Bug #10162
closed
Cloudflare Challenge Alias
Added by Ian Corbitt almost 6 years ago.
Updated almost 6 years ago.
Affected Version:
2.4.4-p3
Affected Architecture:
amd64
Description
When utilizing Cloudflare DNS and challenge alias, the configuration file for the domain is set incorrectly. This causes ACME.sh to add the incorrect TXT entry to Cloudflare DNS, which causes the certificate generation to fail.
Actual domain: aaa.com
Challenge domain: b-b.com
When challenge alias is enabled, the config for ACME.sh that is generated has the following incorrect line:
Le_ChallengeAlias='=b-b.com,'
It should look like the following:
Le_ChallengeAlias='b-b.com,'
This causes ACME.sh to create a TXT entry in Cloudflare with the name "b-b.com" instead of "_acme-challenge". This causes the certificate to fail to issue or renew.
If I manually change the TXT entry to "_acme-challenge" during the DNS wait period the process completes.
- Status changed from New to Not a Bug
- Priority changed from Urgent to Normal
Looks like you might be using the fields incorrectly or have something amiss in your config. Nothing in the code that I see would add anything extra there. Post on the forum with more information about your setup.
Jim Pingle wrote:
Looks like you might be using the fields incorrectly or have something amiss in your config. Nothing in the code that I see would add anything extra there. Post on the forum with more information about your setup.
After fighting it for a while longer, it appears you are correct. Being that I hadn't changed any of my settings in ages but I did just update the acme package, I went ahead and completely blew out my settings and re-did them.
When I set my certificate back up I determined where my issue was. Setting both the DNS alias mode domain and DNS domain alias setting duplicates the behavior I was having. I don't remember having them both set previously, but they might have been. Only setting the DNS domain alias domain resolves my issue. I will admit the description of each setting kind of threw me.
So now I'm not sure if what I was experiencing was a bug or designed behavior.
Either way, my issue is resolved.
Also available in: Atom
PDF
Updated by 
Updated by