns01 D:\bin\Apache24\md\run.bat pwsh -File .\dns.ps1 %1 %2 %3

This will give different errors. 

[Thu May 26 13:18:50.537822 2022] [md:error] [pid 9284:tid 608] (20014)Internal error (specific information not available): md[example.net] while[Setting up challenge 'dns-01' for domain example.net] problem[challenge-setup-failure] detail[None of the offered challenge types example.net offered for domain dns-01 could be setup successfully. Please check the log for errors.]
[Thu May 26 13:18:50.537822 2022] [md:error] [pid 9284:tid 608] (20014)Internal error (specific information not available): AH10056: processing example.net: None of the offered challenge types example.net offered for domain dns-01 could be setup successfully. Please check the log for errors.
icing commented 2 years ago

I am not familiar with Powershell. There are two things necessary for the MDChallengeDns01 command to work:

  1. The file needs to be executable
  2. On success, it needs to return 0 as status code

Case 1 seems to fail for the Powershell script, maybe case 2 happend to the .bat?

For other people using Apache on Windows, https://www.apachelounge.com is a good place to ask questions. Hope it helps.

FX8350 commented 2 years ago

Thanks for your kind response. I will ask my question there.