Bug #7211
closed
DNS Made Easy ACME script not parsing domain IDs properly
0%
Description
I'm currently running pfSense 2.3.2_1, and I tried the new ACME package (0.1.5) with DNS Made Easy verification. However, I noticed it came back with an error when trying to do the challenge authentication:
[Sat Feb 4 14:12:35 PST 2017] Single domain='pfsense.mydomainhere.com'
[Sat Feb 4 14:12:35 PST 2017] Getting domain auth token for each domain
[Sat Feb 4 14:12:35 PST 2017] Getting webroot for domain='pfsense.mydomainhere.com'
[Sat Feb 4 14:12:35 PST 2017] _w='dns_me'
[Sat Feb 4 14:12:35 PST 2017] Getting new-authz for domain='pfsense.mydomainhere.com'
[Sat Feb 4 14:12:40 PST 2017] The new-authz request is ok.
[Sat Feb 4 14:12:40 PST 2017] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_me.sh
[Sat Feb 4 14:12:41 PST 2017] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Sat Feb 4 14:12:41 PST 2017] error 12345}/records?recordName=_acme-challenge&type=TXT
[Sat Feb 4 14:12:41 PST 2017] Error
[Sat Feb 4 14:12:41 PST 2017] Error add txt for domain:_acme-challenge.pfsense.mydomainhere.com
[Sat Feb 4 14:12:41 PST 2017] Please check log file for more details: /tmp/acme/pfsense.mydomainhere.com-test/acme_issuecert.log
In the log, I'm seeing:
[Sat Feb 4 14:12:41 PST 2017] response='{"created":1486166400000,"delegateNameServers":[],"folderId":114541,"gtdEnabled":false,"nameServers":[{"fqdn":"ns10.dnsmadeeasy.com","ipv4":"208.94.148.4","ipv6":"2600:1800:10::1"},{"fqdn":"ns11.dnsmadeeasy.com","ipv4":"208.80.124.4","ipv6":"2600:1801:11::1"},{"fqdn":"ns12.dnsmadeeasy.com","ipv4":"208.80.126.4","ipv6":"2600:1802:12::1"},{"fqdn":"ns13.dnsmadeeasy.com","ipv4":"208.80.125.4","ipv6":"2600:1801:13::1"},{"fqdn":"ns14.dnsmadeeasy.com","ipv4":"208.80.127.4","ipv6":"2600:1802:14::1"},{"fqdn":"ns15.dnsmadeeasy.com","ipv4":"208.94.149.4","ipv6":"2600:1800:15::1"}],"pendingActionId":0,"updated":1486245142859,"processMulti":false,"activeThirdParties":[],"name":"pfsense.mydomainhere.com","id":12345}'
[Sat Feb 4 14:12:41 PST 2017] _domain_id='12345}'
So, it looks like it's grabbing that last } from the JSON payload and including it in the domain ID, which seems to be passed along to later calls and failing:
[Sat Feb 4 14:12:41 PST 2017] _domain_id='12345}'
[Sat Feb 4 14:12:41 PST 2017] _sub_domain='_acme-challenge'
[Sat Feb 4 14:12:41 PST 2017] _domain='pfsense.mydomainhere.com'
[Sat Feb 4 14:12:41 PST 2017] Getting txt records
[Sat Feb 4 14:12:41 PST 2017] 12345}/records?recordName=_acme-challenge&type=TXT
[Sat Feb 4 14:12:41 PST 2017] GET
[Sat Feb 4 14:12:41 PST 2017] url='https://api.dnsmadeeasy.com/V2.0/dns/managed/12345}/records?recordName=_acme-challenge&type=TXT'
[Sat Feb 4 14:12:41 PST 2017] timeout
[Sat Feb 4 14:12:41 PST 2017] curl exists=0
[Sat Feb 4 14:12:41 PST 2017] wget exists=127
[Sat Feb 4 14:12:41 PST 2017] _CURL='curl -L --silent --dump-header /tmp/acme/pfsense.mydomainhere.com-test//http.header '
[Sat Feb 4 14:12:41 PST 2017] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Sat Feb 4 14:12:41 PST 2017] ret='3'
[Sat Feb 4 14:12:41 PST 2017] error 12345}/records?recordName=_acme-challenge&type=TXT
[Sat Feb 4 14:12:41 PST 2017] Error
[Sat Feb 4 14:12:41 PST 2017] Error add txt for domain:_acme-challenge.pfsense.mydomainhere.com
[Sat Feb 4 14:12:41 PST 2017] pid
[Sat Feb 4 14:12:41 PST 2017] _clearupdns
[Sat Feb 4 14:12:41 PST 2017] Dns not added, skip.
[Sat Feb 4 14:12:41 PST 2017] _on_issue_err
[Sat Feb 4 14:12:41 PST 2017] Please check log file for more details: /tmp/acme/pfsense.mydomainhere.com-test/acme_issuecert.log
Updated by 
Updated by 
Updated by 
Updated by 
Updated by