# Acme/DNS-ovh

• I am trying tu use the acme plugin with the DNS-ovh method.

At the first renew the server ask me to connect to a web page to authenticate and I am supposed to get the Consumer Key from at this point.

I expected the first renew to save the Consumer Key in the config but the field stay empty.

How can I obtain this key ?

• I tryed.

The consumer key is generates but not displayed or saved

Each time I receive the same same message: "OVH consumer key is empty, Let's get one"

With a new url to authenticate

• Sorry for the late answer. I created a new subdomain and I had the same problem indeed:

``````[Mon Nov 13 23:21:12 CET 2017] Single domain='mydomain.com'
[Mon Nov 13 23:21:12 CET 2017] Getting domain auth token for each domain
[Mon Nov 13 23:21:12 CET 2017] Getting webroot for domain='mydomain.com'
[Mon Nov 13 23:21:12 CET 2017] Getting new-authz for domain='mydomain.com'
[Mon Nov 13 23:21:17 CET 2017] The new-authz request is ok.
[Mon Nov 13 23:21:17 CET 2017] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_ovh.sh
[Mon Nov 13 23:21:18 CET 2017] Using OVH endpoint: ovh-eu
[Mon Nov 13 23:21:18 CET 2017] OVH consumer key is empty, Let's get one:
[Mon Nov 13 23:21:18 CET 2017] Please open this link to do authentication: https://eu.api.ovh.com/auth/?credentialToken=G3uWWvv2WtWC9daQOYQa8ol8Exxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[Mon Nov 13 23:21:18 CET 2017] Here is a guide for you: https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
[Mon Nov 13 23:21:18 CET 2017] Please retry after the authentication is done.
[Mon Nov 13 23:21:18 CET 2017] Error add txt for domain:_acme-challenge.mydomain.com
[Mon Nov 13 23:21:18 CET 2017] Please check log file for more details: /tmp/acme/mydomain.com/acme_issuecert.log
``````

And happened what had to happen, I got blocked:

``````[Mon Nov 13 23:36:40 CET 2017] Single domain='mydomain.com'
[Mon Nov 13 23:36:40 CET 2017] Getting domain auth token for each domain
[Mon Nov 13 23:36:40 CET 2017] Getting webroot for domain='mydomain.com'
[Mon Nov 13 23:36:40 CET 2017] Getting new-authz for domain='mydomain.com'
[Mon Nov 13 23:36:47 CET 2017] The new-authz request is ok.
[Mon Nov 13 23:36:47 CET 2017] new-authz error: {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: Too many failed authorizations recently.","status": 429}
[Mon Nov 13 23:36:47 CET 2017] Please check log file for more details: /tmp/acme/mydomain.com/acme_issuecert.log
``````

So I retry today (24h seems to be enough) but with the tutorial part "Advanced Usage", in which you can obtain the precious Client Key!

To obtain both API Key and Client Key, you just have to set accesses on the domain zone:
https://api.ovh.com/createToken/?GET=/domain/zone/&POST=/domain/zone/&PUT=/domain/zone/*

For security reasons, this one is even better, just replace "mydomain.com" with your domain name:
https://api.ovh.com/createToken/?GET=/domain/zone/mydomain.com/&POST=/domain/zone/mydomain.com/&PUT=/domain/zone/mydomain.com/*&GET=/domain/zone/mydomain.com

I will make more tests on the accesses when I will renew all my OVH "DNS-manual" certificates and post my results but Neilpang tutorial seems to be serious concerning  security.

Then, clic on "Create keys", as usual. This should works after "Issue/Renew" the certificate in pfSense:

``````[Wed Nov 15 20:07:22 CET 2017] Single domain='mydomain.com'
[Wed Nov 15 20:07:22 CET 2017] Getting domain auth token for each domain
[Wed Nov 15 20:07:22 CET 2017] Getting webroot for domain='mydomain.com'
[Wed Nov 15 20:07:22 CET 2017] Getting new-authz for domain='mydomain.com'
[Wed Nov 15 20:07:29 CET 2017] The new-authz request is ok.
[Wed Nov 15 20:07:29 CET 2017] mydomain.com is already verified, skip dns-01.
[Wed Nov 15 20:07:29 CET 2017] Verify finished, start to sign.
[Wed Nov 15 20:07:31 CET 2017] Cert success.
``````

• problem solved

You can locate the in the acme_issuecert.log

``````[Wed Feb 28 18:46:02 CET 2018] consumerKey='[hidden](please add '--output-insecure' to see this value)'
[Wed Feb 28 18:46:02 CET 2018] APP
[Wed Feb 28 18:46:02 CET 2018] 6:OVH_CK='XXXXXXXXXXXXXXXXXXX'
``````