ACME 0.6.8_2 - DNS-NSupdate / RFC 2136 issue
-
Hi,
I try to validate domain through RFC 2136 using --domain-alias but I am getting error.
I am not sure if I am doing something wrong or there is some issue with scripts.Generated command in log is:
/usr/local/pkg/acme/acme.sh --issue -d 'ImportantDomain1.com' --domain-alias '_1.OnlyAcmeUpdateDomain.com' --dns 'dns_nsupdate' -d '*.ImportantDomain.com' --domain-alias '_1.OnlyAcmeUpdateDomain.com' --dns 'dns_nsupdate' --home '/tmp/acme/_1/' --accountconf '/tmp/acme/_1/accountconf.conf' --force --reloadCmd '/tmp/acme/_1/reloadcmd.sh' --log-level 3 --log '/tmp/acme/_1/acme_issuecert.log'
And the error I get:
[Tue Sep 8 20:11:33 CEST 2020] key /tmp/acme/_1/ImportantDomain1.comnsupdate_1.OnlyAcmeUpdateDomain.com.key is unreadable [Tue Sep 8 20:11:33 CEST 2020] Error add txt for domain:_1.OnlyAcmeUpdateDomain.com [Tue Sep 8 20:11:33 CEST 2020] Please check log file for more details: /tmp/acme/_1/acme_issuecert.log
But when I check folder '/tmp/acme/_1/' I can see the key but with different name:
drwxr-xr-x 2 root wheel 512 Sep 8 18:54 *.ImportantDomain1.com -rw-r--r-- 1 root wheel 100 Sep 8 19:12 *.ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.key -rw-r--r-- 1 root wheel 9 Sep 8 19:12 *.ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.server drwxr-xr-x 6 root wheel 512 Sep 8 19:17 . drwxr-xr-x 3 root wheel 512 Sep 8 18:40 .. -rw-r--r-- 1 root wheel 167 Sep 8 20:11 accountconf.conf -rw-r--r-- 1 root wheel 113604 Sep 8 20:11 acme_issuecert.log drwxr-xr-x 3 root wheel 512 Sep 8 18:40 ca drwxr-xr-x 2 root wheel 512 Sep 8 19:17 ImportantDomain1.com -rw-r--r-- 1 root wheel 100 Sep 8 20:11 ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.key -rw-r--r-- 1 root wheel 9 Sep 8 20:11 ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.server -rw-r--r-- 1 root wheel 571 Sep 8 20:11 http.header drwxr-xr-x 2 root wheel 512 Sep 8 18:40 httpapi -rwxr-xr-x 1 root wheel 211 Sep 8 20:11 reloadcmd.sh
Of course I have replaced my domain with fake name: ImportantDomain1.com
And my domain CNAME updates for ACME with fake name: _1.OnlyAcmeUpdateDomain.comCould you please confirm or deny is it an issue or my mistake ?
I think that there is an issue that omits '--domain-alias' check box in WEB UI and generates key file with prefix: '_acme-challenge', which should be used only when we use option for '--challenge-alias'
-
UPDATE:
I have run some tests and by creating symlinks:ln -s ./\*.ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.key ./\*.ImportantDomain1.comnsupdate_1.OnlyAcmeUpdateDomain.com.key ln -s ./\*.ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.server ./\*.ImportantDomain1.comnsupdate_1.OnlyAcmeUpdateDomain.com.server ln -s ./ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.key ./ImportantDomain1.comnsupdate_1.OnlyAcmeUpdateDomain.com.key ln -s ./ImportantDomain1.comnsupdate_acme-challenge._1.OnlyAcmeUpdateDomain.com.server ./ImportantDomain1.comnsupdate_1.OnlyAcmeUpdateDomain.com.server
I can successfully receive certificates.
Therefore there is a bug in scripts.
Could you please let me know where should I report this BUG to be corrected in next version of package?