Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Report bugs to 1984Hosting dns api #2851

Open
phedoreanu opened this issue Apr 10, 2020 · 43 comments
Open

Report bugs to 1984Hosting dns api #2851

phedoreanu opened this issue Apr 10, 2020 · 43 comments
Assignees
Labels
3rd party api report bugs to dns api, deploy hooks and notification hooks

Comments

@phedoreanu
Copy link
Contributor

phedoreanu commented Apr 10, 2020

Please report any issues with the 1984Hosting dns api here.

Thanks!

EDIT: add usage guide.

@acmesh-official acmesh-official deleted a comment from auto-comment bot Apr 12, 2020
@Neilpang Neilpang added the 3rd party api report bugs to dns api, deploy hooks and notification hooks label Apr 12, 2020
@DerVerruckteFuchs
Copy link
Contributor

I'm trying to use the acme package for pfsense. I'm getting on _on_issue_err. From what I can tell, the relevant part on the issuecert log is:

invalid domain='_acme-challeng.example.com'
Error add txt for domain:_acme-challenge.example.com
_on_issue_err

At first I thought it had trouble with subdomains, but it seems to also have the same problem with domains. I've had trouble before making the relevant _acme-challenge.subdomain.example.com, and after. The script seems to have no issue logging in, but actually adding the TXT records seems to be an issue. I will note that when I'm logged in, my relevant TXT record shows up as _acme-challenge.subdomain, which may or may not be having an effect.

@DerVerruckteFuchs
Copy link
Contributor

I did some more testing. In _get_root(), the results of _authget() fail to get a response that contains "serial". Using _info to help print out useful information, $_response is {"auth": false, "ok": false}. My username and password are correct, and the script gets past _1984hosting_login(), but fails in _get_root().

I chased it down to the login cookie not getting set correctly. On line 171 of dns_1984hosting.sh there is a broken grep search. The HTTP header has set-cookie, but the grep is looking for Set-Cookie, so $One984HOSTING_COOKIE is left empty. Correcting the grep to look for set-cookie fixes it.

@DerVerruckteFuchs
Copy link
Contributor

I made a pull request (#2961) that should fix this. I've tested it, and it seems to work fine. The script finished and I can see the new TXT record for my domain.

@DerVerruckteFuchs
Copy link
Contributor

After @Neilpang reviewed my pull request, I had to look at why there was difference in capitalization. It came down to a change between HTTP/1.1 -> HTTP/2. HTTP/1.1 is case insensitive, so anything goes with upper/lower case. HTTP/2 is technically also case insensitive, but valid HTTP/2 header fields are lower case. I think the script was originally tested with only HTTP/1.1 header fields. Though technically they are case insensitive, so the script could have failed with a change of case in the HTTP/1.1 set-cookie: header field as well.

@poVoq
Copy link

poVoq commented Jul 4, 2020

It seems they have an experimental API. When asking their tech support they provided me with a python-script to used with Dehydrated and the warning "it is hidden, half-cooked and not tested with wildcards". Couldn't actually get the script to work with Dehydrated on OpenWRT, but looking at the code the API should work also with acme.sh:

https://api.1984.is/1.0/freedns/letsencrypt/?apikey=yourapikey&domain=yourdomain&challenge=generatedchallenge

@poVoq
Copy link

poVoq commented Jul 4, 2020

Hmm, I tried it with the login option, but for unclear reasons it does not allow me to log in. Edit: I did get manual mode working though.

It would be much appreciated if someone who knows the system better than me could try it with the API and make a script for it. I had a look if there was a similar api with a simple webhook (the old Linode one maybe?), but I couldn't quite wrapp my head around how the script works exactly.

@DerVerruckteFuchs
Copy link
Contributor

It seems they have an experimental API. When asking their tech support they provided me with a python-script to used with Dehydrated and the warning "it is hidden, half-cooked and not tested with wildcards". Couldn't actually get the script to work with Dehydrated on OpenWRT, but looking at the code the API should work also with acme.sh:

https://api.1984.is/1.0/freedns/letsencrypt/?apikey=yourapikey&domain=yourdomain&challenge=generatedchallenge

I put my freedns api key, domain, and generated challenge into the example URL. Simply taking that and putting that into a browser URL bar was enough to add the TXT record for me. I got this as JSON output:
{"ok": true, "msg": "letsencrypt entry created"}

I did not even need to be logged in and it worked. A simple HTTP POST request might be enough after generating a URL with the necessary variables.

@DerVerruckteFuchs
Copy link
Contributor

DerVerruckteFuchs commented Mar 10, 2021

I ran acme.sh and manually used the 1984 FreeDNS API URL and I got an updated certificate. The dns_1984hosting.sh is able to login, but it does not seem to be able to remove the TXT record. I'm getting a couple of errors:

Error getting zone_id for _acme-challenge.sub.domain.com
Error removing txt for domain:_acme-challenge.sub.domain.com

I think the zone_id failure is from the SOA check failing. When I use https://management.1984hosting.com/domains/soacheck/?zone=sub.domain.com&nameserver=ns0.1984.is., the JSON output I'm getting is: {"serial": null}. However, when I use https://management.1984hosting.com/domains/soacheck/?zone=domain.com&nameserver=ns0.1984.is., the output I get is {"serial": $NUMBER}. I don't think the API likes subdomains. This might be a part of the half-cooked API 1984 tech support warned about.

@DerVerruckteFuchs
Copy link
Contributor

DerVerruckteFuchs commented May 30, 2021

The experimental letsencrypt API is not currently working for me like it did 2-3 months ago. I'm getting an "Oopsy Daisy!" error page. However, a number of JS and CSS files are 404ing for me, so even the error page is a bit broken at the moment. I remember what the error page looked like at one point when everything loaded successfully. I sent 1984 hosting a message about the letsencrypt API asking about what the current status is.

It has been fixed.

@DerVerruckteFuchs
Copy link
Contributor

1984 hosting fixed the HTTP POST issue with the letsencrypt API.

@DerVerruckteFuchs
Copy link
Contributor

I think I've narrowed down the login issue. As would be expected, the issue is found in the _1984hosting_login() function. On line 148, the $url variable is double quoted. As a result, when print debugging the _post() function from acme.sh, the value of $2, as well as the value of $_post_url, do not have the value of $url, but their value is the variable name of $url as a string.
So changing line 148 from:
response="$(_post "username=$username&password=$password&otpkey=" "$url")"

to:
response="$(_post "username=$username&password=$password&otpkey=" $url)"

fixes the login issue. There are some other things that need fixed, namely getting the zone id and properly removing the _acme-challenge TXT record, but at least it can log in again it seems.

@DerVerruckteFuchs
Copy link
Contributor

DerVerruckteFuchs commented May 31, 2021

The --user-agent "$USER_AGENT" curl argument that shows up in the _post() function results in a 403 error for me. After removing it I am finally getting {"ok": true, "loggedin": true} as part of the response.

Edit:
This is a bit strange since it is a part of the acme.sh file. I've been testing with a new bash script on my laptop where acme.sh and dns_1984hosting.sh are mashed together, so not ideal. I'll test a bit more in a proper deployed setting. The fix for the $url issue works in my deployed setting.

@Neilpang
Copy link
Member

Neilpang commented Jun 1, 2021

@DerVerruckteFuchs fixed.

try again with dev branch.

acme.sh  --upgrade -b dev

@DerVerruckteFuchs
Copy link
Contributor

@DerVerruckteFuchs fixed.

try again with dev branch.

acme.sh  --upgrade -b dev

I tried again with the dev branch. Testing cert renewal with the letsencrypt staging server was successful with pfsense. I was not able to renew the production cert as the _acme.challenge TXT record is not getting set, and the HTTP response is the "OOPSIE DAISY!" error page. For whatever reason this is not detected as an error by the dns_1984hosting.sh script. It just continues to check for the _acme.challenge TXT record as if it was set correctly. I can see that I am successfully getting a login cookie, so the problem seems to be right where _acme.challenge is supposed to get set.

@DerVerruckteFuchs
Copy link
Contributor

I think I have narrowed it down in regards to error checking. In dns_1984hosting.sh, the dns_1984hosting_add() function checks if the response contains an <html> tag. The response I am getting contains a <!DOCTYPE html> and <html lang="en"> tags and not a plain <html> tag, so the error response does not get detected. Changing response checking to look for html> instead of <html> properly catches the error response as it covers <!DOCTYPE html>, <html>, and the closing </html> tag cases. The alternative is to check for <!DOCTYPE html>, <html>, and <html lang="en">. Changing the response check to look for a closing </html> tag could potentially work just as good. An alternative method would be to check if the response is HTML instead of JSON.

@DerVerruckteFuchs
Copy link
Contributor

I figured out why the _acme-challenge TXT record was not getting added for domains with subdomains like subdomain.example.com. The issue is at lines 207 and 208 in the _get_root() function. Using https://management.1984hosting.com/domains/soacheck/?zone=subdomain.example.com&nameserver=ns0.1984.is. returns a {"serial": null} JSON response. The if statement on line 208 only checks if serial is contained in the response. This results in _domain getting assigned the value subdomain.example.com and _sub_domain getting assigned _acme-challenge. There is no zone subdomain.example.com as my subdomain is part of the same zone my root domain is in. This results in the attempt to add a DNS record for the nonexistent zone predictably failing. (As an aside, if subdomain.example.com and example.com are separate zones, there is a possibility dns_1984hosting.sh would not fail to issue/renew certs for either zone in its currently broken state.) Changing the if statement to check if the response contains serial and does not contain null results in the while loop continuing until _domain gets assigned the value example.com and _sub_domain gets assigned _acme-challenge.subdomain. The final result is that the _acme-challenge TXT record actually gets set. The fix should also work for subdomains like foo.bar.subdomain.example.com and other URLs with larger/"deeper" subdomain depths where the root domain and subdomain are part of the same zone.

I was able to renew my pfsense cert with my changes. Fix incoming.

@DerVerruckteFuchs
Copy link
Contributor

It seems they have an experimental API. When asking their tech support they provided me with a python-script to used with Dehydrated and the warning "it is hidden, half-cooked and not tested with wildcards". Couldn't actually get the script to work with Dehydrated on OpenWRT, but looking at the code the API should work also with acme.sh:

https://api.1984.is/1.0/freedns/letsencrypt/?apikey=yourapikey&domain=yourdomain&challenge=generatedchallenge

@poVoq do you still have that python-script? The last few commits mostly fixed things, so using the dev branch works again with 1984 hosting. However, I was curious to see If getting the DNS API to work with 1984's letsencrypt API might improve things. At least with an experimental branch until an official release anyway. I have an initial start with an experimental branch here, but it still needs to be able to delete _acme-challenges when validation is finished.

@DerVerruckteFuchs
Copy link
Contributor

dns_1984hosting_rm() is failing to remove _acme-challenge TXT record after validation. I think I've traced it down to dns_1984hosting_rm() failing to get the zone id. The issue has to do with _htmlget() somehow managing to get the HTML for the user nav (the user email dropdown with options for account settings, logout, etc.), instead of the HTML for the domain that has the zone id. The HTML response's first line is the user nav, and a few lines down the zone id and domain are present. Removing _head_n 1 from _htmlget() allows 4-6 lines or so to be part of _response and contain the zone id so it can get parsed. The entry number for the _acme-challenge TXT record is successfully obtained. I tried manually running https://management.1984hosting.com/domains/delentry/entry=$entry_number in the browser, but got an {"ok": false} response. I am not sure if it is just because I tried submitting a POST request from the browser's URL bar, or if there is more going on that needs fixed.

@poVoq
Copy link

poVoq commented Jun 6, 2021

Yes I think I still have it, but other then the line above it just handles some Dehydrated side stuff, so no real point in sharing it (and back then the tech-support asked me not to spread it around too much).

@gzm55
Copy link

gzm55 commented Aug 26, 2021

https://management.1984hosting.com/domains/freednsapi/

@phedoreanu it seems the 1984hosting has supported the dynamic dns api

@phedoreanu
Copy link
Contributor Author

@gzm55 That API only allows A records to be set dynamic.

@gzm55
Copy link

gzm55 commented Aug 26, 2021

@phedoreanu sorry, i missed the A records limit.

@DerVerruckteFuchs
Copy link
Contributor

1984 Hosting has updated their website, which has introduced some breaking changes with the 1984Hosting DNS API. I managed to fix an HTTP header issue that causes the login to fail. It was the sessionid cookie yet again, lol. Fix here: #3697. There is at least one missing HTTP header. This is the HTML response I'm getting when the script tries to POST a new entry for an _acme-challenge TXT record:

original:

<!DOCTYPE html><html lang="en"><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="robots" content="NONE,NOARCHIVE"><title>403 Forbidden</title><style type="text/css">html * { padding:0; margin:0; }body * { padding:10px 20px; }body * * { padding:0; }body { font:small sans-serif; background:#eee; color:#000; }body>div { border-bottom:1px solid #ddd; }h1 { font-weight:normal; margin-bottom:.4em; }h1 span { font-size:60%; color:#666; font-weight:normal; }#info { background:#f6f6f6; }#info ul { margin: 0.5em 4em; }#info p, #summary p { padding-top:10px; }#summary { background: #ffc; }#explanation { background:#eee; border-bottom: 0px none; }</style></head><body><div id="summary"><h1>Forbidden <span>(403)</span></h1><p>CSRF verification failed. Request aborted.</p><p>You are seeing this message because this HTTPS site requires a “Referer header” to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p><p>If you have configured your browser to disable “Referer” headers, please re-enable them, at least for this site, or for HTTPS connections, or for “same-origin” requests.</p><p>If you are using the &lt;meta name=&quot;referrer&quot; content=&quot;no-referrer&quot;&gt; tag or including the “Referrer-Policy: no-referrer” header, please remove them. The CSRF protection requires the “Referer” header to do strict referer checking. If you’re concerned about privacy, use alternatives like &lt;a rel=&quot;noreferrer&quot; …&gt; for links to third-party sites.</p></div><div id="explanation"><p><small>More information is available with DEBUG=True.</small></p></div></body></html>

with more readable formatting:

<!DOCTYPE html>
<html lang="en">
   <head>
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <meta name="robots" content="NONE,NOARCHIVE">
      <title>403 Forbidden</title>
      <style type="text/css">html * { padding:0; margin:0; }body * { padding:10px 20px; }body * * { padding:0; }body { font:small sans-serif; background:#eee; color:#000; }body>div { border-bottom:1px solid #ddd; }h1 { font-weight:normal; margin-bottom:.4em; }h1 span { font-size:60%; color:#666; font-weight:normal; }#info { background:#f6f6f6; }#info ul { margin: 0.5em 4em; }#info p, #summary p { padding-top:10px; }#summary { background: #ffc; }#explanation { background:#eee; border-bottom: 0px none; }</style>
   </head>
   <body>
      <div id="summary">
         <h1>Forbidden <span>(403)</span></h1>
         <p>CSRF verification failed. Request aborted.</p>
         <p>You are seeing this message because this HTTPS site requires a “Referer header” to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p>
         <p>If you have configured your browser to disable “Referer” headers, please re-enable them, at least for this site, or for HTTPS connections, or for “same-origin” requests.</p>
         <p>If you are using the &lt;meta name=&quot;referrer&quot; content=&quot;no-referrer&quot;&gt; tag or including the “Referrer-Policy: no-referrer” header, please remove them. The CSRF protection requires the “Referer” header to do strict referer checking. If you’re concerned about privacy, use alternatives like &lt;a rel=&quot;noreferrer&quot; …&gt; for links to third-party sites.</p>
      </div>
      <div id="explanation">
         <p><small>More information is available with DEBUG=True.</small></p>
      </div>
   </body>
</html>

I made an initial attempt of fixing the CSRF issue by supplying the CSRF token by assigning it to the _H2 header variable and Referer: https://management.1984hosting.com/domains/zone/$zone_number/ to the _H3 header variable. It still failed, but the HTML response changed:

original

<!DOCTYPE html><html lang="en"><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="robots" content="NONE,NOARCHIVE"><title>403 Forbidden</title><style type="text/css">html * { padding:0; margin:0; }body * { padding:10px 20px; }body * * { padding:0; }body { font:small sans-serif; background:#eee; color:#000; }body>div { border-bottom:1px solid #ddd; }h1 { font-weight:normal; margin-bottom:.4em; }h1 span { font-size:60%; color:#666; font-weight:normal; }#info { background:#f6f6f6; }#info ul { margin: 0.5em 4em; }#info p, #summary p { padding-top:10px; }#summary { background: #ffc; }#explanation { background:#eee; border-bottom: 0px none; }</style></head><body><div id="summary"><h1>Forbidden <span>(403)</span></h1><p>CSRF verification failed. Request aborted.</p></div><div id="explanation"><p><small>More information is available with DEBUG=True.</small></p></div></body></html>

more readable formatting:

<!DOCTYPE html>
<html lang="en">
   <head>
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <meta name="robots" content="NONE,NOARCHIVE">
      <title>403 Forbidden</title>
      <style type="text/css">html * { padding:0; margin:0; }body * { padding:10px 20px; }body * * { padding:0; }body { font:small sans-serif; background:#eee; color:#000; }body>div { border-bottom:1px solid #ddd; }h1 { font-weight:normal; margin-bottom:.4em; }h1 span { font-size:60%; color:#666; font-weight:normal; }#info { background:#f6f6f6; }#info ul { margin: 0.5em 4em; }#info p, #summary p { padding-top:10px; }#summary { background: #ffc; }#explanation { background:#eee; border-bottom: 0px none; }</style>
   </head>
   <body>
      <div id="summary">
         <h1>Forbidden <span>(403)</span></h1>
         <p>CSRF verification failed. Request aborted.</p>
      </div>
      <div id="explanation">
         <p><small>More information is available with DEBUG=True.</small></p>
      </div>
   </body>
</html>

The manually created Referer header I provided seems to have done something. I am not sure if there are missing headers still, the referrer URL is not quite right, or if the CSRF token needs to be formatted differently. I searched the error message More information is available with DEBUG=True. and it seems to be a Django error message. I can make new entries on the website just fine. The lack of any info in the error message is a bit bothersome, but might indicate an issue with the CSRF token itself.

@DerVerruckteFuchs
Copy link
Contributor

All necessary fixes were merged from #3697. The 1948Hosting DNS API plugin should work now.

@DerVerruckteFuchs
Copy link
Contributor

I found a new issue today. The 1984Hosting DNS API plugin fails when TOTP is enabled for 1984 Hosting. Disabling TOTP allows the script to work as expected. TOTP is probably applicable to more than a few of the supported hosting providers that it should be part of acme.sh. I am thinking a general _totp() function may be appropriate in the future.

I was browsing through the merge requests, and found that TOTP support was added for synology. It looks like it is pretty simple to add.

@DerVerruckteFuchs
Copy link
Contributor

DerVerruckteFuchs commented Jan 22, 2022

There is a separate issue where removing the TXT record for _acme-challenge.example.tld is failing. I'm going to debug a bit and see if it is a simple fix. 1984 Hosting may have changed their HTML again.

Might just be a timing issue. I've had issues in the past with timing. The TXT record was deleted just fine this time.

@DerVerruckteFuchs
Copy link
Contributor

DerVerruckteFuchs commented Jan 22, 2022

I created a TOTP branch. The code works fine locally on my machine, but the Docker workflow is not working. I managed to set secrets up for generating the OTP, but the otpkey is set to be an empty string even after generation. As far as I am aware, oathtool is not getting installed in the docker image. I'll need to get this sorted before I can make a pull request.

Edit:

It looks like plat.conf from the acmetest repository is responsible for installing packages. Adding oathtool to the list of packages there would be necessary for the TOTP tests to pass for the Docker workflow. The other workflows that I managed to get working were the FreeBSD, MacOS, PebbleStrict, and Ubuntu workflows. However, I'm concerned about the Solaris and Windows workflows. The Oracle Solaris repository does not have oathtool, nor does chocolatey/cygwin for Windows. Building from source may be cumbersome for a GitHub workflow, and I'm not familiar with alternative repositories for Solaris and Windows that would have oathtool. I also don't like the idea of feature support being OS dependent for a cross-platform tool like this. This would also be an issue for TOTP support for other DNS APIs.

@nettybun
Copy link

@DerVerruckteFuchs Thanks for all your work into the 1984 API and posting updates here - very helpful to see what's happening. I've ran into the CSRF issue, same error you've posted:

[Tue 15 Mar 2022 06:43:48 PM PDT] response='<title>403 Forbidden</title><style type="text/css">html * { padding:0; margin:0; }body * { padding:10px 20px; }body * * { padding:0; }body { font:small sans-serif; background:#eee; color:#000; }body>div { border-bottom:1px solid #ddd; }h1 { font-weight:normal; margin-bottom:.4em; }h1 span { font-size:60%; color:#666; font-weight:normal; }#info { background:#f6f6f6; }#info ul { margin: 0.5em 4em; }#info p, #summary p { padding-top:10px; }#summary { background: #ffc; }#explanation { background:#eee; border-bottom: 0px none; }</style>

Forbidden (403)

CSRF verification failed. Request aborted.

You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for “same-origin” requests.

More information is available with DEBUG=True.

'

I love that GitHub renders the HTML lol. I see that my SAVED_One984HOSTING_CSRFTOKEN_COOKIE is blank (empty string), has this error happened to you recently?

@DerVerruckteFuchs
Copy link
Contributor

DerVerruckteFuchs commented Apr 16, 2022

@heyheyhello The appreciation is very welcome!

The CSRF issue you are referring to was fixed some months ago with #3697. Given the date on your error message, I expect your 403/CSRF issue is the same I've been recently experiencing. 1984 Hosting changed their URL from 1984hosting.com to 1984.hosting. From the WHOIS information, 1984.hosting was created on December 23, 2020. The last the record was updated was April 16, 2022. March 26 is when my pfsense box stopped being able to auto-renew its TLS certificate. Checking your error message's date, I expect sometime on, or before, March 15 was about the time that 1984 Hosting switched their primary domain. Their old 1984hosting.com URL redirects to 1984.hosting. This URL change broke the DNS API script and it prevented my pfsense box from renewing its TLS certificate. I have submitted a pull request that fixes this: #4039.

The SAVED_One984HOSTING_CSRFTOKEN_COOKIE will be blank if the login fails. The server provides the CSRF token cookie, along with the sessionid cookie, after a successful login so you do not need to re-login/authenticate yourself every time you want to make changes, navigate to different web pages on the site, etc. The login fails if the script is using the older URL, since that URL is no longer handling logins. As a result, you will not have any cookies to set for either SAVED_One984HOSTING_CSRFTOKEN_COOKIE or SAVED_One984HOSTING_SESSIONID_COOKIE.

@NoXPhasma
Copy link

NoXPhasma commented Apr 21, 2022

I get suddenly a renew error with Curl error 60:

[Do 21. Apr 16:27:46 CEST 2022] ===Starting cron===
[Do 21. Apr 16:27:47 CEST 2022] Already uptodate!
[Do 21. Apr 16:27:47 CEST 2022] Upgrade success!
[Do 21. Apr 16:27:47 CEST 2022] Auto upgraded to: 3.0.3
[Do 21. Apr 16:27:47 CEST 2022] Renew: '<dedacted>'
[Do 21. Apr 16:27:56 CEST 2022] Using CA: https://acme.zerossl.com/v2/DV90
[Do 21. Apr 16:27:56 CEST 2022] Multi domain='DNS:<dedacted>,DNS:*.<dedacted>'
[Do 21. Apr 16:27:56 CEST 2022] Getting domain auth token for each domain
[Do 21. Apr 16:28:33 CEST 2022] Getting webroot for domain='<dedacted>'
[Do 21. Apr 16:28:33 CEST 2022] Getting webroot for domain='*.<dedacted>'
[Do 21. Apr 16:28:34 CEST 2022] Adding txt value: <dedacted> for domain:  _acme-challenge.<dedacted>
[Do 21. Apr 16:28:34 CEST 2022] Add TXT record using 1984Hosting
[Do 21. Apr 16:28:34 CEST 2022] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Do 21. Apr 16:28:34 CEST 2022] 1984Hosting login failed for user <dedacted>. Check /root/.acme.sh/http.header file
[Do 21. Apr 16:28:34 CEST 2022] Error add txt for domain:_acme-challenge.<dedacted>
[Do 21. Apr 16:28:34 CEST 2022] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Do 21. Apr 16:28:49 CEST 2022] Error renew <dedacted>.

edit
Was able to fix it by changing the domain in the dnsapi/dns_1984hosting.sh file inside the acme.sh folder:

sed -i 's/management.1984hosting.com/1984.hosting/' dnsapi/dns_1984hosting.sh

@hruggian
Copy link

Issue

  • Certificate issue fails with 1984hosting DNS Method (fails with no TXT Record)
  • TXT Records are not created (although script says successfull, logs show that reponse was an error). No idea how to fix it though, there is 0 documentation on the 1984hosting site.

Steps to reproduce

  • Use DNS Servers in 1984.hosting
  • PFSense 2.6.0 Running latest ACME package
  • Configure ACME for "publicdomain.tk" & "*.publicdomain.tk" to use 1984.hosting script (I updated to the latest in the repo)
  • Try to issue from GUI
  • Alternatively to run from CMDLine (which I did to get the debug log), run:
  • "setenv One984HOSTING_Password MySecurePass"  
    
  • "setenv One984HOSTING_Username myusername@gmail.com  "
    
  • Run /usr/local/pkg/acme: ./acme.sh --issue --debug 2 --domain 'publicdomain.tk' --dns 'dns_1984hosting' --domain '*.publicdomain.tk' --dns 'dns_1984hosting' --home '/tmp/acme/publicdomain.tk/' --accountconf '/tmp/acme/publicdomain.tk/accountconf.conf' --force --reloadCmd '/tmp/acme/publicdomain.tk/reloadcmd.sh' --dnssleep '120' --log-level 3 --log '/tmp/acme/publicdomain.tk/acme_issuecert.log'

Debug log

[2.6.0-RELEASE][root@myserver.myinternaldomain]/usr/local/pkg/acme: ./acme.sh --issue --debug 2 --domain 'publicdomain.tk' --dns 'dns_1984hosting' --domain '.publicdomain.tk' --dns 'dns_1984hosting' --home '/tmp/acme/publicdomain.tk/' --accountconf '/tmp/acme/publicdomain.tk/accountconf.conf' --force --reloadCmd '/tmp/acme/publicdomain.tk/reloadcmd.sh' --dnssleep '60' --log-level 3 --log '/tmp/acme/publicdomain.tk/acme_issuecert.log'
[Tue Aug 30 08:23:26 UTC 2022] _is_idn_d='publicdomain.tk'
[Tue Aug 30 08:23:26 UTC 2022] _idn_temp
[Tue Aug 30 08:23:26 UTC 2022] _is_idn_d='
.publicdomain.tk'
[Tue Aug 30 08:23:26 UTC 2022] _idn_temp
[Tue Aug 30 08:23:26 UTC 2022] Lets find script dir.
[Tue Aug 30 08:23:26 UTC 2022] SCRIPT='./acme.sh'
[Tue Aug 30 08:23:26 UTC 2022] _script='/usr/local/pkg/acme/acme.sh'
[Tue Aug 30 08:23:26 UTC 2022] _script_home='/usr/local/pkg/acme'
[Tue Aug 30 08:23:26 UTC 2022] Using config home:/tmp/acme/publicdomain.tk/
[Tue Aug 30 08:23:26 UTC 2022] LE_WORKING_DIR='/tmp/acme/publicdomain.tk/'
https://github.com/acmesh-official/acme.sh
v3.0.3
[Tue Aug 30 08:23:26 UTC 2022] Running cmd: issue
[Tue Aug 30 08:23:26 UTC 2022] _main_domain='publicdomain.tk'
[Tue Aug 30 08:23:26 UTC 2022] _alt_domains='.publicdomain.tk'
[Tue Aug 30 08:23:26 UTC 2022] Using config home:/tmp/acme/publicdomain.tk/
[Tue Aug 30 08:23:26 UTC 2022] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Tue Aug 30 08:23:26 UTC 2022] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Tue Aug 30 08:23:26 UTC 2022] _ACME_SERVER_PATH='directory'
[Tue Aug 30 08:23:26 UTC 2022] DOMAIN_PATH='/tmp/acme/publicdomain.tk//publicdomain.tk'
[Tue Aug 30 08:23:26 UTC 2022] 'dns_1984hosting,dns_1984hosting' does not contain 'dns'
[Tue Aug 30 08:23:26 UTC 2022] Le_NextRenewTime
[Tue Aug 30 08:23:26 UTC 2022] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Tue Aug 30 08:23:26 UTC 2022] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Tue Aug 30 08:23:26 UTC 2022] GET
[Tue Aug 30 08:23:26 UTC 2022] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Tue Aug 30 08:23:26 UTC 2022] timeout=
[Tue Aug 30 08:23:26 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.lChv7tX2 '
[Tue Aug 30 08:23:27 UTC 2022] ret='0'
[Tue Aug 30 08:23:27 UTC 2022] response='{
"RwZOG2FoSEg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-aaron-ari/renewalInfo/",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Tue Aug 30 08:23:27 UTC 2022] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Tue Aug 30 08:23:27 UTC 2022] ACME_NEW_AUTHZ
[Tue Aug 30 08:23:27 UTC 2022] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Tue Aug 30 08:23:27 UTC 2022] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Tue Aug 30 08:23:27 UTC 2022] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug 30 08:23:27 UTC 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf'
[Tue Aug 30 08:23:27 UTC 2022] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Aug 30 08:23:27 UTC 2022] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory
[Tue Aug 30 08:23:27 UTC 2022] _on_before_issue
[Tue Aug 30 08:23:27 UTC 2022] _chk_main_domain='publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] _chk_alt_domains='
.publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] 'dns_1984hosting,dns_1984hosting' does not contain 'no'
[Tue Aug 30 08:23:27 UTC 2022] Le_LocalAddress
[Tue Aug 30 08:23:27 UTC 2022] d='publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] Check for domain='publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] _currentRoot='dns_1984hosting'
[Tue Aug 30 08:23:27 UTC 2022] d='.publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] Check for domain='
.publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] _currentRoot='dns_1984hosting'
[Tue Aug 30 08:23:27 UTC 2022] d
[Tue Aug 30 08:23:27 UTC 2022] 'dns_1984hosting,dns_1984hosting' does not contain 'apache'
[Tue Aug 30 08:23:27 UTC 2022] _saved_account_key_hash='Hm1DiAGTY2AusCyKg2NBiZmyo4Teuo4hRG1V6qPT32Q='
[Tue Aug 30 08:23:27 UTC 2022] _saved_account_key_hash is not changed, skip register account.
[Tue Aug 30 08:23:27 UTC 2022] Read key length:2048
[Tue Aug 30 08:23:27 UTC 2022] _createcsr
[Tue Aug 30 08:23:27 UTC 2022] domain='publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] domainlist='.publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] csrkey='/tmp/acme/publicdomain.tk//publicdomain.tk/publicdomain.tk.key'
[Tue Aug 30 08:23:27 UTC 2022] csr='/tmp/acme/publicdomain.tk//publicdomain.tk/publicdomain.tk.csr'
[Tue Aug 30 08:23:27 UTC 2022] csrconf='/tmp/acme/publicdomain.tk//publicdomain.tk/publicdomain.tk.csr.conf'
[Tue Aug 30 08:23:27 UTC 2022] _is_idn_d='
.publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] _idn_temp
[Tue Aug 30 08:23:27 UTC 2022] domainlist='.publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] seg='publicdomain'
[Tue Aug 30 08:23:27 UTC 2022] _is_idn_d='publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] _idn_temp
[Tue Aug 30 08:23:27 UTC 2022] seg='acme.inc'
[Tue Aug 30 08:23:27 UTC 2022] Multi domain='DNS:publicdomain.tk,DNS:
.publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] _is_idn_d='publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] _idn_temp
[Tue Aug 30 08:23:27 UTC 2022] _csr_cn='publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] seg='publicdomain'
[Tue Aug 30 08:23:27 UTC 2022] Getting domain auth token for each domain
[Tue Aug 30 08:23:27 UTC 2022] seg='publicdomain'
[Tue Aug 30 08:23:27 UTC 2022] _is_idn_d='publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] _idn_temp
[Tue Aug 30 08:23:27 UTC 2022] d='.publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] seg='acme.inc'
[Tue Aug 30 08:23:27 UTC 2022] _is_idn_d='
.publicdomain.tk'
[Tue Aug 30 08:23:27 UTC 2022] _idn_temp
[Tue Aug 30 08:23:27 UTC 2022] d
[Tue Aug 30 08:23:27 UTC 2022] _identifiers='{"type":"dns","value":"publicdomain.tk"},{"type":"dns","value":".publicdomain.tk"}'
[Tue Aug 30 08:23:27 UTC 2022] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Tue Aug 30 08:23:27 UTC 2022] payload='{"identifiers": [{"type":"dns","value":"publicdomain.tk"},{"type":"dns","value":"
.publicdomain.tk"}]}'
[Tue Aug 30 08:23:27 UTC 2022] RSA key
[Tue Aug 30 08:23:27 UTC 2022] _URGLY_PRINTF='1'
[Tue Aug 30 08:23:27 UTC 2022] _URGLY_PRINTF='1'
[Tue Aug 30 08:23:28 UTC 2022] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Aug 30 08:23:28 UTC 2022] HEAD
[Tue Aug 30 08:23:28 UTC 2022] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Aug 30 08:23:28 UTC 2022] body
[Tue Aug 30 08:23:28 UTC 2022] _postContentType='application/jose+json'
[Tue Aug 30 08:23:28 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb -I '
[Tue Aug 30 08:23:29 UTC 2022] _ret='0'
[Tue Aug 30 08:23:29 UTC 2022] _headers='HTTP/2 200
server: nginx
date: Tue, 30 Aug 2022 08:23:28 GMT
cache-control: public, max-age=0, no-cache
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: 0002D0OvMMDHBSl-6Xi9wYUhYFXtWhvVyFQjA5_mxu6InQQ
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Tue Aug 30 08:23:29 UTC 2022] _CACHED_NONCE='0002D0OvMMDHBSl-6Xi9wYUhYFXtWhvVyFQjA5_mxu6InQQ'
[Tue Aug 30 08:23:29 UTC 2022] nonce='0002D0OvMMDHBSl-6Xi9wYUhYFXtWhvVyFQjA5_mxu6InQQ'
[Tue Aug 30 08:23:29 UTC 2022] POST
[Tue Aug 30 08:23:29 UTC 2022] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Tue Aug 30 08:23:29 UTC 2022] body='{"protected": "eyJub25jZSI6ICIwMDAyRDBPdk1NREhCU2wtNlhpOXdZVWhZRlh0V2h2VnlGUWpBNV9teHU2SW5RUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjY0Njc0MDMifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InJ1Z2dpYW5vcGhvdG9ncmFwaHkudGsifSx7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IioucnVnZ2lhbm9waG90b2dyYXBoeS50ayJ9XX0", "signature": "huO6c6RVpvYv9WHE9NN_W-vT45FBczP6y630XWXH7PmuDHGWl9f_jgpQC6MTxR_PtR-DGAiSvUb-FfJnurUiixsMBRhH3ccURmq7p8yoDyd0pDaSig1BcwvkSPMtBH516bbjpqA-vP7aftDVWF4Cnj1nw7q7EICsbLbo7Y5hwKexbDWD2lupXepNEes2QTGoOG29zqRr0TbsldH9qwisVaJI7IuwGDggWQlxr4wL-OdkGuxp5no8Dj7Ja-xe3FZoQGWXcmRMMlpIeIVkV_cbRjnjq9kAquS7V8eKHTCLGgJFJ3m9N_UOouExfQXeBEsO1M4PNs5jNeFS8NMFtC72z1cclwJYHeaET9MMkqVaADpPK-y7R1T4luU9lUOczpSOPa9-XOZcDyL9hzSoFRWqM4aqZBcX0p8SbZ-V9rfze5-cAEsxB95Hvi91xkxPvNlLNlf3MhLV8CLns0y86PZ1vPRDpg89YBWhoQmIdZd9wFmPdNNmWEdezAgZZL8lYENqAGVf6_AZN_BwOXC9hXt5R1hkuxk175x_REk2kt45ddwX0WS5zoQXeKliJvFG-vASf-WSMzGWREDFWca70IggI6uECZfCX0qID3koaaFwUio-2Lsz_D-e5M1cnozENjGr-C0EgnxlEEZsSTRHlTsbs0KYLsbgNlw8_cIdNVRut3w"}'
[Tue Aug 30 08:23:29 UTC 2022] _postContentType='application/jose+json'
[Tue Aug 30 08:23:29 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:29 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:29 UTC 2022] _ret='0'
[Tue Aug 30 08:23:29 UTC 2022] responseHeaders='HTTP/2 201
server: nginx
date: Tue, 30 Aug 2022 08:23:29 GMT
content-type: application/json
content-length: 511
boulder-requester: 66467403
cache-control: public, max-age=0, no-cache
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
location: https://acme-staging-v02.api.letsencrypt.org/acme/order/66467403/3852499063
replay-nonce: 00011bK8i6XjcczBN-_K1ZX-K6Q8zx_0R0mX3E0NBls3vqA
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Tue Aug 30 08:23:29 UTC 2022] code='201'
[Tue Aug 30 08:23:29 UTC 2022] original='{
"status": "pending",
"expires": "2022-09-06T08:23:29Z",
"identifiers": [
{
"type": "dns",
"value": ".publicdomain.tk"
},
{
"type": "dns",
"value": "publicdomain.tk"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3481820123",
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3481820133"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/66467403/3852499063"
}'
[Tue Aug 30 08:23:29 UTC 2022] response='{"status":"pending","expires":"2022-09-06T08:23:29Z","identifiers":[{"type":"dns","value":"
.publicdomain.tk"},{"type":"dns","value":"publicdomain.tk"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3481820123","https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3481820133"],"finalize":"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/66467403/3852499063"}'
[Tue Aug 30 08:23:29 UTC 2022] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/66467403/3852499063'
[Tue Aug 30 08:23:29 UTC 2022] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/66467403/3852499063'
[Tue Aug 30 08:23:30 UTC 2022] _authorizations_seg='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3481820123,https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3481820133'
[Tue Aug 30 08:23:30 UTC 2022] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3481820123'
[Tue Aug 30 08:23:30 UTC 2022] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3481820123'
[Tue Aug 30 08:23:30 UTC 2022] payload
[Tue Aug 30 08:23:30 UTC 2022] Use cached jwk for file: /tmp/acme/publicdomain.tk//ca/acme-staging-v02.api.letsencrypt.org/directory/account.key
[Tue Aug 30 08:23:30 UTC 2022] Use _CACHED_NONCE='00011bK8i6XjcczBN-_K1ZX-K6Q8zx_0R0mX3E0NBls3vqA'
[Tue Aug 30 08:23:30 UTC 2022] nonce='00011bK8i6XjcczBN-_K1ZX-K6Q8zx_0R0mX3E0NBls3vqA'
[Tue Aug 30 08:23:30 UTC 2022] POST
[Tue Aug 30 08:23:30 UTC 2022] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3481820123'
[Tue Aug 30 08:23:30 UTC 2022] body='{"protected": "eyJub25jZSI6ICIwMDAxMWJLOGk2WGpjY3pCTi1fSzFaWC1LNlE4enhfMFIwbVgzRTBOQmxzM3ZxQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zNDgxODIwMTIzIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzY2NDY3NDAzIn0", "payload": "", "signature": "tsFBUjkm147BzJ7aEDaxlF5Aq1KG8SSXyioQ1DpUzdRE92Fogi-BBBIP7VCMPf1s6pMLyOye5Xox80l9XMVuJ5-2YCt8ahnYnIw8kwoL-HCR0VAGl38OK3KTZ0zdRfUSEzKHixYaF2K44KyvLZZwVILgWsomI-kZw66ORc8DL6g-HIm1r_T1MGGMN0KVm1g4Sgy4YcaqaLlZPb_cV60xoFA57PRLVIMnWcG_cT_pTycyKJqIN2e64KPcOkI8QbGhlOTQDcNBdXG-Bh0hs64TN7g6jr4lBHaBY6OfV-NassRlxWDNbjGjPRVxwutVz0tPW9Hk5ZJdWdIu8YpQgR2yaoLmeJRUlrdxoVjGg_IyOu-FZdUQdYIgDOZd59h27odkilERxbZnSexFaUVXWNV6Wm9c3qWoBisRJQJ-UrrSmkhIzSDY_2fgxwGgUqLW0wN_5zIob-9A4vzeXw_SeHUWdA2uKWUC3GRUJ5z1lpjKXWiR2Ttrw9OqLVK8FUxnRMPQGYFfFBxArXYgkqEaBdKntitg_SHGs2_TE3ll1NxZuBHl6aZEHxc4s3Ws2-cItQe5jsuKJyMRsWSrXrpWYgCnROSHWm3nVC6Wzv5k__InSB7J4bPMQHvOky4s66PIu9PF3UbYgykzhhjyeCIa73EU3VEV7dhEhqI5sRykdnHTnaw"}'
[Tue Aug 30 08:23:30 UTC 2022] _postContentType='application/jose+json'
[Tue Aug 30 08:23:30 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:30 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:31 UTC 2022] _ret='0'
[Tue Aug 30 08:23:31 UTC 2022] responseHeaders='HTTP/2 200
server: nginx
date: Tue, 30 Aug 2022 08:23:31 GMT
content-type: application/json
content-length: 402
boulder-requester: 66467403
cache-control: public, max-age=0, no-cache
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: 00029mKO7-Ih-sAA39_4Khyu1F8k-1teArTlMtBKonDGBAc
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Tue Aug 30 08:23:31 UTC 2022] code='200'
[Tue Aug 30 08:23:31 UTC 2022] original='{
"identifier": {
"type": "dns",
"value": "publicdomain.tk"
},
"status": "pending",
"expires": "2022-09-06T08:23:29Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820123/tiHs-g",
"token": "y1csnt0yVyV38r7cfs8I_Dw7-RpdxlOJkovDKwDsoe8"
}
],
"wildcard": true
}'
[Tue Aug 30 08:23:31 UTC 2022] response='{"identifier":{"type":"dns","value":"publicdomain.tk"},"status":"pending","expires":"2022-09-06T08:23:29Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820123/tiHs-g","token":"y1csnt0yVyV38r7cfs8I_Dw7-RpdxlOJkovDKwDsoe8"}],"wildcard": true}'
[Tue Aug 30 08:23:31 UTC 2022] response='{"identifier":{"type":"dns","value":"publicdomain.tk"},"status":"pending","expires":"2022-09-06T08:23:29Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820123/tiHs-g","token":"y1csnt0yVyV38r7cfs8I_Dw7-RpdxlOJkovDKwDsoe8"}],"wildcard": true}'
[Tue Aug 30 08:23:31 UTC 2022] _d='.publicdomain.tk'
[Tue Aug 30 08:23:31 UTC 2022] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3481820133'
[Tue Aug 30 08:23:31 UTC 2022] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3481820133'
[Tue Aug 30 08:23:31 UTC 2022] payload
[Tue Aug 30 08:23:31 UTC 2022] Use cached jwk for file: /tmp/acme/publicdomain.tk//ca/acme-staging-v02.api.letsencrypt.org/directory/account.key
[Tue Aug 30 08:23:31 UTC 2022] Use _CACHED_NONCE='00029mKO7-Ih-sAA39_4Khyu1F8k-1teArTlMtBKonDGBAc'
[Tue Aug 30 08:23:31 UTC 2022] nonce='00029mKO7-Ih-sAA39_4Khyu1F8k-1teArTlMtBKonDGBAc'
[Tue Aug 30 08:23:31 UTC 2022] POST
[Tue Aug 30 08:23:31 UTC 2022] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3481820133'
[Tue Aug 30 08:23:31 UTC 2022] body='{"protected": "eyJub25jZSI6ICIwMDAyOW1LTzctSWgtc0FBMzlfNEtoeXUxRjhrLTF0ZUFyVGxNdEJLb25ER0JBYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zNDgxODIwMTMzIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzY2NDY3NDAzIn0", "payload": "", "signature": "FZIuBa7m1u6QeBzXabzblE09WY_QvSqH2RzyP0sx9LGm04YwhAYywcgKiFfp22aNrzs7zQIHPkJ-0_ZRzDvyB9E4k6l3j264PC5ALqg03WcGMegO-ubzG9Vcb6TbESMCIGKNp7cqSGnZv7j5q1HpISgsqcphXaubpujPlCvio5AqqO6ERSBuZO5C1QTWosjzBbtlSM1LdMr7oTYSqKvHm6_uUfjqzxJUbPaEEaofOLkJopiuugei6Z2ou9m8rL7f9y7uazOLZQmL1IprXk3jICtR9FNkpzWfyImja93IbPa3DqEvvP58DTTnbUxdTk2SM5nyIbKSxvFDewqXLsjz2E0b4zIhtcfuhvwXmJEtzcUZPn_JuKLY79DhDCIPXoEvEWKBV-4u-9FWhU4hr_oJcIQqVhygOYHuJgX1eoyNX2o503kzgwtgDbiXEcXgOzIihKUCUdfkAYuaS-fTmPw8J5JIXL-oqHa4yut1lFN2sUin_VxE42YovJ1rz2dtPbfCcJuctq68vnuuUOTb56xNFepaJgZAXPZEx0agWkLSooswvwCA8Ic_7jv4Zt7FWXqALyq-AqCEpHt-cdtzjCXPerRBi3jXJNRoM9zTFyvBuUnpHuCmx3xawmUy4uEQHUxK_roVS315nKWFFReWzS1Pj0kVQXeJnYx0j_oaGdUyxxc"}'
[Tue Aug 30 08:23:31 UTC 2022] _postContentType='application/jose+json'
[Tue Aug 30 08:23:31 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:31 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:32 UTC 2022] _ret='0'
[Tue Aug 30 08:23:32 UTC 2022] responseHeaders='HTTP/2 200
server: nginx
date: Tue, 30 Aug 2022 08:23:32 GMT
content-type: application/json
content-length: 824
boulder-requester: 66467403
cache-control: public, max-age=0, no-cache
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: 0002ChHMpF_EjNEOcVZUfjrA6komYLaPnDBcq3hzuPTJjBI
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Tue Aug 30 08:23:32 UTC 2022] code='200'
[Tue Aug 30 08:23:32 UTC 2022] original='{
"identifier": {
"type": "dns",
"value": "publicdomain.tk"
},
"status": "pending",
"expires": "2022-09-06T08:23:29Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/tIQ98w",
"token": "xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/EkEA5Q",
"token": "xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/TMcYtg",
"token": "xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"
}
]
}'
[Tue Aug 30 08:23:32 UTC 2022] response='{"identifier":{"type":"dns","value":"publicdomain.tk"},"status":"pending","expires":"2022-09-06T08:23:29Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/tIQ98w","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/EkEA5Q","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/TMcYtg","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"}]}'
[Tue Aug 30 08:23:32 UTC 2022] response='{"identifier":{"type":"dns","value":"publicdomain.tk"},"status":"pending","expires":"2022-09-06T08:23:29Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/tIQ98w","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/EkEA5Q","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/TMcYtg","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"}]}'
[Tue Aug 30 08:23:32 UTC 2022] _d='publicdomain.tk'
[Tue Aug 30 08:23:32 UTC 2022] _authorizations_map='publicdomain.tk,{"identifier":{"type":"dns","value":"publicdomain.tk"},"status":"pending","expires":"2022-09-06T08:23:29Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/tIQ98w","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/EkEA5Q","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/TMcYtg","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"}]}
.publicdomain.tk,{"identifier":{"type":"dns","value":"publicdomain.tk"},"status":"pending","expires":"2022-09-06T08:23:29Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820123/tiHs-g","token":"y1csnt0yVyV38r7cfs8I_Dw7-RpdxlOJkovDKwDsoe8"}],"wildcard": true}
'
[Tue Aug 30 08:23:32 UTC 2022] d='publicdomain.tk'
[Tue Aug 30 08:23:32 UTC 2022] Getting webroot for domain='publicdomain.tk'
[Tue Aug 30 08:23:32 UTC 2022] _w='dns_1984hosting'
[Tue Aug 30 08:23:32 UTC 2022] _currentRoot='dns_1984hosting'
[Tue Aug 30 08:23:32 UTC 2022] _is_idn_d='publicdomain.tk'
[Tue Aug 30 08:23:33 UTC 2022] _idn_temp
[Tue Aug 30 08:23:33 UTC 2022] _candidates='publicdomain.tk,{"identifier":{"type":"dns","value":"publicdomain.tk"},"status":"pending","expires":"2022-09-06T08:23:29Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/tIQ98w","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/EkEA5Q","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/TMcYtg","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"}]}'
[Tue Aug 30 08:23:33 UTC 2022] response='{"identifier":{"type":"dns","value":"publicdomain.tk"},"status":"pending","expires":"2022-09-06T08:23:29Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/tIQ98w","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/EkEA5Q","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/TMcYtg","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"}]}'
[Tue Aug 30 08:23:33 UTC 2022] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/EkEA5Q","token":"xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE"'
[Tue Aug 30 08:23:33 UTC 2022] token='xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE'
[Tue Aug 30 08:23:33 UTC 2022] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/EkEA5Q'
[Tue Aug 30 08:23:33 UTC 2022] keyauthorization='xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE.Bph-17CzqIU3k10i4mjQfvp14QCX1O36rtGZMGcJvZI'
[Tue Aug 30 08:23:33 UTC 2022] dvlist='publicdomain.tk#xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE.Bph-17CzqIU3k10i4mjQfvp14QCX1O36rtGZMGcJvZI#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/EkEA5Q#dns-01#dns_1984hosting'
[Tue Aug 30 08:23:33 UTC 2022] d='
.publicdomain.tk'
[Tue Aug 30 08:23:33 UTC 2022] Getting webroot for domain='
.publicdomain.tk'
[Tue Aug 30 08:23:33 UTC 2022] _w='dns_1984hosting'
[Tue Aug 30 08:23:33 UTC 2022] _currentRoot='dns_1984hosting'
[Tue Aug 30 08:23:33 UTC 2022] _is_idn_d='.publicdomain.tk'
[Tue Aug 30 08:23:33 UTC 2022] _idn_temp
[Tue Aug 30 08:23:33 UTC 2022] _candidates='
.publicdomain.tk,{"identifier":{"type":"dns","value":"publicdomain.tk"},"status":"pending","expires":"2022-09-06T08:23:29Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820123/tiHs-g","token":"y1csnt0yVyV38r7cfs8I_Dw7-RpdxlOJkovDKwDsoe8"}],"wildcard": true}'
[Tue Aug 30 08:23:33 UTC 2022] response='{"identifier":{"type":"dns","value":"publicdomain.tk"},"status":"pending","expires":"2022-09-06T08:23:29Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820123/tiHs-g","token":"y1csnt0yVyV38r7cfs8I_Dw7-RpdxlOJkovDKwDsoe8"}],"wildcard": true}'
[Tue Aug 30 08:23:33 UTC 2022] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820123/tiHs-g","token":"y1csnt0yVyV38r7cfs8I_Dw7-RpdxlOJkovDKwDsoe8"'
[Tue Aug 30 08:23:33 UTC 2022] token='y1csnt0yVyV38r7cfs8I_Dw7-RpdxlOJkovDKwDsoe8'
[Tue Aug 30 08:23:33 UTC 2022] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820123/tiHs-g'
[Tue Aug 30 08:23:33 UTC 2022] keyauthorization='y1csnt0yVyV38r7cfs8I_Dw7-RpdxlOJkovDKwDsoe8.Bph-17CzqIU3k10i4mjQfvp14QCX1O36rtGZMGcJvZI'
[Tue Aug 30 08:23:33 UTC 2022] dvlist='*.publicdomain.tk#y1csnt0yVyV38r7cfs8I_Dw7-RpdxlOJkovDKwDsoe8.Bph-17CzqIU3k10i4mjQfvp14QCX1O36rtGZMGcJvZI#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820123/tiHs-g#dns-01#dns_1984hosting'
[Tue Aug 30 08:23:33 UTC 2022] d
[Tue Aug 30 08:23:33 UTC 2022] vlist='publicdomain.tk#xCcn4xwAflbY7OHj1Olilxt5heMLYVR5AYzTD7txwlE.Bph-17CzqIU3k10i4mjQfvp14QCX1O36rtGZMGcJvZI#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820133/EkEA5Q#dns-01#dns_1984hosting,*.publicdomain.tk#y1csnt0yVyV38r7cfs8I_Dw7-RpdxlOJkovDKwDsoe8.Bph-17CzqIU3k10i4mjQfvp14QCX1O36rtGZMGcJvZI#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3481820123/tiHs-g#dns-01#dns_1984hosting,'
[Tue Aug 30 08:23:33 UTC 2022] d='publicdomain.tk'
[Tue Aug 30 08:23:33 UTC 2022] _d_alias
[Tue Aug 30 08:23:33 UTC 2022] txtdomain='_acme-challenge.publicdomain.tk'
[Tue Aug 30 08:23:33 UTC 2022] txt='ElZghGsH17gw_iJymMN_96B0quUj8WkWizXu-HFLbno'
[Tue Aug 30 08:23:33 UTC 2022] d_api='/usr/local/pkg/acme/dnsapi/dns_1984hosting.sh'
[Tue Aug 30 08:23:33 UTC 2022] dns_entry='publicdomain.tk,_acme-challenge.publicdomain.tk,,dns_1984hosting,ElZghGsH17gw_iJymMN_96B0quUj8WkWizXu-HFLbno,/usr/local/pkg/acme/dnsapi/dns_1984hosting.sh'
[Tue Aug 30 08:23:33 UTC 2022] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_1984hosting.sh
[Tue Aug 30 08:23:33 UTC 2022] Adding txt value: ElZghGsH17gw_iJymMN_96B0quUj8WkWizXu-HFLbno for domain: _acme-challenge.publicdomain.tk
[Tue Aug 30 08:23:33 UTC 2022] Add TXT record using 1984Hosting
[Tue Aug 30 08:23:33 UTC 2022] fulldomain='_acme-challenge.publicdomain.tk'
[Tue Aug 30 08:23:33 UTC 2022] txtvalue='ElZghGsH17gw_iJymMN_96B0quUj8WkWizXu-HFLbno'
[Tue Aug 30 08:23:33 UTC 2022] GET
[Tue Aug 30 08:23:33 UTC 2022] url='https://1984.hosting/accounts/loginstatus/'
[Tue Aug 30 08:23:33 UTC 2022] timeout=
[Tue Aug 30 08:23:33 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:33 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:34 UTC 2022] ret='0'
[Tue Aug 30 08:23:34 UTC 2022] _response='{"ok": true}'
[Tue Aug 30 08:23:34 UTC 2022] Cached cookies no longer valid
[Tue Aug 30 08:23:34 UTC 2022] Login to 1984Hosting as user My1984UserName@gmail.com
[Tue Aug 30 08:23:34 UTC 2022] POST
[Tue Aug 30 08:23:34 UTC 2022] _post_url='https://1984.hosting/accounts/checkuserauth/'
[Tue Aug 30 08:23:34 UTC 2022] body='username=My1984UserName%40gmail.com&password=MySecurePass%21&otpkey='
[Tue Aug 30 08:23:34 UTC 2022] _postContentType
[Tue Aug 30 08:23:34 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:34 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:36 UTC 2022] _ret='0'
[Tue Aug 30 08:23:36 UTC 2022] response='{"ok": true, "loggedin": true}'
[Tue Aug 30 08:23:36 UTC 2022] First detect the root zone
[Tue Aug 30 08:23:36 UTC 2022] GET
[Tue Aug 30 08:23:36 UTC 2022] url='https://1984.hosting/domains/soacheck/?zone=_acme-challenge.publicdomain.tk&nameserver=ns0.1984.is.'
[Tue Aug 30 08:23:36 UTC 2022] timeout=
[Tue Aug 30 08:23:36 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:36 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:37 UTC 2022] ret='0'
[Tue Aug 30 08:23:37 UTC 2022] _response='{"serial": 2022083019}'
[Tue Aug 30 08:23:37 UTC 2022] _sub_domain='_acme-challenge'
[Tue Aug 30 08:23:37 UTC 2022] _domain='_acme-challenge.publicdomain.tk'
[Tue Aug 30 08:23:37 UTC 2022] Add TXT record _acme-challenge.publicdomain.tk with value 'ElZghGsH17gw_iJymMN_96B0quUj8WkWizXu-HFLbno'
[Tue Aug 30 08:23:37 UTC 2022] postdata='entry=new&type=TXT&ttl=900&zone=_acme-challenge.publicdomain.tk&host=_acme-challenge&rdata=%22ElZghGsH17gw_iJymMN_96B0quUj8WkWizXu-HFLbno%22'
[Tue Aug 30 08:23:37 UTC 2022] GET
[Tue Aug 30 08:23:37 UTC 2022] url='https://1984.hosting/domains'
[Tue Aug 30 08:23:37 UTC 2022] timeout=
[Tue Aug 30 08:23:37 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:37 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:39 UTC 2022] ret='0'
[Tue Aug 30 08:23:39 UTC 2022] _response
[Tue Aug 30 08:23:39 UTC 2022] _zone_id
[Tue Aug 30 08:23:39 UTC 2022] Error getting _zone_id for _acme-challenge.publicdomain.tk
[Tue Aug 30 08:23:39 UTC 2022] POST
[Tue Aug 30 08:23:39 UTC 2022] _post_url='https://1984.hosting/domains/entry/'
[Tue Aug 30 08:23:39 UTC 2022] body='entry=new&type=TXT&ttl=900&zone=_acme-challenge.publicdomain.tk&host=_acme-challenge&rdata=%22ElZghGsH17gw_iJymMN_96B0quUj8WkWizXu-HFLbno%22'
[Tue Aug 30 08:23:39 UTC 2022] _postContentType
[Tue Aug 30 08:23:39 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:39 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:40 UTC 2022] _ret='0'
[Tue Aug 30 08:23:40 UTC 2022] response='{"ok": false, "error":"The domain does not exist or does not belong to you!"}'
[Tue Aug 30 08:23:40 UTC 2022] Added acme challenge TXT record for _acme-challenge.publicdomain.tk at 1984Hosting
[Tue Aug 30 08:23:40 UTC 2022] The txt record is added: Success.
[Tue Aug 30 08:23:40 UTC 2022] publicdomain.tk,_acme-challenge.publicdomain.tk,,dns_1984hosting,ElZghGsH17gw_iJymMN_96B0quUj8WkWizXu-HFLbno,/usr/local/pkg/acme/dnsapi/dns_1984hosting.sh

[Tue Aug 30 08:23:40 UTC 2022] d='*.publicdomain.tk'
[Tue Aug 30 08:23:40 UTC 2022] _d_alias
[Tue Aug 30 08:23:40 UTC 2022] txtdomain='_acme-challenge.publicdomain.tk'
[Tue Aug 30 08:23:40 UTC 2022] txt='U6v3xysCiDcUTmgZC72D_kktBCX1U-kqh64vdg13AFM'
[Tue Aug 30 08:23:40 UTC 2022] d_api='/usr/local/pkg/acme/dnsapi/dns_1984hosting.sh'
[Tue Aug 30 08:23:40 UTC 2022] dns_entry='publicdomain.tk,_acme-challenge.publicdomain.tk,,dns_1984hosting,U6v3xysCiDcUTmgZC72D_kktBCX1U-kqh64vdg13AFM,/usr/local/pkg/acme/dnsapi/dns_1984hosting.sh'
[Tue Aug 30 08:23:40 UTC 2022] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_1984hosting.sh
[Tue Aug 30 08:23:40 UTC 2022] Adding txt value: U6v3xysCiDcUTmgZC72D_kktBCX1U-kqh64vdg13AFM for domain: _acme-challenge.publicdomain.tk
[Tue Aug 30 08:23:40 UTC 2022] Add TXT record using 1984Hosting
[Tue Aug 30 08:23:40 UTC 2022] fulldomain='_acme-challenge.publicdomain.tk'
[Tue Aug 30 08:23:40 UTC 2022] txtvalue='U6v3xysCiDcUTmgZC72D_kktBCX1U-kqh64vdg13AFM'
[Tue Aug 30 08:23:40 UTC 2022] GET
[Tue Aug 30 08:23:40 UTC 2022] url='https://1984.hosting/accounts/loginstatus/'
[Tue Aug 30 08:23:40 UTC 2022] timeout=
[Tue Aug 30 08:23:40 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:40 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:42 UTC 2022] ret='0'
[Tue Aug 30 08:23:42 UTC 2022] _response='{"ok": true}'
[Tue Aug 30 08:23:42 UTC 2022] Cached cookies no longer valid
[Tue Aug 30 08:23:42 UTC 2022] Login to 1984Hosting as user My1984UserName@gmail.com
[Tue Aug 30 08:23:42 UTC 2022] POST
[Tue Aug 30 08:23:42 UTC 2022] _post_url='https://1984.hosting/accounts/checkuserauth/'
[Tue Aug 30 08:23:42 UTC 2022] body='username=My1984UserName%40gmail.com&password=MySecurePass%21&otpkey='
[Tue Aug 30 08:23:42 UTC 2022] _postContentType
[Tue Aug 30 08:23:42 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:42 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:43 UTC 2022] _ret='0'
[Tue Aug 30 08:23:43 UTC 2022] response='{"ok": true, "loggedin": true}'
[Tue Aug 30 08:23:43 UTC 2022] First detect the root zone
[Tue Aug 30 08:23:43 UTC 2022] GET
[Tue Aug 30 08:23:43 UTC 2022] url='https://1984.hosting/domains/soacheck/?zone=_acme-challenge.publicdomain.tk&nameserver=ns0.1984.is.'
[Tue Aug 30 08:23:43 UTC 2022] timeout=
[Tue Aug 30 08:23:43 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:43 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:44 UTC 2022] ret='0'
[Tue Aug 30 08:23:44 UTC 2022] _response='{"serial": 2022083019}'
[Tue Aug 30 08:23:44 UTC 2022] _sub_domain='_acme-challenge'
[Tue Aug 30 08:23:44 UTC 2022] _domain='_acme-challenge.publicdomain.tk'
[Tue Aug 30 08:23:44 UTC 2022] Add TXT record _acme-challenge.publicdomain.tk with value 'U6v3xysCiDcUTmgZC72D_kktBCX1U-kqh64vdg13AFM'
[Tue Aug 30 08:23:44 UTC 2022] postdata='entry=new&type=TXT&ttl=900&zone=_acme-challenge.publicdomain.tk&host=_acme-challenge&rdata=%22U6v3xysCiDcUTmgZC72D_kktBCX1U-kqh64vdg13AFM%22'
[Tue Aug 30 08:23:44 UTC 2022] GET
[Tue Aug 30 08:23:44 UTC 2022] url='https://1984.hosting/domains'
[Tue Aug 30 08:23:44 UTC 2022] timeout=
[Tue Aug 30 08:23:44 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:44 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:46 UTC 2022] ret='0'
[Tue Aug 30 08:23:46 UTC 2022] _response
[Tue Aug 30 08:23:46 UTC 2022] _zone_id
[Tue Aug 30 08:23:46 UTC 2022] Error getting _zone_id for _acme-challenge.publicdomain.tk
[Tue Aug 30 08:23:46 UTC 2022] POST
[Tue Aug 30 08:23:46 UTC 2022] _post_url='https://1984.hosting/domains/entry/'
[Tue Aug 30 08:23:46 UTC 2022] body='entry=new&type=TXT&ttl=900&zone=_acme-challenge.publicdomain.tk&host=_acme-challenge&rdata=%22U6v3xysCiDcUTmgZC72D_kktBCX1U-kqh64vdg13AFM%22'
[Tue Aug 30 08:23:46 UTC 2022] _postContentType
[Tue Aug 30 08:23:46 UTC 2022] Http already initialized.
[Tue Aug 30 08:23:46 UTC 2022] _CURL='curl --silent --dump-header /tmp/acme/publicdomain.tk//http.header -L --trace-ascii /tmp/tmp.gHqK0vJb '
[Tue Aug 30 08:23:48 UTC 2022] _ret='0'
[Tue Aug 30 08:23:48 UTC 2022] response='{"ok": false, "error":"The domain does not exist or does not belong to you!"}'
[Tue Aug 30 08:23:48 UTC 2022] Added acme challenge TXT record for _acme-challenge.publicdomain.tk at 1984Hosting
[Tue Aug 30 08:23:48 UTC 2022] The txt record is added: Success.
[Tue Aug 30 08:23:48 UTC 2022] publicdomain.tk,_acme-challenge.publicdomain.tk,,dns_1984hosting,ElZghGsH17gw_iJymMN_96B0quUj8WkWizXu-HFLbno,/usr/local/pkg/acme/dnsapi/dns_1984hosting.sh
publicdomain.tk,_acme-challenge.publicdomain.tk,,dns_1984hosting,U6v3xysCiDcUTmgZC72D_kktBCX1U-kqh64vdg13AFM,/usr/local/pkg/acme/dnsapi/dns_1984hosting.sh

[Tue Aug 30 08:23:48 UTC 2022] Sleep 60 seconds for the txt records to take effect
[Tue Aug 30 08:24:49 UTC 2022] ok, let's start to verify
[Tue Aug 30 08:24:49 UTC 2022] Verifying: publicdomain.tk

---- removed the verify part as its irrelevant, until txt record creation is fixed.

@hruggian
Copy link

If anyone is interested, i just fixed this, used fiddler to check the manual creation and basically this is the issue:

  • The dns_1984hosting_add() function in the script is missing the priority field on the post section, here is what it looks like now and works perfect:

    postdata="entry=new"
    postdata="$postdata&zone=$_domain"
    postdata="$postdata&type=TXT"
    postdata="$postdata&host=$_sub_domain"
    postdata="$postdata&ttl=900"
    #Priority was missing, added next line
    postdata="$postdata&priority=10"
    postdata="$postdata&rdata=%22$value%22"
    _debug2 postdata "$postdata"

maybe someone wants to update the script on the repo?

iuliandita pushed a commit to iuliandita/acme.sh that referenced this issue Sep 8, 2022
iuliandita pushed a commit to iuliandita/acme.sh that referenced this issue Sep 8, 2022
@NoXPhasma
Copy link

Renewing fails suddenly for me.

[Di 18. Okt 00:58:52 CEST 2022] di='/root/.acme.sh/<redacted>/'
[Di 18. Okt 00:58:52 CEST 2022] d='<redacted>'
[Di 18. Okt 00:58:52 CEST 2022] _renewServer
[Di 18. Okt 00:58:52 CEST 2022] Using config home:/root/.acme.sh
[Di 18. Okt 00:58:52 CEST 2022] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Di 18. Okt 00:58:52 CEST 2022] DOMAIN_PATH='/root/.acme.sh/<redacted>'
[Di 18. Okt 00:58:52 CEST 2022] Renew: '<redacted>'
[Di 18. Okt 00:58:52 CEST 2022] Le_API='https://acme.zerossl.com/v2/DV90'
[Di 18. Okt 00:58:52 CEST 2022] Renew to Le_API=https://acme.zerossl.com/v2/DV90
[Di 18. Okt 00:58:52 CEST 2022] Using config home:/root/.acme.sh
[Di 18. Okt 00:58:52 CEST 2022] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Di 18. Okt 00:58:52 CEST 2022] _main_domain='<redacted>'
[Di 18. Okt 00:58:52 CEST 2022] _alt_domains='*.<redacted>'
[Di 18. Okt 00:58:52 CEST 2022] Le_NextRenewTime='1665959745'
[Di 18. Okt 00:58:52 CEST 2022] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Di 18. Okt 00:58:52 CEST 2022] _init api for server: https://acme.zerossl.com/v2/DV90
[Di 18. Okt 00:58:52 CEST 2022] GET
[Di 18. Okt 00:58:52 CEST 2022] url='https://acme.zerossl.com/v2/DV90'
[Di 18. Okt 00:58:52 CEST 2022] timeout=
[Di 18. Okt 00:58:52 CEST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Di 18. Okt 00:58:53 CEST 2022] ret='0'
[Di 18. Okt 00:58:53 CEST 2022] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Di 18. Okt 00:58:53 CEST 2022] ACME_NEW_AUTHZ
[Di 18. Okt 00:58:53 CEST 2022] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Di 18. Okt 00:58:53 CEST 2022] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Di 18. Okt 00:58:53 CEST 2022] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Di 18. Okt 00:58:53 CEST 2022] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20221001_Certificate_Subscriber_Agreement_v_2_5_click.pdf'
[Di 18. Okt 00:58:53 CEST 2022] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Di 18. Okt 00:58:53 CEST 2022] Using CA: https://acme.zerossl.com/v2/DV90
[Di 18. Okt 00:58:53 CEST 2022] _on_before_issue
[Di 18. Okt 00:58:53 CEST 2022] _chk_main_domain='<redacted>'
[Di 18. Okt 00:58:53 CEST 2022] _chk_alt_domains='*.<redacted>'
[Di 18. Okt 00:58:53 CEST 2022] Le_LocalAddress
[Di 18. Okt 00:58:53 CEST 2022] d='<redacted>'
[Di 18. Okt 00:58:53 CEST 2022] Check for domain='<redacted>'
[Di 18. Okt 00:58:53 CEST 2022] _currentRoot='dns_1984hosting'
[Di 18. Okt 00:58:53 CEST 2022] d='*.<redacted>'
[Di 18. Okt 00:58:53 CEST 2022] Check for domain='*.<redacted>'
[Di 18. Okt 00:58:53 CEST 2022] _currentRoot='dns_1984hosting'
[Di 18. Okt 00:58:53 CEST 2022] d
[Di 18. Okt 00:58:53 CEST 2022] _saved_account_key_hash is not changed, skip register account.
[Di 18. Okt 00:58:53 CEST 2022] Read key length:2048
[Di 18. Okt 00:58:53 CEST 2022] _createcsr
[Di 18. Okt 00:58:53 CEST 2022] Multi domain='DNS:<redacted>,DNS:*.<redacted>'
[Di 18. Okt 00:58:53 CEST 2022] Getting domain auth token for each domain
[Di 18. Okt 00:58:53 CEST 2022] d='*.<redacted>'
[Di 18. Okt 00:58:53 CEST 2022] d
[Di 18. Okt 00:58:54 CEST 2022] url='https://acme.zerossl.com/v2/DV90/newOrder'
[Di 18. Okt 00:58:54 CEST 2022] payload='{"identifiers": [{"type":"dns","value":"<redacted>"},{"type":"dns","value":"*.<redacted>"}]}'
[Di 18. Okt 00:58:54 CEST 2022] RSA key
[Di 18. Okt 00:58:54 CEST 2022] HEAD
[Di 18. Okt 00:58:54 CEST 2022] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
[Di 18. Okt 00:58:54 CEST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -I  '
[Di 18. Okt 00:58:55 CEST 2022] _ret='0'
[Di 18. Okt 00:58:55 CEST 2022] POST
[Di 18. Okt 00:58:55 CEST 2022] _post_url='https://acme.zerossl.com/v2/DV90/newOrder'
[Di 18. Okt 00:58:55 CEST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Di 18. Okt 00:58:57 CEST 2022] _ret='0'
[Di 18. Okt 00:58:57 CEST 2022] code='201'
[Di 18. Okt 00:58:57 CEST 2022] Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/ekY3lfw5dB8EVyKKQyOAKA'
[Di 18. Okt 00:58:57 CEST 2022] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/ekY3lfw5dB8EVyKKQyOAKA/finalize'
[Di 18. Okt 00:58:57 CEST 2022] url='https://acme.zerossl.com/v2/DV90/authz/D1oKZ9vzTrnzqXSgpE5iCw'
[Di 18. Okt 00:58:57 CEST 2022] payload
[Di 18. Okt 00:58:57 CEST 2022] POST
[Di 18. Okt 00:58:57 CEST 2022] _post_url='https://acme.zerossl.com/v2/DV90/authz/D1oKZ9vzTrnzqXSgpE5iCw'
[Di 18. Okt 00:58:57 CEST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Di 18. Okt 00:58:58 CEST 2022] _ret='0'
[Di 18. Okt 00:58:58 CEST 2022] code='200'
[Di 18. Okt 00:58:58 CEST 2022] url='https://acme.zerossl.com/v2/DV90/authz/vOsoT2AfoKcRPoBNWd2Uqw'
[Di 18. Okt 00:58:58 CEST 2022] payload
[Di 18. Okt 00:58:59 CEST 2022] POST
[Di 18. Okt 00:58:59 CEST 2022] _post_url='https://acme.zerossl.com/v2/DV90/authz/vOsoT2AfoKcRPoBNWd2Uqw'
[Di 18. Okt 00:58:59 CEST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Di 18. Okt 00:59:00 CEST 2022] _ret='0'
[Di 18. Okt 00:59:00 CEST 2022] code='200'
[Di 18. Okt 00:59:00 CEST 2022] d='<redacted>'
[Di 18. Okt 00:59:00 CEST 2022] Getting webroot for domain='<redacted>'
[Di 18. Okt 00:59:00 CEST 2022] _w='dns_1984hosting'
[Di 18. Okt 00:59:00 CEST 2022] _currentRoot='dns_1984hosting'
[Di 18. Okt 00:59:00 CEST 2022] entry='"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/a1wjaIT8oij1u4jHtTIv6w","status":"pending","token":"redacted"'
[Di 18. Okt 00:59:00 CEST 2022] token='redacted'
[Di 18. Okt 00:59:00 CEST 2022] uri='https://acme.zerossl.com/v2/DV90/chall/a1wjaIT8oij1u4jHtTIv6w'
[Di 18. Okt 00:59:00 CEST 2022] keyauthorization='redacted'
[Di 18. Okt 00:59:00 CEST 2022] dvlist='redacted'
[Di 18. Okt 00:59:00 CEST 2022] d='*.<redacted>'
[Di 18. Okt 00:59:00 CEST 2022] Getting webroot for domain='*.<redacted>'
[Di 18. Okt 00:59:00 CEST 2022] _w='dns_1984hosting'
[Di 18. Okt 00:59:00 CEST 2022] _currentRoot='dns_1984hosting'
[Di 18. Okt 00:59:00 CEST 2022] entry='"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/cKhMhX9ZIDGTeTzfoPjAmw","status":"pending","token":"redacted"'
[Di 18. Okt 00:59:00 CEST 2022] token='redacted'
[Di 18. Okt 00:59:00 CEST 2022] uri='https://acme.zerossl.com/v2/DV90/chall/cKhMhX9ZIDGTeTzfoPjAmw'
[Di 18. Okt 00:59:00 CEST 2022] keyauthorization='redacted'
[Di 18. Okt 00:59:00 CEST 2022] dvlist='redacted'
[Di 18. Okt 00:59:00 CEST 2022] d
[Di 18. Okt 00:59:00 CEST 2022] vlist='redacted'
[Di 18. Okt 00:59:00 CEST 2022] d='<redacted>'
[Di 18. Okt 00:59:00 CEST 2022] _d_alias
[Di 18. Okt 00:59:00 CEST 2022] txtdomain='_acme-challenge.<redacted>'
[Di 18. Okt 00:59:00 CEST 2022] txt='<redacted>'
[Di 18. Okt 00:59:00 CEST 2022] d_api='/root/.acme.sh/dnsapi/dns_1984hosting.sh'
[Di 18. Okt 00:59:00 CEST 2022] Found domain api file: /root/.acme.sh/dnsapi/dns_1984hosting.sh
[Di 18. Okt 00:59:00 CEST 2022] Adding txt value: <redacted> for domain:  _acme-challenge.<redacted>
[Di 18. Okt 00:59:00 CEST 2022] Add TXT record using 1984Hosting
[Di 18. Okt 00:59:00 CEST 2022] fulldomain='_acme-challenge.<redacted>'
[Di 18. Okt 00:59:00 CEST 2022] txtvalue='<redacted>'
[Di 18. Okt 00:59:00 CEST 2022] No cached cookie(s) found
[Di 18. Okt 00:59:00 CEST 2022] Login to 1984Hosting as user <redacted>
[Di 18. Okt 00:59:00 CEST 2022] POST
[Di 18. Okt 00:59:00 CEST 2022] _post_url='https://1984.hosting/accounts/checkuserauth/'
[Di 18. Okt 00:59:00 CEST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Di 18. Okt 00:59:01 CEST 2022] _ret='0'
[Di 18. Okt 00:59:01 CEST 2022] 1984Hosting login failed for user <redacted>. Check /root/.acme.sh/http.header file
[Di 18. Okt 00:59:01 CEST 2022] Error add txt for domain:_acme-challenge.<redacted>
[Di 18. Okt 00:59:01 CEST 2022] _on_issue_err
[Di 18. Okt 00:59:01 CEST 2022] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Di 18. Okt 00:59:01 CEST 2022] url='https://acme.zerossl.com/v2/DV90/chall/a1wjaIT8oij1u4jHtTIv6w'
[Di 18. Okt 00:59:01 CEST 2022] payload='{}'
[Di 18. Okt 00:59:01 CEST 2022] POST
[Di 18. Okt 00:59:01 CEST 2022] _post_url='https://acme.zerossl.com/v2/DV90/chall/a1wjaIT8oij1u4jHtTIv6w'
[Di 18. Okt 00:59:01 CEST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Di 18. Okt 00:59:02 CEST 2022] _ret='0'
[Di 18. Okt 00:59:02 CEST 2022] code='200'
[Di 18. Okt 00:59:02 CEST 2022] url='https://acme.zerossl.com/v2/DV90/chall/cKhMhX9ZIDGTeTzfoPjAmw'
[Di 18. Okt 00:59:02 CEST 2022] payload='{}'
[Di 18. Okt 00:59:03 CEST 2022] POST
[Di 18. Okt 00:59:03 CEST 2022] _post_url='https://acme.zerossl.com/v2/DV90/chall/cKhMhX9ZIDGTeTzfoPjAmw'
[Di 18. Okt 00:59:03 CEST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Di 18. Okt 00:59:06 CEST 2022] _ret='0'
[Di 18. Okt 00:59:06 CEST 2022] code='200'
[Di 18. Okt 00:59:06 CEST 2022] pid
[Di 18. Okt 00:59:06 CEST 2022] No need to restore nginx, skip.
[Di 18. Okt 00:59:06 CEST 2022] _clearupdns
[Di 18. Okt 00:59:06 CEST 2022] dns_entries
[Di 18. Okt 00:59:06 CEST 2022] skip dns.
[Di 18. Okt 00:59:06 CEST 2022] Return code: 1
[Di 18. Okt 00:59:06 CEST 2022] Error renew <redacted>.

@jonaudunn
Copy link

I'm still getting a login error for the 1984 dns. When I try the post using CURL I always get a CSRF token error. Is there any way to fix this?

@phedoreanu
Copy link
Contributor Author

@jonaudunn you were right, CSRF token was missing from the login request. Fixed in #4412.

@xatr0z
Copy link

xatr0z commented Dec 10, 2022

@jonaudunn you were right, CSRF token was missing from the login request. Fixed in #4412.

As a new user I can't get it to work. Even when trying your new dns_1984hosting.sh from #4412 :

[Sat Dec 10 11:12:26 UTC 2022] GET
[Sat Dec 10 11:12:26 UTC 2022] url='https://1984.hosting/accounts/login/'
[Sat Dec 10 11:12:26 UTC 2022] timeout=
[Sat Dec 10 11:12:26 UTC 2022] _CURL='curl --silent --dump-header /home/ubuntu/.acme.sh/http.header  -L '
[Sat Dec 10 11:12:26 UTC 2022] ret='0'
[Sat Dec 10 11:12:26 UTC 2022] csrf_token: 'XXXXXXXXXXXXXXXXXXXXXXXXXX'
[Sat Dec 10 11:12:26 UTC 2022] POST
[Sat Dec 10 11:12:26 UTC 2022] _post_url='https://management.1984hosting.com/accounts/checkuserauth/'
[Sat Dec 10 11:12:26 UTC 2022] _CURL='curl --silent --dump-header /home/ubuntu/.acme.sh/http.header  -L '
[Sat Dec 10 11:12:27 UTC 2022] _ret='0'
[Sat Dec 10 11:12:27 UTC 2022] 1984Hosting login failed for user XX@XXX.XX. Check /home/ubuntu/.acme.sh/http.header file
[Sat Dec 10 11:12:27 UTC 2022] Error add txt for domain:XXXXXXXXXX
[Sat Dec 10 11:12:27 UTC 2022] _on_issue_err
[Sat Dec 10 11:12:27 UTC 2022] Please add '--debug' or '--log' to check more details.
[Sat Dec 10 11:12:27 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

After some own troubleshooting (changing curl --silent to curl -v in acme.sh), it looks like the session ID isnt sent to /accounts/checkuserauth/, only the CSRF token. Could that be the reason?

* Connection #0 to host management.1984hosting.com left intact
* Issue another request to this URL: 'https://1984.hosting/accounts/checkuserauth/'
* Switch from POST to GET
*   Trying 93.95.226.19:443...
* Connected to 1984.hosting (93.95.226.19) port 443 (#1)

*snip*

> POST /accounts/checkuserauth/ HTTP/2
> Host: 1984.hosting
> user-agent: acme.sh/3.0.5 (https://github.com/acmesh-official/acme.sh)
> accept: */*
> x-csrftoken: XXXXXXXXX
>

*snip* 

< HTTP/2 403
< server: nginx
< date: Sat, 10 Dec 2022 11:09:53 GMT
< content-type: text/html
< content-length: 1382
< vary: Accept-Language, Cookie
< content-language: en
< set-cookie: sessionid=XXXXXXXXXXXX; expires=Sat, 10 Dec 2022 11:39:53 GMT; HttpOnly; Max-Age=1800; Path=/; SameSite=Lax
<
{ [1382 bytes data]
100  1382  100  1382    0     0   3233      0 --:--:-- --:--:-- --:--:--  7351
* Connection #1 to host 1984.hosting left intact
[Sat Dec 10 11:09:53 UTC 2022] _ret='0'
[Sat Dec 10 11:09:53 UTC 2022] 1984Hosting login failed for user XXXXXXXXXXXX. Check /home/ubuntu/.acme.sh/http.header file

@phedoreanu
Copy link
Contributor Author

Pushed a fix for the sessionid.

@xatr0z
Copy link

xatr0z commented Dec 20, 2022

Pushed a fix for the sessionid.

Thanks, I can confirm this works!
For other readers: because pull request is still open, had to replace dns_1984hosting.sh with https://raw.githubusercontent.com/acmesh-official/acme.sh/d0a519bf51e2f0335411760602b6efec17f3e3cc/dnsapi/dns_1984hosting.sh

@5im-0n
Copy link

5im-0n commented Mar 8, 2023

It seems they have an experimental API. When asking their tech support they provided me with a python-script to used with Dehydrated and the warning "it is hidden, half-cooked and not tested with wildcards". Couldn't actually get the script to work with Dehydrated on OpenWRT, but looking at the code the API should work also with acme.sh:

https://api.1984.is/1.0/freedns/letsencrypt/?apikey=yourapikey&domain=yourdomain&challenge=generatedchallenge

I created a dns_1984hosting.sh for acme.sh that uses this api here: https://github.com/S2-/acme.sh/blob/master/dnsapi/dns_1984hosting.sh

I works. The only downside is that the TXT record does not get removed because there is no api on 1984hosting for that, so once the domain was authenticated, the TXT record has to be removed manually (or left there, it does no harm).

@NoXPhasma
Copy link

NoXPhasma commented Apr 29, 2023

@5im-0n There is an issue with your code. It adds the entry two times if one uses a wildcard cert and by that has a Le_Domain and Le_Alt entry. First for the domain.tld and then again for the *.domain.tld. Both are different, but zerossl expects the first, it should only add one challenge for the domain first, not for the alt right away. This will overwrite the challenge and it fails.

@palijn
Copy link

palijn commented Apr 21, 2024

2 issues , one unresolved, can you please help ?

  1. apparently the priority section has still not been added to the script. So, it fails with Error getting _zone_id for _acme-challenge. .
    I manually changed the script as per the comment above, and it works…

But :

  1. I am asking for wildcard cert on multiple domains , i.e arguments like -d "*.domain1.com" -d "*.domain2.com" -d "*.domain3.com" .
    All zones are managed in 1984 under the same account.
    The TXT is properly added for the 1st zone, then all other zones fail with the same Error getting _zone_id for _acme-challenge. .
    Afterwards, trying to change the order of the arguments triggers a new The domain key is here: message for the now-first domain, but unfortunately the TXT record is still not added with the same Error getting _zone_id for _acme-challenge. .

Any help appreciated !

@phedoreanu
Copy link
Contributor Author

Are you testing with the latest version from #5057 ?

@palijn
Copy link

palijn commented Apr 22, 2024

Are you testing with the latest version from #5057 ?

Great ! This one works perfectly 👍 Thanks a lot !!! 🥇

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3rd party api report bugs to dns api, deploy hooks and notification hooks
Projects
None yet
Development

No branches or pull requests