Acme issue with DNSMadeEasy
-
This happening across all devices that were working just fine would be nice understand how to fix we are the latest stable for pfsense and acme?
-
Yes this is happening on all device here is an example of the error log we get:
The error is saying invalid domain but the domain is valid. I presume that the acme program is adding some spaces or character that breaks the domain Key or name when adding the TXT record from being valid but the log is not pointing to anything useful.
How can we fix is still the question??????
accra
Renewing certificate
account: accra
server: letsencrypt-production-2/usr/local/pkg/acme/acme.sh --issue -d 'protector.accra.ca' --dns 'dns_me' --home '/tmp/acme/accra/' --accountconf '/tmp/acme/accra/accountconf.conf' --force --reloadCmd '/tmp/acme/accra/reloadcmd.sh' --log-level 3 --log '/tmp/acme/accra/acme_issuecert.log'
Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[ME_Key] => XXXXXX
[ME_Secret] => XXXXX
)
[Sun Apr 26 09:31:50 ADT 2020] Single domain='protector.accra.ca'
[Sun Apr 26 09:31:50 ADT 2020] Getting domain auth token for each domain
[Sun Apr 26 09:31:51 ADT 2020] Getting webroot for domain='protector.accra.ca'
[Sun Apr 26 09:31:51 ADT 2020] Adding txt value: lBCp8Wt4-qAaJhFXujd6ahh4nz0SqGSTUoSLW5kB-Ys for domain: _acme-challenge.protector.accra.ca
head: illegal byte count -- -2
[Sun Apr 26 09:31:52 ADT 2020] invalid domain
[Sun Apr 26 09:31:52 ADT 2020] Error add txt for domain:_acme-challenge.protector.accra.ca
[Sun Apr 26 09:31:52 ADT 2020] Please check log file for more details: /tmp/acme/accra/acme_issuecert.logPertinent section of detail log:
[Sun Apr 26 09:31:51 ADT 2020] url='https://api.dnsmadeeasy.com/V2.0/dns/managed/name?domainname=protector.accra.ca'
[Sun Apr 26 09:31:51 ADT 2020] timeout=
[Sun Apr 26 09:31:51 ADT 2020] Http already initialized.
[Sun Apr 26 09:31:51 ADT 2020] _CURL='curl -L --silent --dump-header /tmp/acme/accra//http.header -g '
[Sun Apr 26 09:31:51 ADT 2020] ret='0'
[Sun Apr 26 09:31:51 ADT 2020] response='<html><head><title>Apache Tomcat/7.0.12 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - Not Found</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Not Found</u></p><p><b>description</b> <u>The requested resource (Not Found) is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.12</h3></body></html>'
[Sun Apr 26 09:31:51 ADT 2020] name?domainname=accra.ca
[Sun Apr 26 09:31:51 ADT 2020] od exists=0
[Sun Apr 26 09:31:51 ADT 2020] GET
[Sun Apr 26 09:31:51 ADT 2020] url='https://api.dnsmadeeasy.com/V2.0/dns/managed/name?domainname=accra.ca'
[Sun Apr 26 09:31:51 ADT 2020] timeout=
[Sun Apr 26 09:31:51 ADT 2020] Http already initialized.
[Sun Apr 26 09:31:51 ADT 2020] _CURL='curl -L --silent --dump-header /tmp/acme/accra//http.header -g '
[Sun Apr 26 09:31:52 ADT 2020] ret='0'
[Sun Apr 26 09:31:52 ADT 2020] response='{"created":1336003200000,"delegateNameServers":["ns10.dnsmadeeasy.com.","ns11.dnsmadeeasy.com.","ns12.dnsmadeeasy.com.","ns13.dnsmadeeasy.com."],"soaId":5348,"vanityNameServers":[{"id":5187,"fqdn":"ns10.dnsmadeeasy.com"},{"id":5187,"fqdn":"ns11.dnsmadeeasy.com"},{"id":5187,"fqdn":"ns12.dnsmadeeasy.com"},{"id":5187,"fqdn":"ns13.dnsmadeeasy.com"}],"processMulti":false,"activeThirdParties":[{"label":"SendGrid","value":2}],"gtdEnabled":false,"vanityId":5187,"nameServers":[{"ipv6":"2600:1800:10::1","id":10,"ipv4":"208.94.148.4","fqdn":"ns10.dnsmadeeasy.com","groupId":2},{"ipv6":"2600:1801:11::1","id":11,"ipv4":"208.80.124.4","fqdn":"ns11.dnsmadeeasy.com","groupId":2},{"ipv6":"2600:1802:12::1","id":12,"ipv4":"208.80.126.4","fqdn":"ns12.dnsmadeeasy.com","groupId":2},{"ipv6":"2600:1801:13::1","id":13,"ipv4":"208.80.125.4","fqdn":"ns13.dnsmadeeasy.com","groupId":2},{"ipv6":"2600:1802:14::1","id":14,"ipv4":"208.80.127.4","fqdn":"ns14.dnsmadeeasy.com","groupId":2},{"ipv6":"2600:1800:15::1","id":15,"ipv4":"208.94.149.4","fqdn":"ns15.dnsmadeeasy.com","groupId":2}],"updated":1587753489876,"folderId":2329,"pendingActionId":0,"name":"accra.ca","id":789249}'
[Sun Apr 26 09:31:52 ADT 2020] invalid domain
[Sun Apr 26 09:31:52 ADT 2020] Error add txt for domain:_acme-challenge.protector.accra.ca
[Sun Apr 26 09:31:52 ADT 2020] _on_issue_err
[Sun Apr 26 09:31:52 ADT 2020] Please check log file for more details: /tmp/acme/accra/acme_issuecert.log
[Sun Apr 26 09:31:52 ADT 2020] -
Update the ACME package and try again. There was a change in the acme.sh script for DNSMadeEasy which may help.
-
Hi,
Updated to version 0.6.8 and added a new entry to acme and submitted a request using the DSN Made Easy option. The error code 60 seems to indicate that acme is locked to Cloudflare and not using DNSMadeEasy for the connection. Here is what I get back as an error:
[Thu Apr 30 09:21:38 ADT 2020] Multi domain='DNS:help10.filopto.com,DNS:support.filopto.com,DNS:update.filopto.com'
[Thu Apr 30 09:21:38 ADT 2020] Getting domain auth token for each domain
[Thu Apr 30 09:21:40 ADT 2020] Getting webroot for domain='help10.filopto.com'
[Thu Apr 30 09:21:40 ADT 2020] Getting webroot for domain='support.filopto.com'
[Thu Apr 30 09:21:40 ADT 2020] Getting webroot for domain='update.filopto.com'
[Thu Apr 30 09:21:40 ADT 2020] Adding txt value: gTPi8XXXXXX for domain: _acme-challenge.update.filopto.com
[Thu Apr 30 09:21:42 ADT 2020] Adding record
[Thu Apr 30 09:21:42 ADT 2020] Add txt record error.
[Thu Apr 30 09:21:42 ADT 2020] Error add txt for domain:_acme-challenge.update.filopto.com
[Thu Apr 30 09:21:42 ADT 2020] Please check log file for more details:Detail Log:
[Thu Apr 30 09:22:58 ADT 2020] d='update.filopto.com'
[Thu Apr 30 09:22:58 ADT 2020] txtdomain='_acme-challenge.update.filopto.com'
[Thu Apr 30 09:22:58 ADT 2020] aliasDomain='_acme-challenge.update.filopto.com'
[Thu Apr 30 09:22:58 ADT 2020] txt='gTPi8VXXXXX'
[Thu Apr 30 09:22:58 ADT 2020] d_api='/usr/local/pkg/acme/dnsapi/dns_me.sh'
[Thu Apr 30 09:22:58 ADT 2020] Checking update.filopto.com for _acme-challenge.update.filopto.com
[Thu Apr 30 09:22:58 ADT 2020] _c_txtdomain='_acme-challenge.update.filopto.com'
[Thu Apr 30 09:22:58 ADT 2020] _c_aliasdomain='_acme-challenge.update.filopto.com'
[Thu Apr 30 09:22:58 ADT 2020] _c_txt='gTPi8XXXXXX'
[Thu Apr 30 09:22:58 ADT 2020] Detect dns server first.
[Thu Apr 30 09:22:58 ADT 2020] GET
[Thu Apr 30 09:22:58 ADT 2020] url='https://cloudflare-dns.com'
[Thu Apr 30 09:22:58 ADT 2020] timeout=
[Thu Apr 30 09:22:58 ADT 2020] Http already initialized.
[Thu Apr 30 09:22:58 ADT 2020] _CURL='curl -L --silent --dump-header /tmp/acme/filopto//http.header -g '
[Thu Apr 30 09:22:58 ADT 2020] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Thu Apr 30 09:22:58 ADT 2020] ret='60'
[Thu Apr 30 09:22:58 ADT 2020] Use google doh server
[Thu Apr 30 09:22:58 ADT 2020] _ns_ep='https://dns.google/resolve'
[Thu Apr 30 09:22:58 ADT 2020] _ns_domain='_acme-challenge.update.filopto.com'
[Thu Apr 30 09:22:58 ADT 2020] _ns_type='TXT'
[Thu Apr 30 09:22:58 ADT 2020] GET
[Thu Apr 30 09:22:58 ADT 2020] url='https://dns.google/resolve?name=_acme-challenge.update.filopto.com&type=TXT'
[Thu Apr 30 09:22:58 ADT 2020] timeout=
[Thu Apr 30 09:22:58 ADT 2020] Http already initialized.
[Thu Apr 30 09:22:58 ADT 2020] _CURL='curl -L --silent --dump-header /tmp/acme/filopto//http.header -g '
[Thu Apr 30 09:22:58 ADT 2020] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Thu Apr 30 09:22:58 ADT 2020] ret='60'
[Thu Apr 30 09:22:58 ADT 2020] response
[Thu Apr 30 09:22:58 ADT 2020] Not valid yet, let's wait 10 seconds and check next one.
[Thu Apr 30 09:22:58 ADT 2020] _p_txtdomain='_acme-challenge.update.filopto.com'
[Thu Apr 30 09:22:58 ADT 2020] Cloudflare purge TXT record for domain _acme-challenge.update.filopto.com
[Thu Apr 30 09:22:58 ADT 2020] POST
[Thu Apr 30 09:22:58 ADT 2020] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.update.filopto.com&type=TXT'
[Thu Apr 30 09:22:58 ADT 2020] body
[Thu Apr 30 09:22:58 ADT 2020] _postContentType
[Thu Apr 30 09:22:58 ADT 2020] Http already initialized.
[Thu Apr 30 09:22:58 ADT 2020] _CURL='curl -L --silent --dump-header /tmp/acme/filopto//http.header -g '
[Thu Apr 30 09:22:58 ADT 2020] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Thu Apr 30 09:22:58 ADT 2020] _ret='60'
[Thu Apr 30 09:22:58 ADT 2020] response
[Thu Apr 30 09:23:08 ADT 2020] Let's wait 10 seconds and check again./tmp/acme/filopto/acme_issuecert.log
-
0.6.8 worked for us...Thank You
-
I am seeing a similar issue trying to use godaddy dns. It's trying to go to cloudflare. I am on the latest version of acme 0.6.8.
-
No matter what method you use to verify,
acme.shuses Cloudflare DoH to check DNS records: https://redmine.pfsense.org/issues/10411It's not optional (yet?) if it was, we'd probably default that to off. I may look into adding an option to disable it, or even patch it out of the code. Some people block CF DoH.
-
I can open new thread if needed for this, but I am no longer able to update my cert with godaddy dns. I am getting the error 60 as well. The odd thing is, the staging cert works fine. The production cert is throwing the error. I can see that the TXT record is updating in my godaddy dns account, it just isn't able to confirm it's there after the fact. Any suggestions?
-
That would be an issue for a new thread.
-
Finally got time to go back to the certificates and I can confirm that the latest update has fixed my issue.
Thanks much appreciated.
