Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Report bugs to ddnss.de API #2230

Open
mod242 opened this issue Apr 24, 2019 · 15 comments
Open

Report bugs to ddnss.de API #2230

mod242 opened this issue Apr 24, 2019 · 15 comments
Assignees
Labels
3rd party api report bugs to dns api, deploy hooks and notification hooks

Comments

@mod242
Copy link
Contributor

mod242 commented Apr 24, 2019

This is the place to report bugs in the ddnss.de DNS API.

If you experience a bug, please report it in this issue.

@Neilpang Neilpang added the 3rd party api report bugs to dns api, deploy hooks and notification hooks label Apr 27, 2019
@kinslayer1982
Copy link

I installed acme.sh on my raspberry pi today and tried to get a wildcard certificate for my ddnss.de domain.
According to the tutorials I found I tried with:

acme.sh --issue --dns dns_ddnss --keylength 4096 -d xyz.ddnss.de -d *.xyz.ddnss.de

(replaced my domain name with xyz here)

Now acme.sh successfully set the TXT record and after that set a second TXT record overwriting the first one. After that it tries to validate both and will go into an infinite loop stating:

[Mon 6 Jul 16:22:11 CEST 2020] Checking xyz.ddnss.de for _acme-challenge.xyz.ddnss.de
[Mon 6 Jul 16:22:11 CEST 2020] Already success, continue next one. <- second TXT record
[Mon 6 Jul 16:22:11 CEST 2020] Let's wait 10 seconds and check again.
[Mon 6 Jul 16:22:22 CEST 2020] Checking xyz.ddnss.de for _acme-challenge.xyz.ddnss.de
[Mon 6 Jul 16:22:22 CEST 2020] Not valid yet, let's wait 10 seconds and check next one. <- first TXT record
[Mon 6 Jul 16:22:34 CEST 2020] Checking xyz.ddnss.de for _acme-challenge.xyz.ddnss.de
[Mon 6 Jul 16:22:34 CEST 2020] Already success, continue next one. <- second TXT record again
[Mon 6 Jul 16:22:34 CEST 2020] Let's wait 10 seconds and check again.
[Mon 6 Jul 16:22:45 CEST 2020] Checking xyz.ddnss.de for _acme-challenge.xyz.ddnss.de
[Mon 6 Jul 16:22:45 CEST 2020] Not valid yet, let's wait 10 seconds and check next one. <- first TXT record again

@mod242
Copy link
Contributor Author

mod242 commented Jul 13, 2020

Hello, unfortunately I was away (without Internet) that's why I just had a look right now. Somehow my test-environment seems to behave differently here for ddnss.de.

I get an "...is already verified, skip dns-01." for the second domain. Can you please confirm that you are still seeing this issue with ddnss.de wildcard domains?

Can you provide a full debug log, if this is still the case. I don't understand right now, why the challenge seems to behave different on my side...

@kinslayer1982
Copy link

I'm going to set up something similar with the same dns config for a friend tomorrow. I'll report what the results are as soon as I'm done there.

@mod242
Copy link
Contributor Author

mod242 commented Jul 14, 2020

Thanks, I appreciate it. It might be an reproducing-mistake on my side, so this will definitely help.

@kinslayer1982
Copy link

Same behaviour as stated in my first post. I don't know if it matters, but we both are using a raspberry pi 4 with Debian Buster.
Here's the log-file:
acme.sh.log

By the way, there is no problem getting one cert and then the other one. it only happens when trying to get multiple certs at once. That means everything is running for now, but I'm new to Let'S Encrypt certificates and acme.sh and I don'T know how it manages the automatic renewal. If it tries to renew them at the same time, in the same way as issuing new ones it might fail with the same error...

@mod242
Copy link
Contributor Author

mod242 commented Jul 18, 2020

Thanks for providing the Log. Unfortunately I can still not reproduce, since my domains are already verified (even in staging) so I cannot completly comprehend. But from what I see, I can't change that behaviour in the DNS-API of acme.sh, this seems to be an general issue (according to #3036 cloudflare and duckdns could be alos affected). I am really sorry that I can't find an solution right now, will look into this when I have a little more time.

@kinslayer1982
Copy link

Ok, no problem. I just thought it was DNS API related because it worked in standalone mode and only showed this behaviour in DNS mode. And I've read somewhere that some providers allow multiple txt records while others don't. So my guess was that it is ddnss specific.

@pablito1755
Copy link

I have run into the same problem, but using DuckDNS (with Let's Encrypt). The problem appears to be with specifying both the root and wildcard as two -d parameters. I think the result is that the script assigns two different entries to the TXT record. The result is that the second overrides the first. I simply removed the root domain parameter and everything went through fine. I imagine it means the certificate is not valid for the root, but I can live with that.

@JojoBr0
Copy link

JojoBr0 commented Oct 18, 2021

Workaround for the Wildcard/TXT problem: (worked for me)

  • first issue the Cert for the normal Domain:
    acme.sh --issue (--server ZZZ) --dns dns_ddnss (--dnssleep XX) -d yourdomain.ddnss.de
  • second issue the cert again, now with wildcard
    acme.sh --issue (--server ZZZ) --dns dns_ddnss (--dnssleep XX) -d yourdomain.ddnss.de -d *.yourdomain.ddnss.de --force

My explanation: This way the check for the root domain is skipped by second step.

@McBane87
Copy link

McBane87 commented Feb 18, 2022

DDNSS API is not completely working. On the Website you need to do 3 things to create an acme entry.

  1. Enable Checkbox for TXT-Record
  2. Enter TXT Value
  3. Enable Checkbox for ACME DNS

image

1 & 2 are done perfectly right with the API functionality of acme.sh, but 3 isn't.
Of course I could just manually enable the checkbox for ACME DNS on the website, but unfortunately this checkbox gets disabled automatically every time yout wrtite a new TXT-Entry using the API.

Is someone able to fix this? Unfortunately I don't know the needed GET variable, which has to be passed for the third checkbox.

@tiehfood
Copy link

still same problem here ...

@Schwemm
Copy link

Schwemm commented Oct 25, 2022

unfortunately same here.

@Docteh
Copy link

Docteh commented Dec 11, 2022

I was wondering about that. I logged in, clicked the checkbox, and checked again and my TXT record was gone. I forgot to look at acme.sh and see that it successfully verified the _acme-challenge and then removed the TXT record 😅

Edit: I think a feature request needs to be made to the service, specifically the upd.php API to support setting ACME DNS flag

@stegbth
Copy link

stegbth commented Dec 7, 2024

Hi all,

seems like problem still exists or I use acme.sh wrong.
used command:
export DDNSS_Token="xxx"
./acme.sh --issue --dns dns_ddnss --server letsencrypt --staging --dnssleep 600 -d abc.ddnss.org

  1. TXT Record get filled, ACMEDNS get's disabled
  2. dig _acme-challenge.abc.ddnss.org txt does NOT deliver an answer
  3. even when setting the ACMEDNS manually within the 600s, the response to letsencrypt is NXDOMAIN for

Any ideas what needs to be done?
any working free dyndns vendor known?

br
Thomas

@Docteh
Copy link

Docteh commented Dec 17, 2024

I've noticed that NXDOMAIN lasts a long time, so I added a 60 minute delay to the script, but that was because I didn't notice --dnssleep so I'll try that next time I need to renew. I just wait until acme.sh does its thing, then log in and click the checkbox.

I have also signed up with dynu.com, that works without a hassle, but I don't know if my account needed a certain age to create the txt record or not. (I signed up for a bunch of dyndns awhile back)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3rd party api report bugs to dns api, deploy hooks and notification hooks
Projects
None yet
Development

No branches or pull requests

10 participants