Added new 'dns' provider script for https://dns.services

[bbruun]

This dns provider script is for the Danish DNS hosting provider DNS.Services (https://dns.services).

The script have been developed on Unbuntu 20.04 and tested for single domain, multiple domain and wildcard certificate issuing in --test, --staging and production.

Usage example

# First run or certificate issue needs the DNS.Services username and password to be
# exported as environment variables, this is done using the `export` command:
export DnsServices_Username=user@example.com
export DnsServices_Password=SomeGoodPassword

# Issue for example.com and www.example.com
acme.sh --issue -d example.com -d www.example.com --dns  dns_dnsservices

# Issue wildcard
acme.sh --issue -d example.com -d *.example.com --dns dns_dnsservices

[sorenjacobjensen]

I have made a few simple certificate requests, which worked fine for me.

NB: I am co-owner of DNS.services

[bbruun]

During the testing period in the "DNS API Test" page I found that it failed with the shfmt and shellcheck - I've fixed these so it is POSIX compliant.

I found that the rundocker.sh script has an error in line 411 due to "==" vs "=" usage causing issues for me which shfmt should show as well:

diff --git a/rundocker.sh b/rundocker.sh
index 58e14c7a9..b798be827 100755
--- a/rundocker.sh
+++ b/rundocker.sh
@@ -411,7 +411,7 @@ testplat() {
       if [ "$_rret" != "0" ] ; then
         _info "Failed: $plat"
         _FAILED_PLATS="$_FAILED_PLATS$plat "
-        if [ "$TRAVIS" = "true" ] || [ "$GITHUB_ACTIONS" == "true" ]; then
+        if [ "$TRAVIS" = "true" ] || [ "$GITHUB_ACTIONS" = "true" ]; then
           return "$_rret"
         fi
       fi

The solaris test failes wtih CPU microcode issues and just loops. Here is output from action workflow "Solaris" build:

WARNING: cpu0: failed to update microcode from version 0x19 to 0x1f
SunOS Release 5.11 Version 11.4.0.15.0 64-bit
Copyright (c) 1983, 2018, Oracle and/or its affiliates. All rights reserved.
|
Checking, please wait....
/usr/bin/sudo vboxmanage controlvm sol-11_4-vbox screenshotpng /Users/runner/work/_actions/vmactions/solaris-vm/v0.0.5/screen.png
/usr/bin/sudo chmod 666 /Users/runner/work/_actions/vmactions/solaris-vm/v0.0.5/screen.png
/usr/local/bin/pytesseract /Users/runner/work/_actions/vmactions/solaris-vm/v0.0.5/screen.png
WARNING: cpu0: failed to update microcode from version 0x19 to 0x1f
SunOS Release 5.11 Version 11.4.0.15.0 64-bit
Copyright (c) 1983, 2018, Oracle and/or its affiliates. All rights reserved.
|

Anyhows, now that shellcheck, shfmt and the build actions for the DNS.yml all pass then the PR is ready for merge.

[Neilpang]

please check this guide:
https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide

[bbruun]

I tried updating the wiki but get a rendering error and

I've tried to revert my change, but same error. So I've added it again as https://dillinger.io/ renders the full wiki markdown page just fine and I hope it is GitHub's backend that isn't rendering.

Perhaps it has just grown to big over time and needs to be split up?

[Neilpang]

No, just copy and add your segment to the page.

[bbruun]

I tried - I think it is something to do with the backticks because when I used 4 spaces to the code blocks for export and examples then it renders just fine.

It has been added now.

[Neilpang]

[bbruun]

@Neilpang is there anything I'm missing here for the pull request to be complete?

• plugin has been tested
• code passes all build actions
• there is a issue open for the dnsapi plugin

[Neilpang]

I just added more tests. please clieck the re-run button to run your DNS tests again.

[bbruun]

The "docker" action stage fails as there seems to be something wrong with Acme staging, or how it revokes certificates - it issues certs just fine but the script fails with code='1' but the revoke returns with x-frame-otions: DENY and but on a HTTP 200 code...

[Tue Jul  5 07:39:48 UTC 2022] Http already initialized.
[Tue Jul  5 07:39:48 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Tue Jul  5 07:39:48 UTC 2022] _ret='0'
[Tue Jul  5 07:39:48 UTC 2022] responseHeaders='HTTP/2 200 
server: nginx
date: Tue, 05 Jul 2022 07:39:48 GMT
content-length: 0
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0002ZyCMw3thoxwl4UvGUuR9zkI_Y2gAT6c8JaeUztCFVY8
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Tue Jul  5 07:39:48 UTC 2022] code='200'
[Tue Jul  5 07:39:48 UTC 2022] original
[Tue Jul  5 07:39:48 UTC 2022] response
[Tue Jul  5 07:39:48 UTC 2022] Revoke success.
[Tue Jul  5 07:39:48 UTC 2022] Lets find script dir.
[Tue Jul  5 07:39:48 UTC 2022] _SCRIPT_='./letest.sh'
[Tue Jul  5 07:39:48 UTC 2022] _script='/acmetest/letest.sh'
[Tue Jul  5 07:39:48 UTC 2022] _script_home='/acmetest'
[Tue Jul  5 07:39:48 UTC 2022] Using default home:/root/.acme.sh
[Tue Jul  5 07:39:48 UTC 2022] Using config home:/root/.acme.sh
[Tue Jul  5 07:39:48 UTC 2022] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Tue Jul  5 07:39:48 UTC 2022] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Tue Jul  5 07:39:48 UTC 2022] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Tue Jul  5 07:39:48 UTC 2022] _ACME_SERVER_PATH='directory'
Run Failed
_deactivateDomains='***'
_r='1'
------------------------------------------
[Tue Jul  5 07:39:48 UTC 2022] code='1'
ubuntu:latest [FAIL]

Is this normal @Neilpang ?

[bbruun]

@Neilpang I've tried again... it failed again. It looks like I have to wait for acmetest to be fixed https://github.com/acmesh-official/acmetest as it is failing on all docker image actions at the moment.

[bbruun]

@Neilpang I've tried again.... the actions for dockeris failing, but it is very difficult to read the output as it is happening while the apt-get update && apt-get upgrade are running (and failing).

I'm gonna try to test the acmetest setup tonight to see what it actually does and figure out why it fails as it worked before you did/made your changes last week (and even though the build tests for acmetest are all green today)..

This is where it fails using --server ""

api='***'
Testing wildcard domain. 
TestingDomain='***'
/root/.acme.sh/acme.sh --server ""  --issue -d "***" -d "*.***" --dns *** --dnssleep "***"  [PASS]
/root/.acme.sh/***/***.cer is cert ? '***' '(STAGING) Artificial Apricot R3' [PASS]
/root/.acme.sh/***/ca.cer is cert ? '(STAGING) Artificial Apricot R3' [PASS]
/root/.acme.sh/acme.sh --deactivate -d "***" >/dev/null 2>&1 [PASS]
/root/.acme.sh/acme.sh --revoke -d *** [PASS]
[Wed Jul  6 10:13:46 UTC 2022] Lets find script dir.
[Wed Jul  6 10:13:46 UTC 2022] _SCRIPT_='./letest.sh'
[Wed Jul  6 10:13:46 UTC 2022] _script='/acmetest/letest.sh'
[Wed Jul  6 10:13:46 UTC 2022] _script_home='/acmetest'
[Wed Jul  6 10:13:46 UTC 2022] Using default home:/root/.acme.sh
[Wed Jul  6 10:13:46 UTC 2022] Using config home:/root/.acme.sh
[Wed Jul  6 10:13:46 UTC 2022] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Jul  6 10:13:46 UTC 2022] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
https://github.com/acmesh-official/acme.sh
v3.0.5
Usage: acme.sh <command> ... [parameters ...]
Commands:
  -h, --help               Show this help message.
  -v, --version            Show version info.


<snip>


./letest.sh: 1: eval: ***_add: not found
Run Failed
_deactivateDomains='***'
_r='1'
_rr='1'
_ret='1'

After that it continues with the wildcard certificate test using the dns plugin and that works just fine and issues certificates using the dns plugin (dns_dnsservices). But when it revokes the issued certificate if fails even though the acme service responds with HTTP 200

[Wed Jul  6 10:13:40 UTC 2022] Deactivate: dns-01 success.
[Wed Jul  6 10:13:40 UTC 2022] 1
[Wed Jul  6 10:13:40 UTC 2022] Deactivated success!
[Wed Jul  6 10:13:45 UTC 2022] _is_idn_d='***'
[Wed Jul  6 10:13:45 UTC 2022] _idn_temp
[Wed Jul  6 10:13:45 UTC 2022] Lets find script dir.
[Wed Jul  6 10:13:45 UTC 2022] _SCRIPT_='/root/.acme.sh/acme.sh'
[Wed Jul  6 10:13:45 UTC 2022] _script='/root/.acme.sh/acme.sh'
[Wed Jul  6 10:13:45 UTC 2022] _script_home='/root/.acme.sh'
[Wed Jul  6 10:13:45 UTC 2022] Using default home:/root/.acme.sh
[Wed Jul  6 10:13:45 UTC 2022] Using config home:/root/.acme.sh
[Wed Jul  6 10:13:45 UTC 2022] LE_WORKING_DIR='/root/.acme.sh'
[Wed Jul  6 10:13:45 UTC 2022] Running cmd: revoke
[Wed Jul  6 10:13:45 UTC 2022] Using config home:/root/.acme.sh


<snip>


Wed Jul  6 10:13:46 UTC 2022] code='200'
[Wed Jul  6 10:13:46 UTC 2022] original
[Wed Jul  6 10:13:46 UTC 2022] response
[Wed Jul  6 10:13:46 UTC 2022] Revoke success.
[Wed Jul  6 10:13:46 UTC 2022] Lets find script dir.
[Wed Jul  6 10:13:46 UTC 2022] _SCRIPT_='./letest.sh'
[Wed Jul  6 10:13:46 UTC 2022] _script='/acmetest/letest.sh'
[Wed Jul  6 10:13:46 UTC 2022] _script_home='/acmetest'
[Wed Jul  6 10:13:46 UTC 2022] Using default home:/root/.acme.sh
[Wed Jul  6 10:13:46 UTC 2022] Using config home:/root/.acme.sh
[Wed Jul  6 10:13:46 UTC 2022] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Jul  6 10:13:46 UTC 2022] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed Jul  6 10:13:46 UTC 2022] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Wed Jul  6 10:13:46 UTC 2022] _ACME_SERVER_PATH='directory'
Run Failed
_deactivateDomains='***'
_r='1'
------------------------------------------
[Wed Jul  6 10:13:46 UTC 2022] code='1'

[Neilpang]

please rerun the tests again.

[bbruun]

@Neilpang I've tried re-running the actions - it still fails.

I'm at home now and I'm testing using TEST_LOCAL=1 on acmetest.

It is quit difficult to debug...
The letest.sh script fails at multiple different places, like random, but mostly after getting a HTTP/2 400 response from the ACME service, but also

• during the "revoke" period as seen in above comments
• during the "Testing wildcard domain" part where it seems it has thrown out the source of the dnsapi/${api} plugin aka the it can no longer find the "${api}_add" function that the script has just used to create and remove TXT records in my DNS which issues certificates just find
• and also in the sub-function where it tries to create the sub domain "acmetestXyzRandomName" where it again seems to have lost the "${api}_add" function (extraces below)

They are all different errors happening at different stages/times - this is both happening in github action(s) when I re-run or update the pull request with a new commit like earlier today but also in my local acmetest using TEST_LOCAL=1.

Do you have any advice on how to do a proper test? Eg with a mock of the ACME service so I can disregard these unless you think the HTTP2/ 400 response is cause from the letest.sh script it self because of lost variables like the _add function it looses (not the value of the ${api} variable, but the

I've changed my domain and plugin to "****" like the output from the github actions

Failure due to "HTTP/2 400"

[Wed Jul  6 19:31:26 CEST 2022] responseHeaders='HTTP/2 400 
server: nginx
date: Wed, 06 Jul 2022 17:31:26 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 59873384
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0002IzzdAYI39GeTmg2DUe0ulCPlCLjba2oqP_ZDC_XNyF0
'
[Wed Jul  6 19:31:26 CEST 2022] code='400'
[Wed Jul  6 19:31:26 CEST 2022] original='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[Wed Jul  6 19:31:26 CEST 2022] response='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[Wed Jul  6 19:31:26 CEST 2022] Trigger domain validation.
[Wed Jul  6 19:31:26 CEST 2022] _t_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2921584674/18xglQ'
[Wed Jul  6 19:31:26 CEST 2022] _t_key_authz='verified_ok'
[Wed Jul  6 19:31:26 CEST 2022] _t_vtype
[Wed Jul  6 19:31:26 CEST 2022] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2921584674/18xglQ'
[Wed Jul  6 19:31:26 CEST 2022] payload='{}'
[Wed Jul  6 19:31:26 CEST 2022] Use cached jwk for file: /home/devaccount/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/directory/account.key
[Wed Jul  6 19:31:26 CEST 2022] Use _CACHED_NONCE='0002IzzdAYI39GeTmg2DUe0ulCPlCLjba2oqP_ZDC_XNyF0'
[Wed Jul  6 19:31:26 CEST 2022] nonce='0002IzzdAYI39GeTmg2DUe0ulCPlCLjba2oqP_ZDC_XNyF0'
[Wed Jul  6 19:31:26 CEST 2022] POST
[Wed Jul  6 19:31:26 CEST 2022] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2921584674/18xglQ'
[Wed Jul  6 19:31:26 CEST 2022] body='{"protected": "eyJub25jZSI6ICIwMDAySXp6ZEFZSTM5R2VUbWcyRFVlMHVsQ1BsQ0xqYmEyb3FQX1pEQ19YTnlGMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yOTIxNTg0Njc0LzE4eGdsUSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81OTg3MzM4NCJ9", "payload": "e30", "signature": "s21VZzmsAUXEVOWxWui0ejbD09sJhUTDJJyiJK2jWYu5LnoqeDQzM5-FGXVLIj1FA_RDqFvUt7uzrzcENxs_9hGoW6Nmk3IRabh2x6LRBVtmiRt-AgODrgAmXAw4j5txksyS_t_3Dhl-IyK74gbTqS8eLzEG5wK4fa4YqjB_uY05IbUlEbkT_Ebn-eB0jbnGxT-cVmG1AKPCaWcDoJcm6kc7OtNihN8-gH-yYfYFu9O4uHGuoEPX0aHTAk0gnXB_5BAhvAZ3tk44O2dgJY7MBorShijdkrTdrLnpAw0yOm4nmoMRZQCzcuPP_LkhxwjSAGHb__v_sooynSnnsuAiEA"}'
[Wed Jul  6 19:31:26 CEST 2022] _postContentType='application/jose+json'
[Wed Jul  6 19:31:27 CEST 2022] Http already initialized.
[Wed Jul  6 19:31:27 CEST 2022] _CURL='curl --silent --dump-header /home/devaccount/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.6SvlrENBFf  -g '
[Wed Jul  6 19:31:27 CEST 2022] _ret='0'
[Wed Jul  6 19:31:27 CEST 2022] responseHeaders='HTTP/2 200 
server: nginx
date: Wed, 06 Jul 2022 17:31:27 GMT
content-type: application/json
content-length: 317
boulder-requester: 59873384
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2921584674>;rel="up"
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2921584674/18xglQ
replay-nonce: 0002mHf82YSMlNMcioqEF9R8bWGW3fA_0Xfrn0XAZonehXs
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Wed Jul  6 19:31:27 CEST 2022] code='200'
[Wed Jul  6 19:31:27 CEST 2022] original='{
  "type": "dns-01",
  "status": "valid",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2921584674/18xglQ",
  "token": "x7rAmuOdFvhvdRmB2cbftnHXX5vuCUKaLxKyexThm6Y",
  "validationRecord": [
    {
      "hostname": "github-test.****"
    }
  ],
  "validated": "2022-07-06T17:12:24Z"
}'
[Wed Jul  6 19:31:27 CEST 2022] response='{"type":"dns-01","status":"valid","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2921584674/18xglQ","token":"x7rAmuOdFvhvdRmB2cbftnHXX5vuCUKaLxKyexThm6Y","validationRecord":[{"hostname":"github-test.****"}],"validated":"2022-07-06T17:12:24Z"}'
[Wed Jul  6 19:31:27 CEST 2022] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.1f  31 Mar 2020
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.3 on Oct 26 2019 17:42:04
   running on Linux version #137-Ubuntu SMP Wed Jun 15 13:33:07 UTC 2022, release 5.4.0-121-generic, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/
Run Failed
_deactivateDomains='github-test.****'
_r='1'
------------------------------------------
------------------------------------------
_rr='1'
_ret='1'

Failure due to missing "_add" function where it worked in the run before:

api='****'
Testing wildcard domain. 
Testing wildcard domain. 
TestingDomain='github-test.****'
TestingDomain='github-test.****'
/home/devaccount/.acme.sh/acme.sh --server ""  --issue -d "github-test.****" -d "*.github-test.****" --dns **** --dnssleep "30" /home/devaccount/.acme.sh/acme.sh --server ""  --issue -d "github-test.****" -d "*.github-test.****" --dns **** --dnssleep "30"  [PASS]
 [PASS]
/home/devaccount/.acme.sh/github-test.****/github-test.****.cer is cert ? /home/devaccount/.acme.sh/github-test.****/github-test.****.cer is cert ? 'github-test.****''github-test.****' '(STAGING) Artificial Apricot R3' '(STAGING) Artificial Apricot R3' [PASS] [PASS]

/home/devaccount/.acme.sh/github-test.****/ca.cer is cert ? /home/devaccount/.acme.sh/github-test.****/ca.cer is cert ? '(STAGING) Artificial Apricot R3''(STAGING) Artificial Apricot R3' [PASS] [PASS]

/home/devaccount/.acme.sh/acme.sh --deactivate -d "github-test.****" >/dev/null 2>&1/home/devaccount/.acme.sh/acme.sh --deactivate -d "github-test.****" >/dev/null 2>&1 [PASS]
 [PASS]
/home/devaccount/.acme.sh/acme.sh --revoke -d github-test.****/home/devaccount/.acme.sh/acme.sh --revoke -d github-test.**** [PASS]
 [PASS]
****_add acmetestXyzRandomName.github-test.**** acmeTestTxtRecord****_add acmetestXyzRandomName.github-test.**** acmeTestTxtRecord [FAIL] 
./letest.sh: 1: eval: ****_add: not found
Run Failed
_deactivateDomains='github-test.****'
_r='1'
------------------------------------------
------------------------------------------
_rr='1'
_ret='1'

Failure due to missing "_add" function in the assertcmd for "acmetestXyzRandomName.$TestingDomain"

I've 'ed out most of the acme.sh help it writes when run with incomplete commands, as if the ${api} value has been reset/lost at some point.

api='****'
Testing wildcard domain. 
Testing wildcard domain. 
TestingDomain='github-test.****'
TestingDomain='github-test.****'
/home/devaccount/.acme.sh/acme.sh --server ""  --issue -d "github-test.****" -d "*.github-test.****" --dns **** --dnssleep "30" /home/devaccount/.acme.sh/acme.sh --server ""  --issue -d "github-test.****" -d "*.github-test.****" --dns **** --dnssleep "30"  [PASS]
 [PASS]
/home/devaccount/.acme.sh/github-test.****/github-test.****.cer is cert ? /home/devaccount/.acme.sh/github-test.****/github-test.****.cer is cert ? 'github-test.****''github-test.****' '(STAGING) Artificial Apricot R3' '(STAGING) Artificial Apricot R3' [PASS] [PASS]

/home/devaccount/.acme.sh/github-test.****/ca.cer is cert ? /home/devaccount/.acme.sh/github-test.****/ca.cer is cert ? '(STAGING) Artificial Apricot R3''(STAGING) Artificial Apricot R3' [PASS]
 [PASS]
/home/devaccount/.acme.sh/acme.sh --deactivate -d "github-test.****" >/dev/null 2>&1/home/devaccount/.acme.sh/acme.sh --deactivate -d "github-test.****" >/dev/null 2>&1 [PASS]
 [PASS]
/home/devaccount/.acme.sh/acme.sh --revoke -d github-test.****/home/devaccount/.acme.sh/acme.sh --revoke -d github-test.**** [PASS]
 [PASS]
[Wed Jul  6 19:35:25 CEST 2022] Lets find script dir.
[Wed Jul  6 19:35:25 CEST 2022] _SCRIPT_='./letest.sh'
[Wed Jul  6 19:35:25 CEST 2022] _script='/home/devaccount/git/acmetest/letest.sh'
[Wed Jul  6 19:35:25 CEST 2022] _script_home='/home/devaccount/git/acmetest'
[Wed Jul  6 19:35:25 CEST 2022] Using default home:/home/devaccount/.acme.sh
[Wed Jul  6 19:35:25 CEST 2022] Using config home:/home/devaccount/.acme.sh
[Wed Jul  6 19:35:25 CEST 2022] [Wed Jul  6 19:35:25 CEST 2022] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Jul  6 19:35:25 CEST 2022] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed Jul  6 19:35:25 CEST 2022] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Wed Jul  6 19:35:25 CEST 2022] _ACME_SERVER_PATH='directory'
https://github.com/acmesh-official/acme.sh
v3.0.5
https://github.com/acmesh-official/acme.sh
v3.0.5
Usage: acme.sh <command> ... [parameters ...]
Commands:
  -h, --help               Show this help message.
  -v, --version            Show version info.
<snip>


Parameters:
  -d, --domain <domain.tld>         Specifies a domain, used to issue, renew or revoke etc.
  --challenge-alias <domain.tld>    The challenge domain alias for DNS alias mode.
                                    See: https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode

  --domain-alias <domain.tld>       The domain alias for DNS alias mode.
                                    See: https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode

  --preferred-chain <chain>         If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject 

<snip>

Parameters:
  -d, --domain <domain.tld>         Specifies a domain, used to issue, renew or revoke etc.
  --challenge-alias <domain.tld>    The challenge domain alias for DNS alias mode.
                                    See: https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode

  --domain-alias <domain.tld>       The domain alias for DNS alias mode.
                                    See: https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode

  --preferred-chain <chain>         If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
                                    If no match, the default offered chain will be used. (default: empty)
                                    See: https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain


<snip>


  --notify-hook <hookname>          Set the notify hook
  --revoke-reason <0-10>            The reason for revocation, can be used in conjunction with the '--revoke' command.
                                    See: https://github.com/acmesh-official/acme.sh/wiki/revokecert

  --password <password>             Add a password to exported pfx file. Use with --to-pkcs12.



****_add acmetestXyzRandomName.github-test.**** acmeTestTxtRecord                      Only valid for '--install' command, which means: do not install the default cron job.
                                    In this case, the certs will not be renewed automatically.
  --no-profile                      Only valid for '--install' command, which means: do not install aliases to user profile.
  --no-color                        Do not output color text.
  --force-color                     Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails.
  --ecc                             Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--to-pkcs12' and '--create-csr'
  --csr <file>                      Specifies the input csr.
  --pre-hook <command>              Command to be run before obtaining any certificates.
  --post-hook <command>             Command to be run after attempting to obtain/renew certificates. Runs regardless of whether 


<snip>

****_add acmetestXyzRandomName.github-test.**** acmeTestTxtRecord [FAIL] 
./letest.sh: 1: eval: ****_add: not found
Run Failed
_deactivateDomains='github-test.****'
_r='1'
------------------------------------------
------------------------------------------
_rr='1'
_ret='1'

[Neilpang]

sorry, there was a bug in acmetest. I just fixed acmesh-official/acmetest@9c4e5cb

please try again.

[bbruun]

@Neilpang all tests pass in my branch now :-)

[Neilpang]

please rebase code. Openbsd test is added.

[bbruun]

I would love to - but github crashes with "Ooops!!! 500".
All it gives me is the possibility to create a new pull request. Should I do that and then we can just close this one?

[bbruun]

I think Github has some issues with Actions tonight. Will look at it tomorrow as I can't access my branch I created the pull-request from (still get "Ooops 500").

Git failed on a few OS'es and the reset was cancled.

Run actions/checkout@v2
Syncing repository: bbruun/acme.sh
Getting Git version info
Temporarily overriding HOME='/home/runner/work/_temp/ceeb788e-c945-4a0f-ab70-b198cbb4d753' before making global git config changes
Adding repository directory to the temporary git global config as a safe directory
/usr/bin/git config --global --add safe.directory /home/runner/work/acme.sh/acme.sh
Deleting the contents of '/home/runner/work/acme.sh/acme.sh'
Initializing the repository
Disabling automatic garbage collection
Setting up auth
Fetching the repository
  /usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +6913b8beb5c6362f3fa8a60b43c43c0fc4244c41:refs/remotes/origin/new-dns-provider-dns_dnsservices
  remote: fatal: bad tree object 3ec4744f5ed8e83900[17](https://github.com/bbruun/acme.sh/runs/7239450018?check_suite_focus=true#step:2:18)287c07d846d2f25b8cc0        
  Error: fatal: protocol error: bad pack header
  The process '/usr/bin/git' failed with exit code 128
  Waiting 13 seconds before trying again
  /usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +6913b8beb5c6362f3fa8a60b43c43c0fc4[24](https://github.com/bbruun/acme.sh/runs/7239450018?check_suite_focus=true#step:2:26)4c41:refs/remotes/origin/new-dns-provider-dns_dnsservices
  remote: fatal: bad tree object 3ec4744f5ed8e8390017287c07d846d2f[25](https://github.com/bbruun/acme.sh/runs/7239450018?check_suite_focus=true#step:2:27)b8cc0        
  Error: fatal: protocol error: bad pack header
  The process '/usr/bin/git' failed with exit code 128
  Waiting 10 seconds before trying again
  /usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +6913b8beb5c6362f3fa8a60b43c43c0fc4244c41:refs/remotes/origin/new-dns-provider-dns_dnsservices
  remote: fatal: bad tree object 3ec4744f5ed8e8[39](https://github.com/bbruun/acme.sh/runs/7239450018?check_suite_focus=true#step:2:42)0017287c07d846d2f25b8cc0        
  Error: fatal: protocol error: bad pack header
  Error: The process '/usr/bin/git' failed with exit code 128

[bbruun]

@Neilpang I think something went wrong with my merge yesterday as I'm still getting Ooops 500 on my branch as it seems to have a melt down.

$ git pull                                        
remote: fatal: bad tree object 3ec4744f5ed8e8390017287c07d846d2f25b8cc0
fatal: protocol error: bad pack header

This is git operations beyond my skill level.
I would suggest I just create a new pull request and link to this one?

Ignore this: created a new branch and prepped it, and then actions started working on this branch and actions are running. Don't see OpenBSD in the actions flow though...

Ignore the ignore above: my branch is f...ed. Tried to trigger workflow, but ... no luck.

 ! [remote rejected] new-dns-provider-dns_dnsservices -> new-dns-provider-dns_dnsservices (failed)
error: failed to push some refs to 'git@github.com:bbruun/acme.sh.git'

I think I should create a new fork and branch and pull request, ok @Neilpang ?

[bbruun]

@Neilpang
It would seem GitHub has run som cleaning after last weeks failed merge with upstream.

I've re-tried to to build but have found tha tthe "acmeTestTxtRecord" that is created isn't deleted in the acmetest testing, so I have 30+ of these _acme-challenge.github-test.*** (note: the _acme-challenge.*** TXT records are removed).

Most of the tests are going through now.

Solaris is failing (looping) with the following - thousands of times:

WARNING: cpu0: failed to update microcode from version 0x19 to 0x1f
SunOS Release 5.11 Version 11.4.0.15.0 64-bit
Copyright (c) 1983, 2018, Oracle and/or its affiliates. All rights reserved.
Loading NVIDIA Kernel Mode Setting Driver for UNIX platforms 384.111 Wed Dec 2
0 00:20:38 PST 2017
Checking, please wait....
/usr/bin/sudo vboxmanage controlvm sol-11_4-vbox screenshotpng /Users/runner/work/_actions/vmactions/solaris-vm/v0.0.5/screen.png
/usr/bin/sudo chmod 666 /Users/runner/work/_actions/vmactions/solaris-vm/v0.0.5/screen.png
/usr/local/bin/pytesseract /Users/runner/work/_actions/vmactions/solaris-vm/v0.0.5/screen.png

Ubuntu (LetsEncrypt.org_test, (STAGING) Pretend Pear X1) is failing with "wait for connection to establish..." and not getting anywhere (as of this writing it is through 522 of these).

Ubuntu (ZeroSSL.com, ZeroSSL ECC Domain Secure Site CA, ZeroSSL RSA Domain Secure Site CA, github... seems to hang though the tests pass

/home/runner/.acme.sh/acme.sh --server "ZeroSSL.com"  --issue -d "spam-inventory-definitions-immediate.trycloudflare.com" -d "" --standalone --keylength ec-256 --certpath '/home/runner/work/acme.sh/acmetest/certs/domain.cer' --keypath '/home/runner/work/acme.sh/acmetest/certs/domain.key'  --capath '/home/runner/work/acme.sh/acmetest/certs/ca.cer'  --reloadcmd 'echo this is reload'  --fullchainpath  '/home/runner/work/acme.sh/acmetest/certs/full.cer' [PASS]
'/home/runner/.acme.sh/spam-inventory-definitions-immediate.trycloudflare.com_ecc/spam-inventory-definitions-immediate.trycloudflare.com.cer' equals '/home/runner/work/acme.sh/acmetest/certs/domain.cer' [PASS]
'/home/runner/.acme.sh/spam-inventory-definitions-immediate.trycloudflare.com_ecc/spam-inventory-definitions-immediate.trycloudflare.com.key' equals '/home/runner/work/acme.sh/acmetest/certs/domain.key' [PASS]
'/home/runner/.acme.sh/spam-inventory-definitions-immediate.trycloudflare.com_ecc/ca.cer' equals '/home/runner/work/acme.sh/acmetest/certs/ca.cer' [PASS]
'/home/runner/.acme.sh/spam-inventory-definitions-immediate.trycloudflare.com_ecc/fullchain.cer' equals '/home/runner/work/acme.sh/acmetest/certs/full.cer' [PASS]
/home/runner/.acme.sh/acme.sh --revoke -d spam-inventory-definitions-immediate.trycloudflare.com --ecc [PASS]

Windows (LetsEncrypt.org_test, (STAGING) Pretend Pear X1) is stuck "Run acmetest" like above Ubuntu ZeroSSL test:

/home/runneradmin/.acme.sh/acme.sh --server "LetsEncrypt.org_test"  --issue -d "inter-yes-bi-aaa.trycloudflare.com" -d "" --standalone --keylength ec-256 --certpath '/cygdrive/d/a/acme.sh/acmetest/certs/domain.cer' --keypath '/cygdrive/d/a/acme.sh/acmetest/certs/domain.key'  --capath '/cygdrive/d/a/acme.sh/acmetest/certs/ca.cer'  --reloadcmd 'echo this is reload'  --fullchainpath  '/cygdrive/d/a/acme.sh/acmetest/certs/full.cer' [PASS]
'/home/runneradmin/.acme.sh/inter-yes-bi-aaa.trycloudflare.com_ecc/inter-yes-bi-aaa.trycloudflare.com.cer' equals '/cygdrive/d/a/acme.sh/acmetest/certs/domain.cer' [PASS]
'/home/runneradmin/.acme.sh/inter-yes-bi-aaa.trycloudflare.com_ecc/inter-yes-bi-aaa.trycloudflare.com.key' equals '/cygdrive/d/a/acme.sh/acmetest/certs/domain.key' [PASS]
'/home/runneradmin/.acme.sh/inter-yes-bi-aaa.trycloudflare.com_ecc/ca.cer' equals '/cygdrive/d/a/acme.sh/acmetest/certs/ca.cer' [PASS]
'/home/runneradmin/.acme.sh/inter-yes-bi-aaa.trycloudflare.com_ecc/fullchain.cer' equals '/cygdrive/d/a/acme.sh/acmetest/certs/full.cer' [PASS]

This is the last test I'm waiting for - I don't know what it is waiting for...

[Neilpang]

build but have found tha tthe "acmeTestTxtRecord" that is created isn't deleted in the acmetest testing,

that means something wrong. you need to fix your code.
https://github.com/acmesh-official/acmetest/blob/master/letest.sh#L1480

[Neilpang]

If there are some of the tests failed. please just click the re-run button to run the failed tests again, untill all them them are passing.

[bbruun]

@Neilpang all tests pass now after fixing for OpenBSD (which works the same as NetBSD).

[Neilpang]

Thank you so much. here we go

[Neilpang]

Thank you so much. here we go