Error asking for alias

[timkopperud]

Hi. I get this error in the addon log:

INFO: Using main config file /etc/dehydrated/config

Processing .mydomainname.com ERROR: Please define a valid alias for your .mydomainname.com wildcard-certificate. See domains.txt-documentation for more details.

I have tried to find the correct syntax for adding an alias into the config, but without success.

Any tips? Thanks.

[troykelly]

Good catch - I don't think I have built it to handle wildcards. We need to generate an alias for the domain cert per the doc - let me have a look at how best we can do that.

# Using the alias 'service_example_com' create a wildcard certificate for
# '*.service.example.com' and store it in the directory
# ${CERTDIR}/service_example_com
# NOTE: It is NOT a certificate for 'service.example.com'
*.service.example.com > service_example_com

[troykelly]

@timkopperud Apologies for the delay - had to completely change the way the domains.txt file is generated. v1.0.3 should fix this for you if you update. This also fixes #2

[troykelly]

Resolved by b2e9a52

[timkopperud]

Now it seems to progress further. I have the error below. Should I manually create the TXT record?

True

+ Responding to challenge for mydomain.com authorization... invalid_challenge called: mydomain.com, { "type": "dns-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:dns", "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mydomain.com", "status": 400 },

[troykelly]

I'm just checking but in the config mydomain.com is your actual domain?

{
  "email": "hello@mydomainname.com",
  "domains": [
    "*.mydomainname.com"
  ],
  "dns": {
    "provider": "dns-cloudflare",
    "cloudflare_username": "cf@mydomainname.com",
    "cloudflare_token": "31242lk3j4ljlfdwsjf0"
  }
}

If you want to email me your actual config troy @troykelly.com Otherwise - while the script is running - check in your DNS provider that the records are being created - you should see some TXT records appear.

[timkopperud]

The TXT record was not created. For testing, I was able to add a TXT record manually with this URL: https://www.namesilo.com/api/dnsAddRecord?version=1&type=xml&key=123456&domain=timkopperud.com&rrtype=TXT&rrhost=test&rrvalue=xxTESTxx&rrttl=7207

The real API key to namesilo is replaced in key with value 123456 here. Real key is used in config.

This confirms API key and domain is correct. This is my config in the add-in:

{ "email": "myemailaddress@is.replaced.here", "domains": [ "*.timkopperud.com", "timkopperud.com" ], "certfile": "fullchain.pem", "keyfile": "privkey.pem", "dns": { "provider": "namesilo", "namesilo_token": "123456" } }

[troykelly]

I tried to create a namesilo account - but they want photo ID and a photo of my credit card, and I'm afraid that just isn't happening. I've tested with Constellix and it appears to be working - it may be that Dehydrated/Lexicon isn't working well with namesilo. Perhaps the 30 second delay isn't enough for records to update? I've got a big weekend of work to get done - but I will have a look at implementing a manual DNS process like: https://github.com/sebastiansterk/dns-01-manual/blob/master/hook.sh

Can you add the entire log here (or email it to me) so I can see what is going on from start to finish?

[timkopperud]

I emailed you the log. I can now confirm the TXT record is created which means the API works fine. The TXT is then removed while the routine prints the last entries in the log.

[troykelly]

Thank you @timkopperud From looking at the logs - Dehydrated & Lexicon look like they are creating the record for sure. But then when Let's Encrypt are checking to see if it exists namesilo are responding with NXDOMAIN. It could well be that namesilo takes a lot more than thirty seconds to publish a DNS change. One way to test would be during the process (after the domain has been created) to check yourself to see if it exists:

> dig TXT _acme-challenge.timkopperud.com @ns1.dnsowl.com.

Which should return the data of the record just created. I'd also reach out to namesilo and check how long records created via the API take to be publicly visible. Happy to keep troubleshooting with you - but there's not a heap I can do inside the add-on that will help with this problem.