Project

General

Profile

Actions
Copy link

Bug #15061

open

acme.sh nsupdate with challengealias is failing in certain cases

Added by Seyfidin Hamraoui over 1 year ago. Updated 5 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
ACME
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
2.7.0
Affected Plus Version:
23.09
Affected Architecture:

Description

When using nsupdate with challengealias the wrong filename is used, therefore the script fails.

[Mon Dec  4 03:48:50 CET 2023] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Dec  4 03:48:50 CET 2023] Using pre generated key: /tmp/acme/domain/domain.de/domain.de.key.next
[Mon Dec  4 03:48:50 CET 2023] Generate next pre-generate key.
[Mon Dec  4 03:48:51 CET 2023] Single domain='domain.de'
[Mon Dec  4 03:48:51 CET 2023] Getting domain auth token for each domain
[Mon Dec  4 03:48:54 CET 2023] Getting webroot for domain='domain.de'
[Mon Dec  4 03:48:54 CET 2023] Adding txt value: gVr0HUKsGuBvrO7Iz-Ks-hfVuo0YAU0qBilM1cj6fW8 for domain:  dns.domain.de
[Mon Dec  4 03:48:54 CET 2023] key /tmp/acme/DOMAIN/domain.densupdatedns.domain.de.key is unreadable
[Mon Dec  4 03:48:54 CET 2023] Error add txt for domain:dns.domain.de
[Mon Dec  4 03:48:54 CET 2023] Please check log file for more details: /tmp/acme/DOMAIN/acme_issuecert.log

Expected correct filename => /tmp/acme/DOMAIN/domain.densupdatedns.domain.de.key
Actual wrong filename => /tmp/acme/DOMAIN/domain.densupdate_acme-challenge.dns.domain.de.key

https://github.com/pfsense/FreeBSD-ports/pull/1330

Actions
Copy link
 #1

Updated by Jim Pingle about 1 year ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle
Actions
Copy link
 #2

Updated by Jim Pingle about 1 year ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

Fixed in ACME pkg v0.8

Actions
Copy link
 #3

Updated by Greg M 12 months ago

Hi.

For me, this was working for years and now it stopped.
See forum for more info: https://forum.netgate.com/topic/188144/trouble-with-dns-nsupdate-enable-dns-alias-mode

Actions
Copy link
 #4

Updated by Jim Pingle 12 months ago

  • Subject changed from acme.sh nsupdate with challengealias is failing to acme.sh nsupdate with challengealias is failing in certain cases
  • Status changed from Resolved to New
  • Assignee deleted (Jim Pingle)

Change reverted.

Actions
Copy link
 #5

Updated by Seyfidin Hamraoui 5 days ago

Sorry for getting it wrong the first time. Fixed it again and tested both challengealias without and with challengedomain set.

https://github.com/pfsense/FreeBSD-ports/pull/1413

Actions
Copy link

Also available in: Atom PDF