security/acme-client: gcloud DNS - error

siga1975 commented 4 years ago

gcloud validation does not work anymore since the last 20.1.8 update

Also manually using gcloud command does not works:

[root@myfw ~]# gcloud dns record-sets list -z internal
ERROR: gcloud failed to load: No module named _sqlite3
    gcloud_main = _import_gcloud_main()
    import googlecloudsdk.gcloud_main
    from googlecloudsdk.api_lib.iamcredentials import util as iamcred_util
    from googlecloudsdk.core.credentials import http as http_creds
    from googlecloudsdk.core.credentials import creds as core_creds
    import sqlite3
    from dbapi2 import *
    from _sqlite3 import *

This usually indicates corruption in your gcloud installation or problems with your Python interpreter.

Please verify that the following is the path to a working Python 2.7 or 3.5+ executable:
    /usr/local/bin/python2

If it is not, please set the CLOUDSDK_PYTHON environment variable to point to a working Python 2.7 or 3.5+ executable.

If you are still experiencing problems, please reinstall the Cloud SDK using the instructions here:
    https://cloud.google.com/sdk/

Adding the env var in /etc/login.conf

default:\
 29         :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,CLOUDSDK_PYTHON=/usr/local/bin/python3:\

And rebuilding makes the command line to correctly works

root@myfw:~ # cap_mkdb /etc/login.conf

Still acme validation does not works, I tried to add

export CLOUDSDK_PYTHON=/usr/local/bin/python3

in file /usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh

but does not help

it fails here

 59   if ! gcloud dns record-sets transaction start \
 60     --transaction-file="$tr" \
 61     --zone="$managedZone"; then
 62     rm -r "$trd"
 63     _err "_dns_gcloud_start_tr: failed to execute transaction"
 64     return 1
 65   fi

doing it manually works

[root@myfw /tmp/tmp.qYVZkyNr]# gcloud dns record-sets transaction start --transaction-file /tmp/tmp.qYVZkyNr/tr.yaml --zone=internal
Transaction started [/tmp/tmp.qYVZkyNr/tr.yaml].
[root@myfw /tmp/tmp.qYVZkyNr]# echo $?
0

LOG:

(__SIGA_DEBUG lines is my entries I added to be sure it was failing there)

[Mon Jul  6 16:54:39 CEST 2020] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Jul  6 16:54:39 CEST 2020] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Mon Jul  6 16:54:39 CEST 2020] DOMAIN_PATH='/var/etc/acme-client/home/time1.signorini.in'
[Mon Jul  6 16:54:39 CEST 2020] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Jul  6 16:54:39 CEST 2020] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Jul  6 16:54:39 CEST 2020] GET
[Mon Jul  6 16:54:39 CEST 2020] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Mon Jul  6 16:54:39 CEST 2020] timeout=
[Mon Jul  6 16:54:39 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.asbXldZQ  -g '
[Mon Jul  6 16:54:40 CEST 2020] ret='0'
[Mon Jul  6 16:54:40 CEST 2020] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Mon Jul  6 16:54:40 CEST 2020] ACME_NEW_AUTHZ
[Mon Jul  6 16:54:40 CEST 2020] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Mon Jul  6 16:54:40 CEST 2020] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Mon Jul  6 16:54:40 CEST 2020] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon Jul  6 16:54:40 CEST 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Mon Jul  6 16:54:40 CEST 2020] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Jul  6 16:54:40 CEST 2020] ACME_VERSION='2'
[Mon Jul  6 16:54:40 CEST 2020] Le_NextRenewTime='1595000189'
[Mon Jul  6 16:54:40 CEST 2020] _on_before_issue
[Mon Jul  6 16:54:40 CEST 2020] _chk_main_domain='time1.signorini.in'
[Mon Jul  6 16:54:40 CEST 2020] _chk_alt_domains
[Mon Jul  6 16:54:40 CEST 2020] Le_LocalAddress
[Mon Jul  6 16:54:40 CEST 2020] d='time1.signorini.in'
[Mon Jul  6 16:54:40 CEST 2020] Check for domain='time1.signorini.in'
[Mon Jul  6 16:54:40 CEST 2020] _currentRoot='dns_gcloud'
[Mon Jul  6 16:54:40 CEST 2020] d
[Mon Jul  6 16:54:40 CEST 2020] _saved_account_key_hash is not changed, skip register account.
[Mon Jul  6 16:54:40 CEST 2020] Read key length:4096
[Mon Jul  6 16:54:40 CEST 2020] _createcsr
[Mon Jul  6 16:54:40 CEST 2020] Single domain='time1.signorini.in'
[Mon Jul  6 16:54:40 CEST 2020] Getting domain auth token for each domain
[Mon Jul  6 16:54:40 CEST 2020] d
[Mon Jul  6 16:54:40 CEST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Mon Jul  6 16:54:40 CEST 2020] payload='{"identifiers": [{"type":"dns","value":"time1.signorini.in"}]}'
[Mon Jul  6 16:54:40 CEST 2020] RSA key
[Mon Jul  6 16:54:40 CEST 2020] HEAD
[Mon Jul  6 16:54:40 CEST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Jul  6 16:54:40 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.2tmRLNSz  -g  -I  '
[Mon Jul  6 16:54:41 CEST 2020] _ret='0'
[Mon Jul  6 16:54:41 CEST 2020] POST
[Mon Jul  6 16:54:41 CEST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Mon Jul  6 16:54:41 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.2tmRLNSz  -g '
[Mon Jul  6 16:54:42 CEST 2020] _ret='0'
[Mon Jul  6 16:54:42 CEST 2020] code='201'
[Mon Jul  6 16:54:42 CEST 2020] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/11137429/110462276'
[Mon Jul  6 16:54:42 CEST 2020] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/11137429/110462276'
[Mon Jul  6 16:54:42 CEST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/73169345'
[Mon Jul  6 16:54:42 CEST 2020] payload
[Mon Jul  6 16:54:42 CEST 2020] POST
[Mon Jul  6 16:54:42 CEST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/73169345'
[Mon Jul  6 16:54:42 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.2tmRLNSz  -g '
[Mon Jul  6 16:54:43 CEST 2020] _ret='0'
[Mon Jul  6 16:54:43 CEST 2020] code='200'
[Mon Jul  6 16:54:43 CEST 2020] d='time1.signorini.in'
[Mon Jul  6 16:54:43 CEST 2020] Getting webroot for domain='time1.signorini.in'
[Mon Jul  6 16:54:43 CEST 2020] _w='dns_gcloud'
[Mon Jul  6 16:54:43 CEST 2020] _currentRoot='dns_gcloud'
[Mon Jul  6 16:54:43 CEST 2020] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/73169345/aagwNQ","token":"X7BDBmQzDDcNz1aCtsRLHRTtr5aVLC13Tw6kY81d7ZM"'
[Mon Jul  6 16:54:43 CEST 2020] token='X7BDBmQzDDcNz1aCtsRLHRTtr5aVLC13Tw6kY81d7ZM'
[Mon Jul  6 16:54:43 CEST 2020] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/73169345/aagwNQ'
[Mon Jul  6 16:54:43 CEST 2020] keyauthorization='X7BDBmQzDDcNz1aCtsRLHRTtr5aVLC13Tw6kY81d7ZM.3MHBVt7MnFrc5uD-ON__maKHwWkWq526YX8apEu8X1A'
[Mon Jul  6 16:54:43 CEST 2020] dvlist='time1.signorini.in#X7BDBmQzDDcNz1aCtsRLHRTtr5aVLC13Tw6kY81d7ZM.3MHBVt7MnFrc5uD-ON__maKHwWkWq526YX8apEu8X1A#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/73169345/aagwNQ#dns-01#dns_gcloud'
[Mon Jul  6 16:54:43 CEST 2020] d
[Mon Jul  6 16:54:43 CEST 2020] vlist='time1.signorini.in#X7BDBmQzDDcNz1aCtsRLHRTtr5aVLC13Tw6kY81d7ZM.3MHBVt7MnFrc5uD-ON__maKHwWkWq526YX8apEu8X1A#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/73169345/aagwNQ#dns-01#dns_gcloud,'
[Mon Jul  6 16:54:43 CEST 2020] d='time1.signorini.in'
[Mon Jul  6 16:54:43 CEST 2020] _d_alias
[Mon Jul  6 16:54:43 CEST 2020] txtdomain='_acme-challenge.time1.signorini.in'
[Mon Jul  6 16:54:43 CEST 2020] txt='4lzj5_EkhwEkch_eSsWB0bc6v1dykgeAWQZmsY1bALQ'
[Mon Jul  6 16:54:43 CEST 2020] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh'
[Mon Jul  6 16:54:43 CEST 2020] Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh
[Mon Jul  6 16:54:43 CEST 2020] Adding txt value: 4lzj5_EkhwEkch_eSsWB0bc6v1dykgeAWQZmsY1bALQ for domain:  _acme-challenge.time1.signorini.in
[Mon Jul  6 16:54:43 CEST 2020] Using gcloud
[Mon Jul  6 16:54:43 CEST 2020] fulldomain='_acme-challenge.time1.signorini.in'
[Mon Jul  6 16:54:43 CEST 2020] txtvalue='4lzj5_EkhwEkch_eSsWB0bc6v1dykgeAWQZmsY1bALQ'
[Mon Jul  6 16:54:43 CEST 2020] filter='dnsName=( _acme-challenge.time1.signorini.in. time1.signorini.in. signorini.in. in. ) AND visibility=public'
[Mon Jul  6 16:54:44 CEST 2020] dnsName='signorini.in.'
[Mon Jul  6 16:54:44 CEST 2020] managedZone='internal'
[Mon Jul  6 16:54:44 CEST 2020] tr='/tmp/tmp.8iXpiIba/tr.yaml'
[Mon Jul  6 16:54:44 CEST 2020] __SIGA_DEBUG tr: >/tmp/tmp.8iXpiIba/tr.yaml<
[Mon Jul  6 16:54:44 CEST 2020] __SIGA_DEBUG zone: >internal<
[Mon Jul  6 16:54:45 CEST 2020] _dns_gcloud_start_tr: failed to execute transaction
[Mon Jul  6 16:54:45 CEST 2020] __SIGA_DEBUG failing here
[Mon Jul  6 16:54:45 CEST 2020] Error add txt for domain:_acme-challenge.time1.signorini.in
[Mon Jul  6 16:54:45 CEST 2020] _on_issue_err
[Mon Jul  6 16:54:45 CEST 2020] Please check log file for more details: /var/log/acme.sh.log
[Mon Jul  6 16:54:45 CEST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/73169345/aagwNQ'
[Mon Jul  6 16:54:45 CEST 2020] payload='{}'
[Mon Jul  6 16:54:45 CEST 2020] POST
[Mon Jul  6 16:54:45 CEST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/73169345/aagwNQ'
[Mon Jul  6 16:54:45 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.2tmRLNSz  -g '
[Mon Jul  6 16:54:46 CEST 2020] _ret='0'
[Mon Jul  6 16:54:46 CEST 2020] code='200'
[Mon Jul  6 16:54:46 CEST 2020] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2o-freebsd  27 Mar 2018
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.18.0
built with OpenSSL 1.1.1g  21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-pcre --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --without-mail_smtp_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --add-module=/usr/obj/usr/ports/www/nginx/work/nginx-module-vts-0.1.18 --with-mail=dynamic --with-stream=dynamic --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/ngx_brotli-8104036 --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/naxsi-0.56/naxsi_src --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/njs-629027e/nginx
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.4 on Jan 29 2020 04:00:10
   running on FreeBSD version FreeBSD 11.2-RELEASE-p20-HBSD  07ef86ce9ca(stable/20.1), release 11.2-RELEASE-p20-HBSD, machine amd64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #undef WITH_ABSTRACT_UNIXSOCKET
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #undef WITH_INTERFACE
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #undef WITH_TUN
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/
[Mon Jul  6 16:54:46 CEST 2020] pid
[Mon Jul  6 16:54:46 CEST 2020] No need to restore nginx, skip.
[Mon Jul  6 16:54:46 CEST 2020] _clearupdns
[Mon Jul  6 16:54:46 CEST 2020] dns_entries
[Mon Jul  6 16:54:46 CEST 2020] skip dns.

OPNsense 20.1.8_1 on Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram

siga1975 commented 4 years ago

still trying to debug, I got exit code 120 from the failing gloud command, which I cannot understand what it means...

some more info in gcloud logs:

[root@myfw` ~/.config/gcloud/logs/2020.07.26]# cat 19.44.36.037317.log
2020-07-26 19:44:36,038 DEBUG    root            Loaded Command Group: ['gcloud', 'dns']
2020-07-26 19:44:36,040 DEBUG    root            Loaded Command Group: ['gcloud', 'dns', 'record_sets']
2020-07-26 19:44:36,053 DEBUG    root            Loaded Command Group: ['gcloud', 'dns', 'record-sets', 'transaction']
2020-07-26 19:44:36,056 DEBUG    root            Loaded Command Group: ['gcloud', 'dns', 'record-sets', 'transaction', 'start']
2020-07-26 19:44:36,059 DEBUG    root            Running [gcloud.dns.record-sets.transaction.start] with arguments: [--transaction-file: "/tmp/tmp.eURaR1AH/tr.yaml", --zone: "internal"]
2020-07-26 19:44:36,585 INFO     ___FILE_ONLY___ Transaction started [/tmp/tmp.eURaR1AH/tr.yaml].

2020-07-26 19:44:36,585 DEBUG    root            [Errno 32] Broken pipe
Traceback (most recent call last):
  File "/usr/local/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 983, in Execute
    resources = calliope_command.Run(cli=self, args=args)
  File "/usr/local/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 808, in Run
    resources = command_instance.Run(args)
  File "/usr/local/google-cloud-sdk/lib/surface/dns/record_sets/transaction/start.py", line 112, in Run
    args.transaction_file))
  File "/usr/local/google-cloud-sdk/lib/googlecloudsdk/core/log.py", line 205, in Print
    self._Write(plain_text, styled_text)
  File "/usr/local/google-cloud-sdk/lib/googlecloudsdk/core/log.py", line 234, in _Write
    self.flush()
  File "/usr/local/google-cloud-sdk/lib/googlecloudsdk/core/log.py", line 249, in flush
    self.__stream_wrapper.stream.flush()
BrokenPipeError: [Errno 32] Broken pipe

siga1975 commented 3 years ago

all my certificates are expired, what can I do to speed up the process? I tried to debug the issue more in deep but with no success

fraenki commented 3 years ago

@siga1975 Sorry to hear that your certificates have expired. :( Your gcloud logs show that the Google Cloud SDK produces an internal error. This does not look like something that can be fixed in OPNsense or os-acme-client. It is probably a bug in this SDK.

Have you since then upgraded to OPNsense 20.7.1 and could post more recent gcloud logs? IIRC a new version of Google Cloud SDK was also included.

siga1975 commented 3 years ago

thanks for your reply

the reason I think it's a plugin issue is that I can insert records manually using gcloud command line

I have indeed upgraded to 20.7.1 and confirm sdk was updated

Here the updated logs

[Thu Aug 27 09:06:34 CEST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Aug 27 09:06:34 CEST 2020] DOMAIN_PATH='/var/etc/acme-client/home/time1.signorini.in'
[Thu Aug 27 09:06:34 CEST 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Thu Aug 27 09:06:34 CEST 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Aug 27 09:06:34 CEST 2020] GET
[Thu Aug 27 09:06:34 CEST 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Aug 27 09:06:34 CEST 2020] timeout=
[Thu Aug 27 09:06:34 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.r15tXQ31  -g '
[Thu Aug 27 09:06:35 CEST 2020] ret='0'
[Thu Aug 27 09:06:35 CEST 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Thu Aug 27 09:06:35 CEST 2020] ACME_NEW_AUTHZ
[Thu Aug 27 09:06:35 CEST 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 27 09:06:35 CEST 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Aug 27 09:06:35 CEST 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Thu Aug 27 09:06:35 CEST 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Aug 27 09:06:35 CEST 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Aug 27 09:06:35 CEST 2020] ACME_VERSION='2'
[Thu Aug 27 09:06:35 CEST 2020] Le_NextRenewTime='1595000189'
[Thu Aug 27 09:06:35 CEST 2020] _on_before_issue
[Thu Aug 27 09:06:35 CEST 2020] _chk_main_domain='time1.signorini.in'
[Thu Aug 27 09:06:35 CEST 2020] _chk_alt_domains
[Thu Aug 27 09:06:35 CEST 2020] Le_LocalAddress
[Thu Aug 27 09:06:35 CEST 2020] d='time1.signorini.in'
[Thu Aug 27 09:06:35 CEST 2020] Check for domain='time1.signorini.in'
[Thu Aug 27 09:06:35 CEST 2020] _currentRoot='dns_gcloud'
[Thu Aug 27 09:06:35 CEST 2020] d
[Thu Aug 27 09:06:35 CEST 2020] _saved_account_key_hash is not changed, skip register account.
[Thu Aug 27 09:06:35 CEST 2020] Read key length:4096
[Thu Aug 27 09:06:35 CEST 2020] _createcsr
[Thu Aug 27 09:06:35 CEST 2020] Single domain='time1.signorini.in'
[Thu Aug 27 09:06:35 CEST 2020] Getting domain auth token for each domain
[Thu Aug 27 09:06:35 CEST 2020] d
[Thu Aug 27 09:06:36 CEST 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 27 09:06:36 CEST 2020] payload='{"identifiers": [{"type":"dns","value":"time1.signorini.in"}]}'
[Thu Aug 27 09:06:36 CEST 2020] RSA key
[Thu Aug 27 09:06:36 CEST 2020] HEAD
[Thu Aug 27 09:06:36 CEST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Aug 27 09:06:36 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.IqBg3aE0  -g  -I  '
[Thu Aug 27 09:06:36 CEST 2020] _ret='0'
[Thu Aug 27 09:06:36 CEST 2020] POST
[Thu Aug 27 09:06:36 CEST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 27 09:06:36 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.IqBg3aE0  -g '
[Thu Aug 27 09:06:38 CEST 2020] _ret='0'
[Thu Aug 27 09:06:38 CEST 2020] code='201'
[Thu Aug 27 09:06:38 CEST 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/74890194/4884647389'
[Thu Aug 27 09:06:38 CEST 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/74890194/4884647389'
[Thu Aug 27 09:06:38 CEST 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/6801807659'
[Thu Aug 27 09:06:38 CEST 2020] payload
[Thu Aug 27 09:06:38 CEST 2020] POST
[Thu Aug 27 09:06:38 CEST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/6801807659'
[Thu Aug 27 09:06:38 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.IqBg3aE0  -g '
[Thu Aug 27 09:06:40 CEST 2020] _ret='0'
[Thu Aug 27 09:06:40 CEST 2020] code='200'
[Thu Aug 27 09:06:40 CEST 2020] d='time1.signorini.in'
[Thu Aug 27 09:06:40 CEST 2020] Getting webroot for domain='time1.signorini.in'
[Thu Aug 27 09:06:40 CEST 2020] _w='dns_gcloud'
[Thu Aug 27 09:06:40 CEST 2020] _currentRoot='dns_gcloud'
[Thu Aug 27 09:06:40 CEST 2020] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/6801807659/dO1LEQ","token":"4al0y8FOvfPV6E5DCa4Z-_bvjuesoSIzn3WarEXxVbk"'
[Thu Aug 27 09:06:40 CEST 2020] token='4al0y8FOvfPV6E5DCa4Z-_bvjuesoSIzn3WarEXxVbk'
[Thu Aug 27 09:06:40 CEST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6801807659/dO1LEQ'
[Thu Aug 27 09:06:40 CEST 2020] keyauthorization='4al0y8FOvfPV6E5DCa4Z-_bvjuesoSIzn3WarEXxVbk.3MHBVt7MnFrc5uD-ON__maKHwWkWq526YX8apEu8X1A'
[Thu Aug 27 09:06:40 CEST 2020] dvlist='time1.signorini.in#4al0y8FOvfPV6E5DCa4Z-_bvjuesoSIzn3WarEXxVbk.3MHBVt7MnFrc5uD-ON__maKHwWkWq526YX8apEu8X1A#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6801807659/dO1LEQ#dns-01#dns_gcloud'
[Thu Aug 27 09:06:40 CEST 2020] d
[Thu Aug 27 09:06:40 CEST 2020] vlist='time1.signorini.in#4al0y8FOvfPV6E5DCa4Z-_bvjuesoSIzn3WarEXxVbk.3MHBVt7MnFrc5uD-ON__maKHwWkWq526YX8apEu8X1A#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6801807659/dO1LEQ#dns-01#dns_gcloud,'
[Thu Aug 27 09:06:40 CEST 2020] d='time1.signorini.in'
[Thu Aug 27 09:06:40 CEST 2020] _d_alias
[Thu Aug 27 09:06:40 CEST 2020] txtdomain='_acme-challenge.time1.signorini.in'
[Thu Aug 27 09:06:40 CEST 2020] txt='f2M3lAnEdLv61_m0nGAodojA4rLyL1qAeXFwnqUrv90'
[Thu Aug 27 09:06:40 CEST 2020] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh'
[Thu Aug 27 09:06:40 CEST 2020] Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh
[Thu Aug 27 09:06:40 CEST 2020] Adding txt value: f2M3lAnEdLv61_m0nGAodojA4rLyL1qAeXFwnqUrv90 for domain:  _acme-challenge.time1.signorini.in
[Thu Aug 27 09:06:40 CEST 2020] Using gcloud
[Thu Aug 27 09:06:40 CEST 2020] fulldomain='_acme-challenge.time1.signorini.in'
[Thu Aug 27 09:06:40 CEST 2020] txtvalue='f2M3lAnEdLv61_m0nGAodojA4rLyL1qAeXFwnqUrv90'
[Thu Aug 27 09:06:40 CEST 2020] filter='dnsName=( _acme-challenge.time1.signorini.in. time1.signorini.in. signorini.in. in. ) AND visibility=public'
[Thu Aug 27 09:06:41 CEST 2020] dnsName='signorini.in.'
[Thu Aug 27 09:06:41 CEST 2020] managedZone='internal'
[Thu Aug 27 09:06:41 CEST 2020] tr='/tmp/tmp.vyfoDHuo/tr.yaml'
[Thu Aug 27 09:06:42 CEST 2020] _dns_gcloud_start_tr: failed to execute transaction
[Thu Aug 27 09:06:42 CEST 2020] Error add txt for domain:_acme-challenge.time1.signorini.in
[Thu Aug 27 09:06:42 CEST 2020] _on_issue_err
[Thu Aug 27 09:06:42 CEST 2020] Please check log file for more details: /var/log/acme.sh.log
[Thu Aug 27 09:06:42 CEST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6801807659/dO1LEQ'
[Thu Aug 27 09:06:42 CEST 2020] payload='{}'
[Thu Aug 27 09:06:42 CEST 2020] POST
[Thu Aug 27 09:06:42 CEST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6801807659/dO1LEQ'
[Thu Aug 27 09:06:42 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.IqBg3aE0  -g '
[Thu Aug 27 09:06:43 CEST 2020] _ret='0'
[Thu Aug 27 09:06:43 CEST 2020] code='200'
[Thu Aug 27 09:06:43 CEST 2020] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1d-freebsd  10 Sep 2019
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.18.0
built with OpenSSL 1.1.1g  21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-pcre --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --without-mail_smtp_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --add-module=/usr/obj/usr/ports/www/nginx/work/nginx-module-vts-0.1.18 --with-mail=dynamic --with-stream=dynamic --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/ngx_brotli-8104036 --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/naxsi-0.56/naxsi_src --add-dynamic-module=/usr/obj/usr/ports/www/nginx/work/njs-b12fc23/nginx
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.4 on Jul 28 2020 02:36:32
   running on FreeBSD version FreeBSD 12.1-RELEASE-p8-HBSD #2  505cf134d9b(stable/20.7)-dirty: Mon Aug 10 12:14:34 CEST 2020     root@sensey64:/usr/obj/usr/src/amd64.amd64/sys/SMP, release 12.1-RELEASE-p8-HBSD, machine amd64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #undef WITH_ABSTRACT_UNIXSOCKET
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #undef WITH_INTERFACE
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #undef WITH_TUN
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/
[Thu Aug 27 09:06:43 CEST 2020] pid
[Thu Aug 27 09:06:43 CEST 2020] No need to restore nginx, skip.
[Thu Aug 27 09:06:43 CEST 2020] _clearupdns
[Thu Aug 27 09:06:43 CEST 2020] dns_entries
[Thu Aug 27 09:06:43 CEST 2020] skip dns.

Now gcloud logs are unreadable... (they was readable with 20.1)

2020.08.27[root@myfw ~/.config/gcloud]# cat logs
▒
 n
.▒
  n
..▒n
2020.08.08pn
2020.08.19▒n
2020.08.20▒n
2020.08.21
2020.08.24▒n
2020.08.25-n
2020.08.26▒
           n
2020.07.28
n
2020.07.29▒
n
n020.07.30
2020.07.31n
2020.08.13
          n
2020.08.22▒n
n020.08.23▒
n020.08.01▒
2020.08.02fn
2020.08.03▒n
2020.08.04Jn
2020.08.05▒n
2020.08.06.n
2020.08.07 n
2020.08.09▒n
2020.08.10n
2020.08.11▒n
2020.08.12▒n
2020.08.14(n
2020.08.15▒n
2020.08.16Bn
2020.08.17▒n
2020.08.18▒n▒

Here some errors I see in the dashboard:

PHP Errors:
[24-Aug-2020 00:00:48 Europe/Zurich] PHP Warning:  dns_get_record(): DNS Query failed in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 994
[25-Aug-2020 00:00:50 Europe/Zurich] PHP Warning:  dns_get_record(): DNS Query failed in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 994
[25-Aug-2020 15:15:01 Europe/Zurich] PHP Warning:  unlink(/var/log/nginx/tls_handshake.log.work): No such file or directory in /usr/local/opnsense/scripts/nginx/tls_ua_fingerprint.php on line 124
[26-Aug-2020 00:00:41 Europe/Zurich] PHP Warning:  dns_get_record(): DNS Query failed in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 994
[26-Aug-2020 08:45:01 Europe/Zurich] PHP Warning:  unlink(/var/log/nginx/tls_handshake.log.work): No such file or directory in /usr/local/opnsense/scripts/nginx/tls_ua_fingerprint.php on line 124
[26-Aug-2020 23:15:00 Europe/Zurich] PHP Warning:  unlink(/var/log/nginx/tls_handshake.log.work): No such file or directory in /usr/local/opnsense/scripts/nginx/tls_ua_fingerprint.php on line 124
[27-Aug-2020 00:00:36 Europe/Zurich] PHP Warning:  dns_get_record(): DNS Query failed in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 994
[27-Aug-2020 09:06:34 Europe/Zurich] PHP Warning:  dns_get_record(): DNS Query failed in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 994

Manually:

[root@myfw ~]# gcloud dns record-sets list -z internal
NAME                           TYPE  TTL    DATA
signorini.in.                  A     900    84.227.70.208
signorini.in.                  NS    21600  ns-cloud-a1.googledomains.com.,ns-cloud-a2.googledomains.com.,ns-cloud-a3.googledomains.com.,ns-cloud-a4.googledomains.com.
signorini.in.                  SOA   21600  ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 61 21600 3600 259200 300
. . . 

Updates are available for some Cloud SDK components.  To install them,
please run:
  $ gcloud components update

[root@myfw ~]# gcloud dns record-sets transaction start --zone=internal
Transaction started [transaction.yaml].
[root@myfw ~]# cat transaction.yaml
---
additions:
- kind: dns#resourceRecordSet
  name: signorini.in.
  rrdatas:
  - ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 62 21600 3600
    259200 300
  ttl: 21600
  type: SOA
deletions:
- kind: dns#resourceRecordSet
  name: signorini.in.
  rrdatas:
  - ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 61 21600 3600
    259200 300
  ttl: 21600
  type: SOA

[root@myfw ~]# gcloud dns record-sets transaction add "1.1.1.1" --zone=internal --name="dummytest.signorini.in." --type="A" --ttl="300"
Record addition appended to transaction at [transaction.yaml].

[root@myfw ~]# cat transaction.yaml
---
additions:
- kind: dns#resourceRecordSet
  name: signorini.in.
  rrdatas:
  - ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 62 21600 3600
    259200 300
  ttl: 21600
  type: SOA
- kind: dns#resourceRecordSet
  name: dummytest.signorini.in.
  rrdatas:
  - 1.1.1.1
  ttl: 300
  type: A
deletions:
- kind: dns#resourceRecordSet
  name: signorini.in.
  rrdatas:
  - ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 61 21600 3600
    259200 300
  ttl: 21600
  type: SOA
[root@myfw ~]# gcloud dns record-sets transaction execute --zone=internal
Executed transaction [transaction.yaml] for managed-zone [internal].
Created [https://dns.googleapis.com/dns/v1/projects/dns-signorini-in/managedZones/internal/changes/104].
ID   START_TIME                STATUS
104  2020-08-27T07:16:57.012Z  pending

[root@myfw ~]# echo $?
0

[root@myfw ~]# gcloud dns record-sets list -z internal | grep dummytest
dummytest.signorini.in.        A     300    1.1.1.1

jdelkins commented 3 years ago

I struggled with this problem as well. The following patch, which disables most error checking in dns_gcloud.sh, results in a successful update. Obviously not a valid fix for the problem, but a temporary workaround that got my certs updated.

--- /usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh.orig 2020-05-03 19:41:37.000000000 -0500
+++ /usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh  2020-08-17 12:25:36.892204000 -0500
@@ -58,9 +58,10 @@
   if ! gcloud dns record-sets transaction start \
     --transaction-file="$tr" \
     --zone="$managedZone"; then
-    rm -r "$trd"
-    _err "_dns_gcloud_start_tr: failed to execute transaction"
-    return 1
+    #rm -r "$trd"
+    #_err "_dns_gcloud_start_tr: failed to execute transaction"
+    _debug _dns_gcloud_start_tr "failed to execute transaction"
+    #return 1
   fi
 }

@@ -69,9 +70,10 @@
     --transaction-file="$tr" \
     --zone="$managedZone"; then
     _debug tr "$(cat "$tr")"
-    rm -r "$trd"
-    _err "_dns_gcloud_execute_tr: failed to execute transaction"
-    return 1
+    #rm -r "$trd"
+    #_err "_dns_gcloud_execute_tr: failed to execute transaction"
+    _debug _dns_gcloud_execute_tr "failed to execute transaction"
+    #return 1
   fi
   rm -r "$trd"

@@ -87,6 +89,7 @@
     fi
   done

+  _debug tr "$(cat "$tr")"
   _err "_dns_gcloud_execute_tr: transaction is still pending after 10 minutes"
   rm -r "$trd"
   return 1
@@ -100,9 +103,10 @@
     --zone="$managedZone" \
     --transaction-file="$tr"; then
     _debug tr "$(cat "$tr")"
-    rm -r "$trd"
-    _err "_dns_gcloud_remove_rrs: failed to remove RRs"
-    return 1
+    #rm -r "$trd"
+    #_err "_dns_gcloud_remove_rrs: failed to remove RRs"
+    _debug _dns_gcloud_remove_rrs "failed to remove RRs"
+    #return 1
   fi
 }

@@ -115,9 +119,10 @@
     --zone="$managedZone" \
     --transaction-file="$tr"; then
     _debug tr "$(cat "$tr")"
-    rm -r "$trd"
-    _err "_dns_gcloud_add_rrs: failed to add RRs"
-    return 1
+    #rm -r "$trd"
+    #_err "_dns_gcloud_add_rrs: failed to add RRs"
+    _debug _dns_gcloud_add_rrs "failed to add RRs"
+    #return 1
   fi
 }

siga1975 commented 3 years ago

looks like it actually works if I ginore the exit codes :) probably there's something wrong on that, it could be transaction succeed even with exit code different from 0, maybe just some warning?

I modified /usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh like this

 50 _dns_gcloud_start_tr() {
 51   if ! trd=$(mktemp -d); then
 52     _err "_dns_gcloud_start_tr: failed to create temporary directory"
 53     return 1
 54   fi
 55   tr="$trd/tr.yaml"
 56   _debug tr "$tr"
 57
 58 _err "__SIGA_DEBUG tr: >$tr<"
 59 _err "__SIGA_DEBUG zone: >$managedZone<"
 60
 61   gcloud dns record-sets transaction start \
 62     --transaction-file="$tr" \
 63     --zone="$managedZone"
 64     rc=$?
 65     _err "_dns_gcloud_start_tr: RC= $rc failed to execute transaction"
 66     return 0
 67 }
 68
 69 _dns_gcloud_execute_tr() {
 70     _debug __SIGA_DEBUG _dns_gcloud_execute_tr
 71
 72   gcloud dns record-sets transaction execute \
 73     --transaction-file="$tr" \
 74     --zone="$managedZone"
 75     rc=$?
 76     _debug tr "$(cat "$tr")"
 77     _err "_dns_gcloud_execute_tr: RC= $rc failed to execute transaction"
 78
 79
 80   for i in $(seq 1 120); do
 81
 82 _err "__SIGA_DEBUG i: $i"
 83     if gcloud dns record-sets changes list \
 84       --zone="$managedZone" \
 85       --filter='status != done' \
 86       | grep -q '^.*'; then
 87       _info "_dns_gcloud_execute_tr: waiting for transaction to be comitted ($i/120)..."
 88       sleep 5
 89     else
 90       return 0
 91     fi
 92   done

113 _dns_gcloud_add_rrs() {
114   ttl=60
115   xargs -r gcloud dns record-sets transaction add \
116     --name="$fulldomain." \
117     --ttl="$ttl" \
118     --type=TXT \
119     --zone="$managedZone" \
120     --transaction-file="$tr"
121     rc=$?
122     _debug tr "$(cat "$tr")"
123     _err "_dns_gcloud_add_rrs: rc=$rc failed to add RRs"
124     return 0
125 }

[Thu Aug 27 16:06:02 CEST 2020] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Thu Aug 27 16:06:02 CEST 2020] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Thu Aug 27 16:06:02 CEST 2020] DOMAIN_PATH='/var/etc/acme-client/home/time1.signorini.in'
[Thu Aug 27 16:06:03 CEST 2020] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Thu Aug 27 16:06:03 CEST 2020] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Thu Aug 27 16:06:03 CEST 2020] GET
[Thu Aug 27 16:06:03 CEST 2020] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Thu Aug 27 16:06:03 CEST 2020] timeout=
[Thu Aug 27 16:06:03 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.yM6hBRIJ  -g '
[Thu Aug 27 16:06:03 CEST 2020] ret='0'
[Thu Aug 27 16:06:03 CEST 2020] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Thu Aug 27 16:06:03 CEST 2020] ACME_NEW_AUTHZ
[Thu Aug 27 16:06:03 CEST 2020] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 27 16:06:03 CEST 2020] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Thu Aug 27 16:06:03 CEST 2020] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Thu Aug 27 16:06:03 CEST 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Aug 27 16:06:03 CEST 2020] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Aug 27 16:06:03 CEST 2020] ACME_VERSION='2'
[Thu Aug 27 16:06:03 CEST 2020] Le_NextRenewTime='1595000189'
[Thu Aug 27 16:06:03 CEST 2020] _on_before_issue
[Thu Aug 27 16:06:03 CEST 2020] _chk_main_domain='time1.signorini.in'
[Thu Aug 27 16:06:03 CEST 2020] _chk_alt_domains
[Thu Aug 27 16:06:03 CEST 2020] Le_LocalAddress
[Thu Aug 27 16:06:03 CEST 2020] d='time1.signorini.in'
[Thu Aug 27 16:06:03 CEST 2020] Check for domain='time1.signorini.in'
[Thu Aug 27 16:06:03 CEST 2020] _currentRoot='dns_gcloud'
[Thu Aug 27 16:06:03 CEST 2020] d
[Thu Aug 27 16:06:03 CEST 2020] _saved_account_key_hash is not changed, skip register account.
[Thu Aug 27 16:06:03 CEST 2020] Read key length:4096
[Thu Aug 27 16:06:03 CEST 2020] _createcsr
[Thu Aug 27 16:06:03 CEST 2020] Single domain='time1.signorini.in'
[Thu Aug 27 16:06:04 CEST 2020] Getting domain auth token for each domain
[Thu Aug 27 16:06:04 CEST 2020] d
[Thu Aug 27 16:06:04 CEST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 27 16:06:04 CEST 2020] payload='{"identifiers": [{"type":"dns","value":"time1.signorini.in"}]}'
[Thu Aug 27 16:06:04 CEST 2020] RSA key
[Thu Aug 27 16:06:04 CEST 2020] HEAD
[Thu Aug 27 16:06:04 CEST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Aug 27 16:06:04 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.ccgVS7Jl  -g  -I  '
[Thu Aug 27 16:06:04 CEST 2020] _ret='0'
[Thu Aug 27 16:06:04 CEST 2020] POST
[Thu Aug 27 16:06:04 CEST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 27 16:06:04 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.ccgVS7Jl  -g '
[Thu Aug 27 16:06:05 CEST 2020] _ret='0'
[Thu Aug 27 16:06:05 CEST 2020] code='201'
[Thu Aug 27 16:06:05 CEST 2020] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/11137429/138133936'
[Thu Aug 27 16:06:05 CEST 2020] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/11137429/138133936'
[Thu Aug 27 16:06:05 CEST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/100814639'
[Thu Aug 27 16:06:05 CEST 2020] payload
[Thu Aug 27 16:06:05 CEST 2020] POST
[Thu Aug 27 16:06:05 CEST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/100814639'
[Thu Aug 27 16:06:05 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.ccgVS7Jl  -g '
[Thu Aug 27 16:06:06 CEST 2020] _ret='0'
[Thu Aug 27 16:06:06 CEST 2020] code='200'
[Thu Aug 27 16:06:06 CEST 2020] d='time1.signorini.in'
[Thu Aug 27 16:06:06 CEST 2020] Getting webroot for domain='time1.signorini.in'
[Thu Aug 27 16:06:06 CEST 2020] _w='dns_gcloud'
[Thu Aug 27 16:06:06 CEST 2020] _currentRoot='dns_gcloud'
[Thu Aug 27 16:06:06 CEST 2020] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/100814639/utr7Ug","token":"L6EfTdYYzKbkQcsG9r3S9sv-u8pHjbUfe7RT7fIMCvY"'
[Thu Aug 27 16:06:06 CEST 2020] token='L6EfTdYYzKbkQcsG9r3S9sv-u8pHjbUfe7RT7fIMCvY'
[Thu Aug 27 16:06:06 CEST 2020] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/100814639/utr7Ug'
[Thu Aug 27 16:06:06 CEST 2020] keyauthorization='L6EfTdYYzKbkQcsG9r3S9sv-u8pHjbUfe7RT7fIMCvY.3MHBVt7MnFrc5uD-ON__maKHwWkWq526YX8apEu8X1A'
[Thu Aug 27 16:06:06 CEST 2020] dvlist='time1.signorini.in#L6EfTdYYzKbkQcsG9r3S9sv-u8pHjbUfe7RT7fIMCvY.3MHBVt7MnFrc5uD-ON__maKHwWkWq526YX8apEu8X1A#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/100814639/utr7Ug#dns-01#dns_gcloud'
[Thu Aug 27 16:06:06 CEST 2020] d
[Thu Aug 27 16:06:06 CEST 2020] vlist='time1.signorini.in#L6EfTdYYzKbkQcsG9r3S9sv-u8pHjbUfe7RT7fIMCvY.3MHBVt7MnFrc5uD-ON__maKHwWkWq526YX8apEu8X1A#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/100814639/utr7Ug#dns-01#dns_gcloud,'
[Thu Aug 27 16:06:06 CEST 2020] d='time1.signorini.in'
[Thu Aug 27 16:06:06 CEST 2020] _d_alias
[Thu Aug 27 16:06:06 CEST 2020] txtdomain='_acme-challenge.time1.signorini.in'
[Thu Aug 27 16:06:06 CEST 2020] txt='XXkeH9BbM26ImHdf1C6KqjS95wVPDV8oRWQ7mg69voI'
[Thu Aug 27 16:06:06 CEST 2020] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh'
[Thu Aug 27 16:06:06 CEST 2020] Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh
[Thu Aug 27 16:06:06 CEST 2020] Adding txt value: XXkeH9BbM26ImHdf1C6KqjS95wVPDV8oRWQ7mg69voI for domain:  _acme-challenge.time1.signorini.in
[Thu Aug 27 16:06:06 CEST 2020] Using gcloud
[Thu Aug 27 16:06:06 CEST 2020] fulldomain='_acme-challenge.time1.signorini.in'
[Thu Aug 27 16:06:06 CEST 2020] txtvalue='XXkeH9BbM26ImHdf1C6KqjS95wVPDV8oRWQ7mg69voI'
[Thu Aug 27 16:06:06 CEST 2020] filter='dnsName=( _acme-challenge.time1.signorini.in. time1.signorini.in. signorini.in. in. ) AND visibility=public'
[Thu Aug 27 16:06:07 CEST 2020] dnsName='signorini.in.'
[Thu Aug 27 16:06:07 CEST 2020] managedZone='internal'
[Thu Aug 27 16:06:07 CEST 2020] tr='/tmp/tmp.tq76osSN/tr.yaml'
[Thu Aug 27 16:06:07 CEST 2020] __SIGA_DEBUG tr: >/tmp/tmp.tq76osSN/tr.yaml<
[Thu Aug 27 16:06:07 CEST 2020] __SIGA_DEBUG zone: >internal<
[Thu Aug 27 16:06:08 CEST 2020] _dns_gcloud_start_tr: RC= 120 failed to execute transaction
[Thu Aug 27 16:06:10 CEST 2020] tr='---
additions:
- kind: dns#resourceRecordSet
  name: signorini.in.
  rrdatas:
  - ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 65 21600 3600
    259200 300
  ttl: 21600
  type: SOA
- kind: dns#resourceRecordSet
  name: _acme-challenge.time1.signorini.in.
  rrdatas:
  - '"XXkeH9BbM26ImHdf1C6KqjS95wVPDV8oRWQ7mg69voI"'
  ttl: 60
  type: TXT
deletions:
- kind: dns#resourceRecordSet
  name: signorini.in.
  rrdatas:
  - ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 64 21600 3600
    259200 300
  ttl: 21600
  type: SOA'
[Thu Aug 27 16:06:10 CEST 2020] _dns_gcloud_add_rrs: rc=1 failed to add RRs
[Thu Aug 27 16:06:10 CEST 2020] __SIGA_DEBUG='_dns_gcloud_execute_tr'
[Thu Aug 27 16:06:11 CEST 2020] tr='---
additions:
- kind: dns#resourceRecordSet
  name: signorini.in.
  rrdatas:
  - ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 65 21600 3600
    259200 300
  ttl: 21600
  type: SOA
- kind: dns#resourceRecordSet
  name: _acme-challenge.time1.signorini.in.
  rrdatas:
  - '"XXkeH9BbM26ImHdf1C6KqjS95wVPDV8oRWQ7mg69voI"'
  ttl: 60
  type: TXT
deletions:
- kind: dns#resourceRecordSet
  name: signorini.in.
  rrdatas:
  - ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 64 21600 3600
    259200 300
  ttl: 21600
  type: SOA'
[Thu Aug 27 16:06:11 CEST 2020] _dns_gcloud_execute_tr: RC= 120 failed to execute transaction
[Thu Aug 27 16:06:11 CEST 2020] __SIGA_DEBUG i: 1
[Thu Aug 27 16:06:13 CEST 2020] _acme-challenge.time1.signorini.in record added
[Thu Aug 27 16:06:13 CEST 2020] The txt record is added: Success.
[Thu Aug 27 16:06:13 CEST 2020] Sleep 120 seconds for the txt records to take effect
[Thu Aug 27 16:08:13 CEST 2020] ok, let's start to verify
[Thu Aug 27 16:08:13 CEST 2020] Verifying: time1.signorini.in
[Thu Aug 27 16:08:13 CEST 2020] d='time1.signorini.in'
[Thu Aug 27 16:08:13 CEST 2020] keyauthorization='L6EfTdYYzKbkQcsG9r3S9sv-u8pHjbUfe7RT7fIMCvY.3MHBVt7MnFrc5uD-ON__maKHwWkWq526YX8apEu8X1A'
[Thu Aug 27 16:08:13 CEST 2020] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/100814639/utr7Ug'
[Thu Aug 27 16:08:13 CEST 2020] _currentRoot='dns_gcloud'
[Thu Aug 27 16:08:13 CEST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/100814639/utr7Ug'
[Thu Aug 27 16:08:13 CEST 2020] payload='{}'
[Thu Aug 27 16:08:13 CEST 2020] POST
[Thu Aug 27 16:08:13 CEST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/100814639/utr7Ug'
[Thu Aug 27 16:08:13 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.ccgVS7Jl  -g '
[Thu Aug 27 16:08:14 CEST 2020] _ret='0'
[Thu Aug 27 16:08:14 CEST 2020] code='200'
[Thu Aug 27 16:08:14 CEST 2020] trigger validation code: 200
[Thu Aug 27 16:08:14 CEST 2020] sleep 2 secs to verify
[Thu Aug 27 16:08:16 CEST 2020] checking
[Thu Aug 27 16:08:16 CEST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/100814639/utr7Ug'
[Thu Aug 27 16:08:16 CEST 2020] payload
[Thu Aug 27 16:08:16 CEST 2020] POST
[Thu Aug 27 16:08:16 CEST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/100814639/utr7Ug'
[Thu Aug 27 16:08:16 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.ccgVS7Jl  -g '
[Thu Aug 27 16:08:17 CEST 2020] _ret='0'
[Thu Aug 27 16:08:17 CEST 2020] code='200'
[Thu Aug 27 16:08:17 CEST 2020] Success
[Thu Aug 27 16:08:17 CEST 2020] pid
[Thu Aug 27 16:08:17 CEST 2020] Skip for removelevel:
[Thu Aug 27 16:08:17 CEST 2020] pid
[Thu Aug 27 16:08:17 CEST 2020] No need to restore nginx, skip.
[Thu Aug 27 16:08:17 CEST 2020] _clearupdns
[Thu Aug 27 16:08:17 CEST 2020] dns_entries='time1.signorini.in,_acme-challenge.time1.signorini.in,,dns_gcloud,XXkeH9BbM26ImHdf1C6KqjS95wVPDV8oRWQ7mg69voI,/usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh
'
[Thu Aug 27 16:08:17 CEST 2020] Removing DNS records.
[Thu Aug 27 16:08:17 CEST 2020] d='time1.signorini.in'
[Thu Aug 27 16:08:17 CEST 2020] txtdomain='_acme-challenge.time1.signorini.in'
[Thu Aug 27 16:08:17 CEST 2020] aliasDomain='_acme-challenge.time1.signorini.in'
[Thu Aug 27 16:08:17 CEST 2020] _currentRoot='dns_gcloud'
[Thu Aug 27 16:08:17 CEST 2020] txt='XXkeH9BbM26ImHdf1C6KqjS95wVPDV8oRWQ7mg69voI'
[Thu Aug 27 16:08:17 CEST 2020] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh'
[Thu Aug 27 16:08:17 CEST 2020] Removing txt: XXkeH9BbM26ImHdf1C6KqjS95wVPDV8oRWQ7mg69voI for domain: _acme-challenge.time1.signorini.in
[Thu Aug 27 16:08:17 CEST 2020] Using gcloud
[Thu Aug 27 16:08:17 CEST 2020] fulldomain='_acme-challenge.time1.signorini.in'
[Thu Aug 27 16:08:17 CEST 2020] txtvalue='XXkeH9BbM26ImHdf1C6KqjS95wVPDV8oRWQ7mg69voI'
[Thu Aug 27 16:08:17 CEST 2020] filter='dnsName=( _acme-challenge.time1.signorini.in. time1.signorini.in. signorini.in. in. ) AND visibility=public'
[Thu Aug 27 16:08:18 CEST 2020] dnsName='signorini.in.'
[Thu Aug 27 16:08:18 CEST 2020] managedZone='internal'
[Thu Aug 27 16:08:18 CEST 2020] tr='/tmp/tmp.Qiiv0PKm/tr.yaml'
[Thu Aug 27 16:08:18 CEST 2020] __SIGA_DEBUG tr: >/tmp/tmp.Qiiv0PKm/tr.yaml<
[Thu Aug 27 16:08:18 CEST 2020] __SIGA_DEBUG zone: >internal<
[Thu Aug 27 16:08:19 CEST 2020] _dns_gcloud_start_tr: RC= 120 failed to execute transaction
[Thu Aug 27 16:08:21 CEST 2020] tr='---
additions:
- kind: dns#resourceRecordSet
  name: signorini.in.
  rrdatas:
  - ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 66 21600 3600
    259200 300
  ttl: 21600
  type: SOA
deletions:
- kind: dns#resourceRecordSet
  name: signorini.in.
  rrdatas:
  - ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 65 21600 3600
    259200 300
  ttl: 21600
  type: SOA
- kind: dns#resourceRecordSet
  name: _acme-challenge.time1.signorini.in.
  rrdatas:
  - '"XXkeH9BbM26ImHdf1C6KqjS95wVPDV8oRWQ7mg69voI"'
  ttl: 60
  type: TXT'
[Thu Aug 27 16:08:21 CEST 2020] _dns_gcloud_remove_rrs: failed to remove RRs
[Thu Aug 27 16:08:21 CEST 2020] Error removing txt for domain:_acme-challenge.time1.signorini.in
[Thu Aug 27 16:08:21 CEST 2020] Verify finished, start to sign.
[Thu Aug 27 16:08:21 CEST 2020] i='2'
[Thu Aug 27 16:08:21 CEST 2020] j='26'
[Thu Aug 27 16:08:21 CEST 2020] Lets finalize the order, Le_OrderFinalize: https://acme-staging-v02.api.letsencrypt.org/acme/finalize/11137429/138133936
[Thu Aug 27 16:08:21 CEST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/11137429/138133936'
[Thu Aug 27 16:08:21 CEST 2020] payload='{"csr": "MIIEnzCCAocCAQAwHTEbMBkGA1UEAwwSdGltZTEuc2lnbm9yaW5pLmluMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxk9Y_FBpwOuDt0JLVHjyQ2pr7dOvQILDadl8G85na7w423CC8oQl_-JajqNT37LiNcQ5rE5qdxc63KZn3JSJY4FAbQ4Dv5iStmGaaSw2f8WOAF2f2145ovqWSIH_62PiXxU0O9w02n_i4ne_b2ygT1TjNWp94PltmxJsLHvZ_92Rraodu5P2MAmd6QqZsXQBGeK78hEggAltbS9pwlrztnfAeAX5iXln7oytwopMUPiDkhbeZmMCmEDZFRGpxEml0-aTKMLdsA6yyr2NBc2pcoa5quvbEI4Mf04B8lYE_ClXuODL9YB53dTgmYny5NismMjuggMs4xG4E2kEg6XqPMDR_v0ACBCF_droscczwi3is8YUTENR2URyfJxGG_MBwfEqFGXXrpc-llvLzpWOQukReKFnNvvTjeFUnvonxbigOMKbaerk041YFo-HTjfVrVzr5o4Gru8fFwDO7oWJaszf_EwHXmd88EPm7_btGFMIOTFu_v55LrOuwic7HLs9eMX7IvaY08sD9ZZhn_BkzVgUxolYVlELw2RVmNAqMZzgE13MqLmUdDlaT2MEIApl0FRVl0q3pX8MnEzutfb1ikKbJEkAdIBaN_5wu9jMpC163KbaVsRKhcEfH6fPhgKbdODvYaipCkWx3f8BWwcS8azZObFuXQa7Q2pGoQNrZP0CAwEAAaA9MDsGCSqGSIb3DQEJDjEuMCwwCwYDVR0PBAQDAgXgMB0GA1UdEQQWMBSCEnRpbWUxLnNpZ25vcmluaS5pbjANBgkqhkiG9w0BAQsFAAOCAgEAJzdTT2mRMvOPnD8fAl9kKmZqfJuE5xxa0RGyBkIh6Cj49cfki11GO9DSQGAJ2f_2ZiZWUvRcCqLlwjEkXV3eJRHun2LJrly0UxCRaLPCu2GGGWJvztypLOsNczipmrYBwRMHPAGjuuN7-nXxAIWwl83pI7DXSm_dX2jpIdHR8-3UGY41bblXCLk9nCro_3HpZrLafYVZ6bWBJM5N9Oww25rl0MfPTLNRRcZdTFZ_IHU8NWHNZUhEU20K3fqoMVyS84jNme1J7pANk5kzBFizXwCO_e00hvYzR14awKhEsFIJcvs-XhpNJlFVKhvka2geaz46FDayZz-MiMb9olSLJVm4aeabc2s9uGWDT3x6uBsfDp4kYobyqviiQmOedyzPCin2cr0mFF-k4YaiGWz0KV1EkCUW-mRcKugniboYpIgreY3zLqrknliR0ZYrnQgvDGwtHUuP-QxB7Ho0L_MI10V6vsNFvgCMSae58O6Vqs66tO-gfvZxW2C9vadqqKIz9QtC082aBfvvE4maZAhDp-I1Q9AI3jnJ2avy9_CmNdDeHSYr29e4QxrlDkgNbDmQHwNKI3zfOnQgb6e8BFufAOb-4Dw79WQKzkcIBmvE1YrLiKidq6LaXX7_wA7zYIiM0VNyFYh5Ka6TQuEIcecFRk2lg5SCZnUjhDnPabWZf1E"}'
[Thu Aug 27 16:08:21 CEST 2020] POST
[Thu Aug 27 16:08:21 CEST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/11137429/138133936'
[Thu Aug 27 16:08:21 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.ccgVS7Jl  -g '
[Thu Aug 27 16:08:22 CEST 2020] _ret='0'
[Thu Aug 27 16:08:22 CEST 2020] code='200'
[Thu Aug 27 16:08:22 CEST 2020] Order status is valid.
[Thu Aug 27 16:08:22 CEST 2020] Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa44605fb86aa80bd2992f1e9428bd058fb1'
[Thu Aug 27 16:08:22 CEST 2020] Download cert, Le_LinkCert: https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa44605fb86aa80bd2992f1e9428bd058fb1
[Thu Aug 27 16:08:22 CEST 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa44605fb86aa80bd2992f1e9428bd058fb1'
[Thu Aug 27 16:08:22 CEST 2020] payload
[Thu Aug 27 16:08:22 CEST 2020] POST
[Thu Aug 27 16:08:22 CEST 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa44605fb86aa80bd2992f1e9428bd058fb1'
[Thu Aug 27 16:08:22 CEST 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  --trace-ascii /tmp/tmp.ccgVS7Jl  -g '
[Thu Aug 27 16:08:23 CEST 2020] _ret='0'
[Thu Aug 27 16:08:23 CEST 2020] code='200'
[Thu Aug 27 16:08:23 CEST 2020] Found cert chain
[Thu Aug 27 16:08:23 CEST 2020] _end_n='36'
[Thu Aug 27 16:08:23 CEST 2020] Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa44605fb86aa80bd2992f1e9428bd058fb1'
[Thu Aug 27 16:08:23 CEST 2020] Cert success.
[Thu Aug 27 16:08:23 CEST 2020] Your cert is in  /var/etc/acme-client/home/time1.signorini.in/time1.signorini.in.cer
[Thu Aug 27 16:08:23 CEST 2020] Your cert key is in  /var/etc/acme-client/home/time1.signorini.in/time1.signorini.in.key
[Thu Aug 27 16:08:23 CEST 2020] v2 chain.
[Thu Aug 27 16:08:23 CEST 2020] The intermediate CA cert is in  /var/etc/acme-client/home/time1.signorini.in/ca.cer
[Thu Aug 27 16:08:23 CEST 2020] And the full chain certs is there:  /var/etc/acme-client/home/time1.signorini.in/fullchain.cer
[Thu Aug 27 16:08:23 CEST 2020] Installing cert to:/var/etc/acme-client/certs/5ec3fc5621b4a6.04922996/cert.pem
[Thu Aug 27 16:08:23 CEST 2020] Installing CA to:/var/etc/acme-client/certs/5ec3fc5621b4a6.04922996/chain.pem
[Thu Aug 27 16:08:23 CEST 2020] Installing key to:/var/etc/acme-client/keys/5ec3fc5621b4a6.04922996/private.key
[Thu Aug 27 16:08:23 CEST 2020] Installing full chain to:/var/etc/acme-client/certs/5ec3fc5621b4a6.04922996/fullchain.pem
[Thu Aug 27 16:08:23 CEST 2020] _on_issue_success
^C

a query reveal the record is there

root@linjs:/root # dig txt _acme-challenge.time1.signorini.in @8.8.8.8

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Raspbian <<>> txt _acme-challenge.time1.signorini.in @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12621
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;_acme-challenge.time1.signorini.in. IN TXT

;; ANSWER SECTION:
_acme-challenge.time1.signorini.in. 59 IN TXT   "XXkeH9BbM26ImHdf1C6KqjS95wVPDV8oRWQ7mg69voI"

;; Query time: 35 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug 27 16:07:55 CEST 2020
;; MSG SIZE  rcvd: 119

and the certificate is created

siga1975 commented 3 years ago

LOL

looks like we posted at the same time the almost same "solution"

jdelkins commented 3 years ago

No doubt in my mind it is a bug with the plugin. I stepped through all of the gcloud invocations on the command line and they all succeeded with exit code zero. I can't fathom why they don't return zero in the plugin, but that seems to be the case.

fraenki commented 3 years ago

I modified /usr/local/share/examples/acme.sh/dnsapi/dns_gcloud.sh like this

Thanks for sharing.

If this solves your problem, then this is not something that can be fixed here. It looks like a bug in acme.sh's gcloud implementation and should be reported there: https://github.com/acmesh-official/acme.sh/issues

fraenki commented 3 years ago

I'll close this issue now, because we'll rely on upstream to fix this bug (assuming that someone will report this to acme.sh).

luispabon commented 6 months ago

So the issue is actually caused by the way the acme plugin code runs shell commands, not acme.sh specifically.

The fix: https://github.com/opnsense/plugins/pull/3745

opnsense / plugins

security/acme-client: gcloud DNS - error #1915