-
-
Notifications
You must be signed in to change notification settings - Fork 5.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Report bugs to deSEC.io API #2180
Comments
Minor typos in dns_desec.sh (3bb97b8 on 21 Mar)In lines 28 and 95: |
@KreMic Thank you. I've made a PR to fix the typo. |
Hello
|
Hi @devudopw, could you use --debug 2 to provide some more detail output? |
Hello, I just resolved myself, later I will create PR for this. |
Oops! Turns out there's a place to report 3rd party API bugs. Well, there's mine: #2925 TTL is hard-coded to 60, which makes this program unusable when passed a non-dedyn.io domain. The workaround is to apply for a lower TTL, but I'm not sure how eagerly does desec.io approve these requests. |
Yes, the issue is about TTL, change from 60 to 3600 is working now
|
I can't seem to get DNS API/DESEC working when running it from inside a docker container. This is the command I use The debug info says there is a libcurl error with code 92 when it tries to connect to "https://desec.io/api/v1/domains". Upon looking at the dns_desec.sh file, I believe the error originates from line 159. Is it a question of outdated docker image? The below is an excerpt debug information from the console. [Sun Sep 20 15:35:32 UTC 2020] d='condolencesghana.com' |
have you try #2925 this, change TTL to 3600 |
I'm just looking at the instructions here - https://github.com/acmesh-official/acme.sh/wiki/dnsapi#71-use-desecio and wondering why I can see at the moment in dns_desec.sh it's used for making API requests. However, would it not make more sense to use the The reason I'm thinking this behaviour would be preferable is because once the So if you have multiple different wildcard domains to renew you would need to export the correct |
I was trying to use the script for updating several domains. I confirm the above finding. The |
@mocaadmin this has been merged and fixed in the latest release so you can simply run |
I ran into a, what I believe, new issue with the DESEC API client script. ContextI have the following setup: My domains are delegated to DESEC as DNS provider. I installed the latest version of Proxmox 8.2.2 this includes the libproxmox-acme-plugins 1.5.0. I am currently trying to retrieve SSL certificates via a DNS-01 challenge for my Proxmox Server which is not reachable from the internet via Let's Encrypt. Proxmox uses the acme.sh script to perform Let's Encrypt certificate retrieval. IssueIf I try to retrieve a new certificate, the verification step of Let's Encrypt fails
What I found out isWhen registering the TXT record with DESEC API, the TXT record name is truncated. Only the host-part is used, not the FQDN. The resulting TXT record subname, in the example above, is set as I tracked the issue down to the following point: Possible fixI changed line 62 from This works very well in my case. I will also register a pull-request. Would be awesome if you could test it and bring the change mainline. Thanks! Update: |
…ed for the DNS-01 challenge at DESEC.io. See acmesh-official#2180 (comment) for details.
Okay, new findings. I tried to issue a certificate with the OPNsense integrated acme.sh. It fails exactly in the same way than the one which is integrated into Proxmox. Just one difference, the logs are a bit more verbose and the standard setup of OPNsense is to make acme.sh check for the propagation of the TXT record every 10 seconds. This leads in my case to the first read attempt failing, and the second one to be a success. So the dns_desec.sh thinks that the TXT record is setup correctly and then continues to let Let's encrypt try to validate the record. Let's encrypt then fails as the domain and top-level-domain parts are missing in the TXT record in the DNS server. Anyone has seen the same behaviour? |
This is the place to report bugs in the deSEC.io DNS API.
If you experience a bug, please report it in this issue.
The text was updated successfully, but these errors were encountered: