ACME 0.6.8_2 - DNS-NSupdate / RFC 2136 issue

dyleks

Hi,
I try to validate domain through RFC 2136 using --domain-alias but I am getting error.
I am not sure if I am doing something wrong or there is some issue with scripts.

Generated command in log is:

/usr/local/pkg/acme/acme.sh  --issue  -d 'ImportantDomain1.com' --domain-alias '_1.OnlyAcmeUpdateDomain.com' --dns 'dns_nsupdate'  -d '*.ImportantDomain.com' --domain-alias '_1.OnlyAcmeUpdateDomain.com' --dns 'dns_nsupdate'  --home '/tmp/acme/_1/' --accountconf '/tmp/acme/_1/accountconf.conf' --force --reloadCmd '/tmp/acme/_1/reloadcmd.sh' --log-level 3 --log '/tmp/acme/_1/acme_issuecert.log'

And the error I get:

[Tue Sep  8 20:11:33 CEST 2020] key /tmp/acme/_1/ImportantDomain1.comnsupdate_1.OnlyAcmeUpdateDomain.com.key is unreadable
[Tue Sep  8 20:11:33 CEST 2020] Error add txt for domain:_1.OnlyAcmeUpdateDomain.com
[Tue Sep  8 20:11:33 CEST 2020] Please check log file for more details: /tmp/acme/_1/acme_issuecert.log

But when I check folder '/tmp/acme/_1/' I can see the key but with different name:

drwxr-xr-x  2 root  wheel     512 Sep  8 18:54 *.ImportantDomain1.com
-rw-r--r--  1 root  wheel     100 Sep  8 19:12 *.ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.key
-rw-r--r--  1 root  wheel       9 Sep  8 19:12 *.ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.server
drwxr-xr-x  6 root  wheel     512 Sep  8 19:17 .
drwxr-xr-x  3 root  wheel     512 Sep  8 18:40 ..
-rw-r--r--  1 root  wheel     167 Sep  8 20:11 accountconf.conf
-rw-r--r--  1 root  wheel  113604 Sep  8 20:11 acme_issuecert.log
drwxr-xr-x  3 root  wheel     512 Sep  8 18:40 ca
drwxr-xr-x  2 root  wheel     512 Sep  8 19:17 ImportantDomain1.com
-rw-r--r--  1 root  wheel     100 Sep  8 20:11 ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.key
-rw-r--r--  1 root  wheel       9 Sep  8 20:11 ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.server
-rw-r--r--  1 root  wheel     571 Sep  8 20:11 http.header
drwxr-xr-x  2 root  wheel     512 Sep  8 18:40 httpapi
-rwxr-xr-x  1 root  wheel     211 Sep  8 20:11 reloadcmd.sh

Of course I have replaced my domain with fake name: ImportantDomain1.com
And my domain CNAME updates for ACME with fake name: _1.OnlyAcmeUpdateDomain.com

Could you please confirm or deny is it an issue or my mistake ?

I think that there is an issue that omits '--domain-alias' check box in WEB UI and generates key file with prefix: '_acme-challenge', which should be used only when we use option for '--challenge-alias'

dyleks

UPDATE:
I have run some tests and by creating symlinks:

ln -s ./\*.ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.key ./\*.ImportantDomain1.comnsupdate_1.OnlyAcmeUpdateDomain.com.key
ln -s ./\*.ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.server ./\*.ImportantDomain1.comnsupdate_1.OnlyAcmeUpdateDomain.com.server
ln -s ./ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.key ./ImportantDomain1.comnsupdate_1.OnlyAcmeUpdateDomain.com.key
ln -s ./ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.server  ./ImportantDomain1.comnsupdate_1.OnlyAcmeUpdateDomain.com.server

I can successfully receive certificates.
Therefore there is a bug in scripts.
Could you please let me know where should I report this BUG to be corrected in next version of package?