acme.sh deleting A record for domain along with TXT record for _acme-challenge
I was trying to set up a LetsEncrypt certificate for my domain using Linode's v4 DNS API. I was able to generate the certificate using the staging server, but I also noticed that acme.sh is removing the A record for my domain along with the TXT record for the _acme-challenge domain.
Here's the logs (https://privatebin.net/?9fb794675d24cb23#2sHK56cUjtb2AfqqnNAqqvquoDHC1EVP8BbExu1ZBFgh) for the DNS record deletions from acme_issuecert.log. I have sanitized the logs for privacy purposes. 11111111 is the record ID for pfsense.my.domain.com and 22222222 is the record ID for _acme-challenge.pfsense.my.domain.com.
After LetsEncrypt verifies the TXT record, acme.sh calls _clearupwebbroot , which in turn calls _findHook to verify that the DNS script exists and then deletes the DNS record for the domain . As far as I can tell, this deletion should only happen if we use VTYPE_HTTP as the verification type. The part where the TXT record is cleared happens after _clearupwebbroot is called (in the _clearupdns function).
I looked up the acme.sh script in the official repository and it did not have the "h_api" stuff inside the _clearupwebbroot function where the A record deletion is happening. The "h_api" code was added in this commit: https://github.com/pfsense/FreeBSD-ports/commit/89d58d6676807a2a6090c993b4899407e7b42d7a. If we can check "$vtype" before going into the "h_api" section, like how we are doing before calling the addcommand function , then the A record won't be deleted when using VTYPE_DNS. I have verified that adding the if gate before entering the h_api section in _clearupwebbroot function does fix the issue. I've attached my patch to acme.sh.