申请证书DNS匹配异常

Question

申请证书DNS匹配异常

Closed this issue 12 days ago · 5 comments

当前版本3.0.8，之前一直正常，最近不知道为什么异常

1、一个顶级域名下申请两个泛域名证书，如果先申请*.monitor.baidu.com 就会导致第二步申请的*.baidu.com 证书错误，dns变为DNS:baidu.com,DNS:monitor.baidu.com

2、如果先申请*.baidu.com 然后在申请*.monitor.baidu.com 就没问题

./acme.sh --issue --dns dns_dp -d monitor.baidu.com -d .monitor.baidu.com --force --keylength 4096
[Fri Dec 20 14:32:16 CST 2024] The domain key is here: /root/.acme.sh/monitor.baidu.com/monitor.baidu.com.key
[Fri Dec 20 14:32:16 CST 2024] Multi domain='DNS:monitor.baidu.com,DNS:.monitor.baidu.com'

./acme.sh --issue --dns dns_dp -d baidu.com -d *.baidu.com --force --server letsencrypt --keylength 4096
[Fri Dec 20 14:32:43 CST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Dec 20 14:32:43 CST 2024] Creating domain key
[Fri Dec 20 14:32:44 CST 2024] The domain key is here: /root/.acme.sh/baidu.com/baidu.com.key
[Fri Dec 20 14:32:44 CST 2024] Multi domain='DNS:baidu.com,DNS:monitor.baidu.com'

3、而如果在前面增加转义则正常
./acme.sh --issue --dns dns_dp -d baidu.com -d *.baidu.com --force --keylength 4096
[Fri Dec 20 14:34:40 CST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Dec 20 14:34:40 CST 2024] Multi domain='DNS:baidu.com,DNS:.baidu.com'
[Fri Dec 20 14:34:40 CST 2024] Getting domain auth token for each domain
[Fri Dec 20 14:34:44 CST 2024] Getting webroot for domain='baidu.com'
[Fri Dec 20 14:34:44 CST 2024] Getting webroot for domain='*.baidu.com'

Answer 1 · 2024-12-20T07:11:02.000Z

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

Answer 2 · 2024-12-20T07:11:51.000Z

如果在泛域名的※前面增加转义符则会正常

Answer 3 · 2024-12-20T09:57:14.000Z

更新到最新版本也是一样的情况，和#4507 一样，bash下执行会有改问题，zsh下正常

Answer 4 · 2024-12-22T12:23:30.000Z

使用单引号包裹域名

Answer 5 · 2024-12-22T12:24:24.000Z

Neilpang commented 12 days ago