HOOK_CHAIN="yes" seems not to be working
Milan-Benes opened this issue · 3 comments
Hello,
when I issue letsencrypt.sh like this: /opt/letsencrypt.sh/letsencrypt.sh -c -d mail-srv1.suz.cvut.cz -d mail.suz.cvut.cz -d mail1.suz.cvut.cz -d smtp.suz.cvut.cz -d pop3.suz.cvut.cz -d imap.suz.cvut.cz it ends up in an infinite loop. The call for the first domain produces valid record in PDNS, but when it moves to the second domain, the token from the first call is used instead of the second domain name: JSON looks like this:
Name: _acme-challenge.c92v_NcS24IvOITKjw99i_ycfWtTMuFFbRZjGRg1wLk.
Token: g3teyasXXKPX-3oZOUs8BG_l-zPPC31LyVm--xfJuzY
Data: {
"rrsets": [{
"name": "_acme-challenge.c92v_NcS24IvOITKjw99i_ycfWtTMuFFbRZjGRg1wLk.",
"type": "TXT",
"ttl": 1,
"records": [{
"content": "\"g3teyasXXKPX-3oZOUs8BG_l-zPPC31LyVm--xfJuzY\"",
"disabled": false,
"set-ptr": false
}],
"changetype": "REPLACE"
}]
}
Response: Not Found
When i set HOOK_CHAIN="no" it works, albeit slowly. Please note I'm using slightly modified pdns_api.sh (see #1).
Can add DEBUG=true to your config? This makes the output more verbose.
Hello,
for two domains the output looks like this:
root@mail-srv1:~# /opt/letsencrypt.sh/letsencrypt.sh -c -d m1.suz.cvut.cz -d m2.suz.cvut.cz
# INFO: Using main config file /etc/letsencrypt.sh/config
Processing m1.suz.cvut.cz with alternative names: m2.suz.cvut.cz
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for m1.suz.cvut.cz...
+ Requesting challenge for m2.suz.cvut.cz...
Name: _acme-challenge.m1.suz.cvut.cz.
Token: ElRb6HDbRA6MzuqLiq8MkJGO6nW6CxSPM2TpotUF6Wo
Data: {
"rrsets": [{
"name": "_acme-challenge.m1.suz.cvut.cz.",
"type": "TXT",
"ttl": 1,
"records": [{
"content": "\"ElRb6HDbRA6MzuqLiq8MkJGO6nW6CxSPM2TpotUF6Wo\"",
"disabled": false,
"set-ptr": false
}],
"changetype": "REPLACE"
}]
}
Response:
Name: _acme-challenge.AwQIrX9IbiH6HnG7DG2wADiEcaL4ZcdG3ivPVylVc3U.
Token:
Data: {
"rrsets": [{
"name": "_acme-challenge.AwQIrX9IbiH6HnG7DG2wADiEcaL4ZcdG3ivPVylVc3U.",
"type": "TXT",
"ttl": 1,
"records": [{
"content": "\"\"",
"disabled": false,
"set-ptr": false
}],
"changetype": "REPLACE"
}]
}
Response: Not Found
Name: _acme-challenge.ElRb6HDbRA6MzuqLiq8MkJGO6nW6CxSPM2TpotUF6Wo.
Token: -28NPsba5D8yTqg2J9JFA3f9LrwAdtK8WOTf_zVO_sE
Data: {
"rrsets": [{
"name": "_acme-challenge.ElRb6HDbRA6MzuqLiq8MkJGO6nW6CxSPM2TpotUF6Wo.",
"type": "TXT",
"ttl": 1,
"records": [{
"content": "\"-28NPsba5D8yTqg2J9JFA3f9LrwAdtK8WOTf_zVO_sE\"",
"disabled": false,
"set-ptr": false
}],
"changetype": "REPLACE"
}]
}
Response: Not Found
Name: _acme-challenge.ElRb6HDbRA6MzuqLiq8MkJGO6nW6CxSPM2TpotUF6Wo.
Token: -28NPsba5D8yTqg2J9JFA3f9LrwAdtK8WOTf_zVO_sE
Data: {
"rrsets": [{
"name": "_acme-challenge.ElRb6HDbRA6MzuqLiq8MkJGO6nW6CxSPM2TpotUF6Wo.",
"type": "TXT",
"ttl": 1,
"records": [{
"content": "\"-28NPsba5D8yTqg2J9JFA3f9LrwAdtK8WOTf_zVO_sE\"",
"disabled": false,
"set-ptr": false
}],
"changetype": "REPLACE"
}]
}
Response: Not Found
Name: _acme-challenge.ElRb6HDbRA6MzuqLiq8MkJGO6nW6CxSPM2TpotUF6Wo.
Token: -28NPsba5D8yTqg2J9JFA3f9LrwAdtK8WOTf_zVO_sE
Data: {
"rrsets": [{
"name": "_acme-challenge.ElRb6HDbRA6MzuqLiq8MkJGO6nW6CxSPM2TpotUF6Wo.",
"type": "TXT",
"ttl": 1,
"records": [{
"content": "\"-28NPsba5D8yTqg2J9JFA3f9LrwAdtK8WOTf_zVO_sE\"",
"disabled": false,
"set-ptr": false
}],
"changetype": "REPLACE"
}]
}
Response: Not Found
Ok, it seems that my attempt at parsing the hostname referenced at #1 breaks the setup function somehow. Please disregard this issue.