-
-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Report bugs to ddnss.de API #2230
Comments
I installed acme.sh on my raspberry pi today and tried to get a wildcard certificate for my ddnss.de domain. acme.sh --issue --dns dns_ddnss --keylength 4096 -d xyz.ddnss.de -d *.xyz.ddnss.de (replaced my domain name with xyz here) Now acme.sh successfully set the TXT record and after that set a second TXT record overwriting the first one. After that it tries to validate both and will go into an infinite loop stating: [Mon 6 Jul 16:22:11 CEST 2020] Checking xyz.ddnss.de for _acme-challenge.xyz.ddnss.de |
Hello, unfortunately I was away (without Internet) that's why I just had a look right now. Somehow my test-environment seems to behave differently here for ddnss.de. I get an "...is already verified, skip dns-01." for the second domain. Can you please confirm that you are still seeing this issue with ddnss.de wildcard domains? Can you provide a full debug log, if this is still the case. I don't understand right now, why the challenge seems to behave different on my side... |
I'm going to set up something similar with the same dns config for a friend tomorrow. I'll report what the results are as soon as I'm done there. |
Thanks, I appreciate it. It might be an reproducing-mistake on my side, so this will definitely help. |
Same behaviour as stated in my first post. I don't know if it matters, but we both are using a raspberry pi 4 with Debian Buster. By the way, there is no problem getting one cert and then the other one. it only happens when trying to get multiple certs at once. That means everything is running for now, but I'm new to Let'S Encrypt certificates and acme.sh and I don'T know how it manages the automatic renewal. If it tries to renew them at the same time, in the same way as issuing new ones it might fail with the same error... |
Thanks for providing the Log. Unfortunately I can still not reproduce, since my domains are already verified (even in staging) so I cannot completly comprehend. But from what I see, I can't change that behaviour in the DNS-API of acme.sh, this seems to be an general issue (according to #3036 cloudflare and duckdns could be alos affected). I am really sorry that I can't find an solution right now, will look into this when I have a little more time. |
Ok, no problem. I just thought it was DNS API related because it worked in standalone mode and only showed this behaviour in DNS mode. And I've read somewhere that some providers allow multiple txt records while others don't. So my guess was that it is ddnss specific. |
I have run into the same problem, but using DuckDNS (with Let's Encrypt). The problem appears to be with specifying both the root and wildcard as two -d parameters. I think the result is that the script assigns two different entries to the TXT record. The result is that the second overrides the first. I simply removed the root domain parameter and everything went through fine. I imagine it means the certificate is not valid for the root, but I can live with that. |
Workaround for the Wildcard/TXT problem: (worked for me)
My explanation: This way the check for the root domain is skipped by second step. |
DDNSS API is not completely working. On the Website you need to do 3 things to create an acme entry.
1 & 2 are done perfectly right with the API functionality of acme.sh, but 3 isn't. Is someone able to fix this? Unfortunately I don't know the needed GET variable, which has to be passed for the third checkbox. |
still same problem here ... |
unfortunately same here. |
I was wondering about that. I logged in, clicked the checkbox, and checked again and my TXT record was gone. I forgot to look at acme.sh and see that it successfully verified the _acme-challenge and then removed the TXT record 😅 Edit: I think a feature request needs to be made to the service, specifically the upd.php API to support setting ACME DNS flag |
This is the place to report bugs in the ddnss.de DNS API.
If you experience a bug, please report it in this issue.
The text was updated successfully, but these errors were encountered: