• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DNS-selfhost.de verification - help required

ACME
2
10
592
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    litronics
    last edited by Jan 30, 2024, 2:25 PM

    Hi,
    I am trying to implement DNS verfication with DNS selfhost.
    Unfortunately I am getting the following error message:

    login-to-view

    As there is only my username and password required - I really don't know what else I need to configure.

    Any suggestions or ideas?

    Thanks

    G 1 Reply Last reply Jan 30, 2024, 5:05 PM Reply Quote 0
    • G
      Gertjan @litronics
      last edited by Gertjan Jan 30, 2024, 5:06 PM Jan 30, 2024, 5:05 PM

      @litronics said in DNS-selfhost.de verification - help required:

      Any suggestions or ideas?

      As acme.sh is open source, see here - line 38.

      I can't tell you what "SELFHOSTDNS_MAP must contain the fulldomain incl. prefix and at least one RID" : some set up info isn't entered correctly ? I'm not even sure what an RID is ....

      See also here for more info.

      edit :

      @litronics said in DNS-selfhost.de verification - help required:

      As there is only my username and password required

      Noop : you have to enter 3 things, not two.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      L 1 Reply Last reply Jan 31, 2024, 6:48 AM Reply Quote 0
      • L
        litronics @Gertjan
        last edited by Jan 31, 2024, 6:48 AM

        @Gertjan said in DNS-selfhost.de verification - help required:

        As acme.sh is open source, see here - line 38.

        I can't tell you what "SELFHOSTDNS_MAP must contain the fulldomain incl. prefix and at least one RID" : some set up info isn't entered correctly ? I'm not even sure what an RID is ....

        See also here for more info.

        Your are right - but I am basically not a developer and reading / understanding source code always takes ages. Hence, I thought it might be a good idea to ask the community first before going down this route.
        But it look like I have to do this...

        @Gertjan said in DNS-selfhost.de verification - help required:

        As there is only my username and password required

        Noop : you have to enter 3 things, not two.

        Hmm - I am tending to disagree, unless one of the optional settings would be required too:
        login-to-view

        G 2 Replies Last reply Jan 31, 2024, 9:13 AM Reply Quote 0
        • G
          Gertjan @litronics
          last edited by Jan 31, 2024, 9:13 AM

          @litronics said in DNS-selfhost.de verification - help required:

          but I am basically not a developer and reading / understanding source code always takes ages

          This is what the end user needs to enter :

          export SELFHOSTDNS_USERNAME="myname"
          export SELFHOSTDNS_PASSWORD="mypass"
          export SELFHOSTDNS_MAP="_acme-challenge.example.com:12345:98765 alias.example.com:11111"
          

          I guess you and me have no questions about the first two entries 😊

          I was showing the actual script (the "code") because I would be looking at that so I could figure out what this "SELFHOSTDNS_MAP" variable actually means.

          I presume that "selhost.de" should give you an example or even the correct entry for that parameter.

          For me, the example = ""_acme-challenge.example.com:12345:98765 alias.example.com:11111"" doesn't look like what you've entered.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          L 1 Reply Last reply Jan 31, 2024, 9:36 AM Reply Quote 0
          • L
            litronics @Gertjan
            last edited by Jan 31, 2024, 9:36 AM

            @Gertjan said in DNS-selfhost.de verification - help required:

            I guess you and me have no questions about the first two entries

            absolutely right :-)

            I actually found a description where to find the required RIDs for that TXT-record:
            https://github.com/Marvo2011/acme.sh/issues/1

            So at the end the only piece missing is - where do I need to configure it in the PFsense UI as there is no field available for either the SELFHOSTDNS_MAP or the RIDs.
            You can see what is offered by the UI in my previous post.

            G 1 Reply Last reply Jan 31, 2024, 12:41 PM Reply Quote 0
            • G
              Gertjan @litronics
              last edited by Gertjan Jan 31, 2024, 12:42 PM Jan 31, 2024, 12:41 PM

              @litronics

              Can you show what you can find in this file :
              /tmp/acme/[name-of-your-certicate]/accountsconf.conf
              ?
              I'll bet you will find lines like :

              ....
              SELFHOSTDNS_USERNAME='your-self-host-user-name'
              SELFHOSTDNS_USERNAME='your-self-host-password'
              ....
              

              but not a line like this:

              SELFHOSTDNS_MAP='what-ever-is-needed-here'
              

              right ?

              Normally, acme.sh is a command line tools only.
              Here you can see how the acme.sh main config file is created :
              https://github.com/pfsense/FreeBSD-ports/blob/812b0feb74c3557cac2f6594d46d7ca11d892073/security/pfSense-pkg-acme/files/usr/local/pkg/acme/acme.inc#L1319
              For me, but who am I 😊 there is one field missing : SELFHOSTDNS_MAP
              The field that acme.sh needs : SELFHOSTDNS_MAP

              So - if you dare to test : I've changed that portion of the code (here : /usr/local/pkg/acme/acme.inc - line 1317 ):

              $acme_domain_validation_method['dns_selfhost'] = array('name' => "DNS-Selfhost",
              	'fields' => array(
              		'SELFHOSTDNS_USERNAME' => array('name' => "selfhostdns_username", 'columnheader' => "Username", 'type' => "textbox",
              			'description' => "Username"
              		),
              		'SELFHOSTDNS_PASSWORD' => array('name' => "selfhostdns_password", 'columnheader' => "Password", 'type' => "password",
              			'description' => "Password"
              		),
              		'SELFHOSTDNS_MAP' => array('name' => "selfhostdns_map", 'columnheader' => "SELFHOSTDNS_MAP", 'type' => "textbox",
              			'description' => "SELFHOSTDNS_MAP"
              		)
              	));
              

              and now I see :

              login-to-view

              So, now, in theory, SELFHOSTDNS_MAP will get added to the acme.sh config file, accountconf.conf file I mentioned above.
              You should/could check that.

              As before : the correct info for SELFHOSTDNS_MAP has to be entered - and I can't test nothing as I've no account with them (selfhost).

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              L 1 Reply Last reply Jan 31, 2024, 1:37 PM Reply Quote 0
              • L
                litronics @Gertjan
                last edited by Jan 31, 2024, 1:37 PM

                @Gertjan said in DNS-selfhost.de verification - help required:

                Can you show what you can find in this file :
                /tmp/acme/[name-of-your-certicate]/accountsconf.conf
                ?
                I'll bet you will find lines like :

                ....
                SELFHOSTDNS_USERNAME='your-self-host-user-name'
                SELFHOSTDNS_USERNAME='your-self-host-password'
                ....
                but not a line like this:

                SELFHOSTDNS_MAP='what-ever-is-needed-here'
                right ?

                Nope ..:
                login-to-view

                @Gertjan said in DNS-selfhost.de verification - help required:

                You should/could check that.

                As before : the correct info for SELFHOSTDNS_MAP has to be entered - and I can't test nothing as I've no account with them (selfhost).

                Thanks for your advice and help navigating the code.
                I am testing the update right now and let you know if that worked :)

                L 1 Reply Last reply Jan 31, 2024, 2:24 PM Reply Quote 0
                • L
                  litronics @litronics
                  last edited by Jan 31, 2024, 2:24 PM

                  Quick update:

                  The added field for the _MAP solved that issue, and I got a bit further.

                  Right now, I am working around the update URL - for some reason I am always getting a 401 Unauthorized and I am 100% certain to use the same credentials as I use to update the IP address.

                  Probably it might be a good idea to add this field into the standard. Personally, I would name it Record-ID as MAP or RID is misleading somehow.

                  1 Reply Last reply Reply Quote 0
                  • G
                    Gertjan @litronics
                    last edited by Feb 1, 2024, 7:32 AM

                    @litronics said in DNS-selfhost.de verification - help required:

                    I would name it Record-ID as MAP or RID is misleading somehow

                    Because :

                    @litronics said in DNS-selfhost.de verification - help required:

                    but I am basically not a developer and reading

                    you became a developer.
                    You know now what to change 😊

                    As soon as you've made it work, it's time to drop something useful here : Redmine pfSense.
                    Descriptive what you've found.
                    Include a link of this thread.
                    Read some other already listed bugs first to get yourself an idea how to create one.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    L 1 Reply Last reply Feb 3, 2024, 7:53 AM Reply Quote 0
                    • L
                      litronics @Gertjan
                      last edited by Feb 3, 2024, 7:53 AM

                      @Gertjan

                      Hope this is descriptive and short enough:
                      https://redmine.pfsense.org/issues/15229

                      I found actually another bug in the way the password special characters are added into the URL.
                      Next to the UI changes it is also required to enable some URL encoding to change for example the '#' letter to '%23'.

                      1 Reply Last reply Reply Quote 1
                      7 out of 10
                      • First post
                        7/10
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.