DNS-selfhost.de verification - help required
-
Hi,
I am trying to implement DNS verfication with DNS selfhost.
Unfortunately I am getting the following error message:
As there is only my username and password required - I really don't know what else I need to configure.
Any suggestions or ideas?
Thanks
-
@litronics said in DNS-selfhost.de verification - help required:
Any suggestions or ideas?
As acme.sh is open source, see here - line 38.
I can't tell you what "SELFHOSTDNS_MAP must contain the fulldomain incl. prefix and at least one RID" : some set up info isn't entered correctly ? I'm not even sure what an RID is ....
See also here for more info.
edit :
@litronics said in DNS-selfhost.de verification - help required:
As there is only my username and password required
Noop : you have to enter 3 things, not two.
-
@Gertjan said in DNS-selfhost.de verification - help required:
As acme.sh is open source, see here - line 38.
I can't tell you what "SELFHOSTDNS_MAP must contain the fulldomain incl. prefix and at least one RID" : some set up info isn't entered correctly ? I'm not even sure what an RID is ....
See also here for more info.
Your are right - but I am basically not a developer and reading / understanding source code always takes ages. Hence, I thought it might be a good idea to ask the community first before going down this route.
But it look like I have to do this...@Gertjan said in DNS-selfhost.de verification - help required:
As there is only my username and password required
Noop : you have to enter 3 things, not two.
Hmm - I am tending to disagree, unless one of the optional settings would be required too:
-
@litronics said in DNS-selfhost.de verification - help required:
but I am basically not a developer and reading / understanding source code always takes ages
This is what the end user needs to enter :
export SELFHOSTDNS_USERNAME="myname" export SELFHOSTDNS_PASSWORD="mypass" export SELFHOSTDNS_MAP="_acme-challenge.example.com:12345:98765 alias.example.com:11111"I guess you and me have no questions about the first two entries
I was showing the actual script (the "code") because I would be looking at that so I could figure out what this "SELFHOSTDNS_MAP" variable actually means.
I presume that "selhost.de" should give you an example or even the correct entry for that parameter.
For me, the example = ""_acme-challenge.example.com:12345:98765 alias.example.com:11111"" doesn't look like what you've entered.
-
@Gertjan said in DNS-selfhost.de verification - help required:
I guess you and me have no questions about the first two entries
absolutely right :-)
I actually found a description where to find the required RIDs for that TXT-record:
https://github.com/Marvo2011/acme.sh/issues/1So at the end the only piece missing is - where do I need to configure it in the PFsense UI as there is no field available for either the SELFHOSTDNS_MAP or the RIDs.
You can see what is offered by the UI in my previous post. -
Can you show what you can find in this file :
/tmp/acme/[name-of-your-certicate]/accountsconf.conf
?
I'll bet you will find lines like :.... SELFHOSTDNS_USERNAME='your-self-host-user-name' SELFHOSTDNS_USERNAME='your-self-host-password' ....but not a line like this:
SELFHOSTDNS_MAP='what-ever-is-needed-here'right ?
Normally, acme.sh is a command line tools only.
Here you can see how the acme.sh main config file is created :
https://github.com/pfsense/FreeBSD-ports/blob/812b0feb74c3557cac2f6594d46d7ca11d892073/security/pfSense-pkg-acme/files/usr/local/pkg/acme/acme.inc#L1319
For me, but who am I there is one field missing : SELFHOSTDNS_MAP
The field that acme.sh needs : SELFHOSTDNS_MAPSo - if you dare to test : I've changed that portion of the code (here : /usr/local/pkg/acme/acme.inc - line 1317 ):
$acme_domain_validation_method['dns_selfhost'] = array('name' => "DNS-Selfhost", 'fields' => array( 'SELFHOSTDNS_USERNAME' => array('name' => "selfhostdns_username", 'columnheader' => "Username", 'type' => "textbox", 'description' => "Username" ), 'SELFHOSTDNS_PASSWORD' => array('name' => "selfhostdns_password", 'columnheader' => "Password", 'type' => "password", 'description' => "Password" ), 'SELFHOSTDNS_MAP' => array('name' => "selfhostdns_map", 'columnheader' => "SELFHOSTDNS_MAP", 'type' => "textbox", 'description' => "SELFHOSTDNS_MAP" ) ));and now I see :
So, now, in theory, SELFHOSTDNS_MAP will get added to the acme.sh config file, accountconf.conf file I mentioned above.
You should/could check that.As before : the correct info for SELFHOSTDNS_MAP has to be entered - and I can't test nothing as I've no account with them (selfhost).
-
@Gertjan said in DNS-selfhost.de verification - help required:
Can you show what you can find in this file :
/tmp/acme/[name-of-your-certicate]/accountsconf.conf
?
I'll bet you will find lines like :....
SELFHOSTDNS_USERNAME='your-self-host-user-name'
SELFHOSTDNS_USERNAME='your-self-host-password'
....
but not a line like this:SELFHOSTDNS_MAP='what-ever-is-needed-here'
right ?Nope ..:
@Gertjan said in DNS-selfhost.de verification - help required:
You should/could check that.
As before : the correct info for SELFHOSTDNS_MAP has to be entered - and I can't test nothing as I've no account with them (selfhost).
Thanks for your advice and help navigating the code.
I am testing the update right now and let you know if that worked :) -
Quick update:
The added field for the _MAP solved that issue, and I got a bit further.
Right now, I am working around the update URL - for some reason I am always getting a 401 Unauthorized and I am 100% certain to use the same credentials as I use to update the IP address.
Probably it might be a good idea to add this field into the standard. Personally, I would name it Record-ID as MAP or RID is misleading somehow.
-
@litronics said in DNS-selfhost.de verification - help required:
I would name it Record-ID as MAP or RID is misleading somehow
Because :
@litronics said in DNS-selfhost.de verification - help required:
but I am basically
nota developer and readingyou became a developer.
You know now what to changeAs soon as you've made it work, it's time to drop something useful here : Redmine pfSense.
Descriptive what you've found.
Include a link of this thread.
Read some other already listed bugs first to get yourself an idea how to create one. -
Hope this is descriptive and short enough:
https://redmine.pfsense.org/issues/15229I found actually another bug in the way the password special characters are added into the URL.
Next to the UI changes it is also required to enable some URL encoding to change for example the '#' letter to '%23'.
