search

phlegx / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
1 stars 1 forks source link

dns_kas.sh: Error removing txt for domain:_acme-challenge.foo #2

Open djonasdev opened 5 years ago

djonasdev commented 5 years ago

Hello,

thanks for implementing an api script for all ink! I get it working on my synology so far 👍 I want to create a "multi wildcard subdomain" certificate which is working so far. The script is creating 3 TXT entries. But when deleting, the error occurs:

Here is the curl url the script is calling:

[Fri May  3 10:53:39 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=fooPasscode&kas_action=delete_dns_settings&var1=record_id&wert1=77044096 51272448 60528537'

If you call the url (https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=fooPasscode&kas_action=delete_dns_settings&var1=record_id&wert1=77044096%2051272448%2060528537) in webbrowser you can see the error message as well:

grafik

Is described in the doc (http://kasapi.kasserver.com/dokumentation/phpdoc/packages/API%20Funktionen.html) you have to pass an array, but I actually don't know how to do it. Another approah would be to call the url 3 times for each id to delete..

phlegx commented 5 years ago

Hi @dojo90! Thanks for the Issue Report. I unfortunately currently do have very little time to get into this. There is also a pull request open since quite some time, but I would need to make quite a few changes to get this merged and I even do not know if Kasserver API can do everything that the acme.sh Maintainer wants to have. See: https://github.com/Neilpang/acme.sh/pull/1341

I only remember that there are some issues with deleting entries. So if I remember correctly I currently did this manually if I needed to.

The API you linked is from PHP. I think the array is only needed in this PHP function. In the form your string should suffice from what I can say, but to be honest I would need to try it myself. Could the record ID mabye be wrong? Maybe you could ask the all-inkl support on how this is working and let us then know herer on how this is done correctly.

If you are interested in improving this dns_kas.sh implemetation feel free to do so :-)

phlegx commented 5 years ago

I just see you try to put all three entries there just with whitespaces. I guess like this is not working and via API one needs to indeed make three calls as you already wrote.

Not sure if it is possible to send an array via API and if it is possible, in which form it has to be send.

phlegx commented 5 years ago

Maybe like this: [ "1234", "5678", "9101112" ]

djonasdev commented 5 years ago

Maybe like this: [ "1234", "5678", "9101112" ]

Not working..

🤔

The problem is that in Line 73 (https://github.com/phlegx/acme.sh/blob/all-inkl-kasserver-dns-script/dnsapi/dns_kas.sh#L73) is a whitespace separated list 1234 5678 9101112.

Actually I'm not that familiar with bash. Could you have a look if this could do the trick?

    # If there is a record_id, delete the entry   
    if [ -n "$_record_id" ]; then
        params="?kas_login=$KAS_Login"
        params="$params&kas_auth_type=$KAS_Authtype"
        params="$params&kas_auth_data=$KAS_Authdata"
        params="$params&kas_action=delete_dns_settings"

        # split it into a seperated list, if there where multiples entries made
        records=($_record_id)
        for i in "${records[@]}"
        do
           params2="$params&var1=record_id"
           params2="$params2&wert1=$i"
           _debug2 "Wait for 10 seconds by default before calling KAS API."
           sleep 10
           response="$(_get "$KAS_Api$params2")"
           _debug2 "response" "$response"
           if ! _contains "$response" "TRUE"; then
               _err "Either the txt record is not found or another error occurred, please check manually."
               return 1
           fi
        done
    else # Cannot delete or unkown error
        _err "No record_id found that can be deleted. Please check manually."
        return 1
    fi
return 0
phlegx commented 5 years ago

I think this looks good @dojo90! Haven't tested it fully though. I assume it is functional right? If yes, can you do a pull request maybe?

djonasdev commented 5 years ago

Actually the solution approach is working, but there is some error in the logic:

The created certificate is working so far and contains all "domains / wildcard subdomains".

Maybe there should be a counter to count the added entries and afterwards use it to check if all entries where already deleted to prevent the error message?

[Fri May  3 12:24:38 CEST 2019] Removing DNS records.
[Fri May  3 12:24:38 CEST 2019] d='dyndns.my-domain.com'
[Fri May  3 12:24:38 CEST 2019] txtdomain='_acme-challenge.dyndns.my-domain.com'
[Fri May  3 12:24:38 CEST 2019] aliasDomain='_acme-challenge.dyndns.my-domain.com'
[Fri May  3 12:24:38 CEST 2019] txt='dZjI2w1fL6-yE_lE8SOR-YhVGy4D7ItJ7C0oTgHVBE8'
[Fri May  3 12:24:38 CEST 2019] d_api='/root/.acme.sh/dnsapi/dns_kas.sh'
[Fri May  3 12:24:38 CEST 2019] Using DNS-01 All-inkl/Kasserver hook
[Fri May  3 12:24:38 CEST 2019] Cleaning up after All-inkl/Kasserver hook
[Fri May  3 12:24:38 CEST 2019] Removing _acme-challenge.dyndns.my-domain.com DNS TXT entry on All-inkl/Kasserver
[Fri May  3 12:24:48 CEST 2019] GET
[Fri May  3 12:24:48 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=sdhgh34dfg23f&kas_action=get_dns_settings&var1=zone_host&wert1=my-domain.com.'
[Fri May  3 12:24:48 CEST 2019] timeout=
[Fri May  3 12:24:48 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri May  3 12:24:48 CEST 2019] ret='0'
[Fri May  3 12:24:58 CEST 2019] GET
[Fri May  3 12:24:58 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=sdhgh34dfg23f&kas_action=delete_dns_settings&var1=record_id&wert1=41955939'
[Fri May  3 12:24:58 CEST 2019] timeout=
[Fri May  3 12:24:58 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri May  3 12:24:59 CEST 2019] ret='0'
[Fri May  3 12:24:59 CEST 2019] d='my-domain.com'
[Fri May  3 12:24:59 CEST 2019] txtdomain='_acme-challenge.my-domain.com'
[Fri May  3 12:24:59 CEST 2019] aliasDomain='_acme-challenge.my-domain.com'
[Fri May  3 12:24:59 CEST 2019] txt='7fHZdvmLBabbr7XikMafMWCfsmOZjFPM1rkLnaJp4ck'
[Fri May  3 12:24:59 CEST 2019] d_api='/root/.acme.sh/dnsapi/dns_kas.sh'
[Fri May  3 12:24:59 CEST 2019] Using DNS-01 All-inkl/Kasserver hook
[Fri May  3 12:24:59 CEST 2019] Cleaning up after All-inkl/Kasserver hook
[Fri May  3 12:24:59 CEST 2019] Removing _acme-challenge.my-domain.com DNS TXT entry on All-inkl/Kasserver
[Fri May  3 12:25:09 CEST 2019] GET
[Fri May  3 12:25:09 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=sdhgh34dfg23f&kas_action=get_dns_settings&var1=zone_host&wert1=my-domain.com.'
[Fri May  3 12:25:09 CEST 2019] timeout=
[Fri May  3 12:25:09 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri May  3 12:25:09 CEST 2019] ret='0'
[Fri May  3 12:25:19 CEST 2019] GET
[Fri May  3 12:25:19 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=sdhgh34dfg23f&kas_action=delete_dns_settings&var1=record_id&wert1=41955955'
[Fri May  3 12:25:19 CEST 2019] timeout=
[Fri May  3 12:25:19 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri May  3 12:25:19 CEST 2019] ret='0'
[Fri May  3 12:25:29 CEST 2019] GET
[Fri May  3 12:25:29 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=sdhgh34dfg23f&kas_action=delete_dns_settings&var1=record_id&wert1=41955957'
[Fri May  3 12:25:29 CEST 2019] timeout=
[Fri May  3 12:25:29 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri May  3 12:25:30 CEST 2019] ret='0'
[Fri May  3 12:25:30 CEST 2019] d='my-domain.com'
[Fri May  3 12:25:30 CEST 2019] txtdomain='_acme-challenge.my-domain.com'
[Fri May  3 12:25:30 CEST 2019] aliasDomain='_acme-challenge.my-domain.com'
[Fri May  3 12:25:30 CEST 2019] txt='EsyzpG9QVXvYRtIbD_DsnE6iiJeuR2cef47sJFL2lSE'
[Fri May  3 12:25:30 CEST 2019] d_api='/root/.acme.sh/dnsapi/dns_kas.sh'
[Fri May  3 12:25:30 CEST 2019] Using DNS-01 All-inkl/Kasserver hook
[Fri May  3 12:25:30 CEST 2019] Cleaning up after All-inkl/Kasserver hook
[Fri May  3 12:25:30 CEST 2019] Removing _acme-challenge.my-domain.com DNS TXT entry on All-inkl/Kasserver
[Fri May  3 12:25:40 CEST 2019] GET
[Fri May  3 12:25:40 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=sdhgh34dfg23f&kas_action=get_dns_settings&var1=zone_host&wert1=my-domain.com.'
[Fri May  3 12:25:40 CEST 2019] timeout=
[Fri May  3 12:25:40 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri May  3 12:25:40 CEST 2019] ret='0'
[Fri May  3 12:25:40 CEST 2019] No record_id found that can be deleted. Please check manually.
[Fri May  3 12:25:40 CEST 2019] Error removing txt for domain:_acme-challenge.my-domain.com
djonasdev commented 5 years ago

I think this looks good @dojo90! Haven't tested it fully though. I assume it is functional right? If yes, can you do a pull request maybe?

I have added my changes right now.

The script is working (with multiple entries) if you only use wildcard requests: *.subdomain.my-domain.com and *.my-domain.com

Then every two entries are properly deleted. If you also want to request the full domain my-domain.com, then there is the described error.. Luckily I only need the wildcard ones (for my NAS) and the full domain certificate is only on the webspace (generated by the hoster). So I don't have any issues anymore. 🤓👌

👆 But the problem still exists!