Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Report bugs to easyDNS dns api #2647

Open
wurzelpanzer opened this issue Dec 21, 2019 · 10 comments
Open

Report bugs to easyDNS dns api #2647

wurzelpanzer opened this issue Dec 21, 2019 · 10 comments
Assignees
Labels
3rd party api report bugs to dns api, deploy hooks and notification hooks

Comments

@wurzelpanzer
Copy link
Contributor

wurzelpanzer commented Dec 21, 2019

Report issues with easyDNS API here.

This was referenced Dec 21, 2019
@Neilpang Neilpang added the 3rd party api report bugs to dns api, deploy hooks and notification hooks label Feb 15, 2020
@Neilpang
Copy link
Member

@wurzelpanzer
Do you have any time to take a look at this?
#3016

@wurzelpanzer
Copy link
Contributor Author

@Neilpang will have a look into it tomorrow.

@freebrowser1
Copy link

Still does not work.


[Fri Feb 25 08:38:45 CET 2022] Using CA: https://acme.zerossl.com/v2/DV90
[Fri Feb 25 08:38:45 CET 2022] Creating domain key
[Fri Feb 25 08:38:45 CET 2022] The domain key is here: /root/.acme.sh/www.example.com/www.example.com.key
[Fri Feb 25 08:38:45 CET 2022] Single domain='www.example.com'
[Fri Feb 25 08:38:45 CET 2022] Getting domain auth token for each domain
[Fri Feb 25 08:38:50 CET 2022] Getting webroot for domain='www.example.com'
[Fri Feb 25 08:38:50 CET 2022] Adding txt value: XXXXX_YYYYYYYY_ZZZZZZZZZZZZZZZZZZZZZZ for domain:  _acme-challenge.www.example.com
[Fri Feb 25 08:38:58 CET 2022] invalid domain
[Fri Feb 25 08:38:58 CET 2022] Error add txt for domain:_acme-challenge.www.example.com
[Fri Feb 25 08:38:58 CET 2022] Please add '--debug' or '--log' to check more details.
[Fri Feb 25 08:38:58 CET 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

It shows 'invalid domain' while the domain should be registered as new.
When adding --debug it does not provide additional info.

@wurzelpanzer
Copy link
Contributor Author

Still does not work.


[Fri Feb 25 08:38:45 CET 2022] Using CA: https://acme.zerossl.com/v2/DV90
[Fri Feb 25 08:38:45 CET 2022] Creating domain key
[Fri Feb 25 08:38:45 CET 2022] The domain key is here: /root/.acme.sh/www.example.com/www.example.com.key
[Fri Feb 25 08:38:45 CET 2022] Single domain='www.example.com'
[Fri Feb 25 08:38:45 CET 2022] Getting domain auth token for each domain
[Fri Feb 25 08:38:50 CET 2022] Getting webroot for domain='www.example.com'
[Fri Feb 25 08:38:50 CET 2022] Adding txt value: XXXXX_YYYYYYYY_ZZZZZZZZZZZZZZZZZZZZZZ for domain:  _acme-challenge.www.example.com
[Fri Feb 25 08:38:58 CET 2022] invalid domain
[Fri Feb 25 08:38:58 CET 2022] Error add txt for domain:_acme-challenge.www.example.com
[Fri Feb 25 08:38:58 CET 2022] Please add '--debug' or '--log' to check more details.
[Fri Feb 25 08:38:58 CET 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

It shows 'invalid domain' while the domain should be registered as new. When adding --debug it does not provide additional info.

Could you please upload the debug log with --debug 2 enabled?

@freebrowser1
Copy link

I was trying to run for a wildcard certificate. Now it succeeded partially.

acme.sh --debug 2 --issue --dns dns_easydns -d *.example.com

resulted in with 'invalid domain' error:

[Sat Feb 26 09:17:11 CET 2022] _authz_url='https://acme.zerossl.com/v2/DV90/authz/xdzJo9knlndWluY5epdnxg'
[Sat Feb 26 09:17:11 CET 2022] url='https://acme.zerossl.com/v2/DV90/authz/xdzJo9knlndWluY5epdnxg'
[Sat Feb 26 09:17:11 CET 2022] payload
[Sat Feb 26 09:17:11 CET 2022] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sat Feb 26 09:17:11 CET 2022] Use _CACHED_NONCE='qdfj5EgA0fSueUd3MjS_QJ5AajG4P9WgefCP1INf01o'
[Sat Feb 26 09:17:11 CET 2022] nonce='qdfj5EgA0fSueUd3MjS_QJ5AajG4P9WgefCP1INf01o'
[Sat Feb 26 09:17:11 CET 2022] POST
[Sat Feb 26 09:17:11 CET 2022] _post_url='https://acme.zerossl.com/v2/DV90/authz/xdzJo9knlndWluY5epdnxg'
[Sat Feb 26 09:17:11 CET 2022] body='{"protected": "eyJub25jZSI6ICJxZGZqNUVnQTBmU3VlVWQzTWpTX1FKNUFhakc0UDlXZ2VmQ1AxSU5mMDFvIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei94ZHpKbzlrbmxuZFdsdVk1ZXBkbnhnIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC96Uks2MGFSWEdJaXFVYXFRVjJkVjJBIn0", "payload": "", "signature": "vbweft7uh15dgdfgd78njLoJocuzWzjUzytFswXfP9E0s1UDycG46kHnKJB__ExWNdOfjpZzzrkJRSroeIQoRk1B6a8iMCnXJa0eFJYm8vvQpikJBmXy7B8kKwgnNPoBr2HTiaacao8rslqBxVbOBAVSCzBOd6O3FlU5U-6nExMnCJ0127CKwHVmYPmRGmjhmKXrN1db6fHWOUW79pfKld7fEHdlVQMIt3shrnauh4WQoODbobQehegjUNS_j8bFLHYaigqE0OqTxkfdVVAhg2YxN6riVRyA0bayHs-arkRrVAnzJXGnGnyKvld1EOPAcBzgzK4dTBgyQykLFcYgJg"}'
[Sat Feb 26 09:17:11 CET 2022] _postContentType='application/jose+json'
[Sat Feb 26 09:17:11 CET 2022] Http already initialized.
[Sat Feb 26 09:17:11 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.unGkIX0iF8  -g '
[Sat Feb 26 09:17:16 CET 2022] _ret='0'
[Sat Feb 26 09:17:16 CET 2022] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Feb 2022 08:17:16 GMT
Content-Type: application/json
Content-Length: 294
Connection: keep-alive
Replay-Nonce: MVCsaPZtYHK9eAhhKj4uN-doEoGsyBJLPVXM5tMHLvc
Cache-Control: max-age=-1
Access-Control-Allow-Origin: *
Link: <https://acme.zerossl.com/v2/DV90>;rel="index"
Retry-After: 5
Strict-Transport-Security: max-age=15552000
'
[Sat Feb 26 09:17:16 CET 2022] code='200'
[Sat Feb 26 09:17:16 CET 2022] original='{"identifier":{"type":"dns","value":"example.com"},"status":"pending","expires":"2022-03-28T08:17:11Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA","status":"pending","token":"mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw"}],"wildcard":true}'
[Sat Feb 26 09:17:16 CET 2022] response='{"identifier":{"type":"dns","value":"example.com"},"status":"pending","expires":"2022-03-28T08:17:11Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA","status":"pending","token":"mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw"}],"wildcard":true}'
[Sat Feb 26 09:17:16 CET 2022] response='{"identifier":{"type":"dns","value":"example.com"},"status":"pending","expires":"2022-03-28T08:17:11Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA","status":"pending","token":"mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw"}],"wildcard":true}'
[Sat Feb 26 09:17:16 CET 2022] _d='*.example.com'
[Sat Feb 26 09:17:16 CET 2022] _authorizations_map='*.example.com,{"identifier":{"type":"dns","value":"example.com"},"status":"pending","expires":"2022-03-28T08:17:11Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA","status":"pending","token":"mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw"}],"wildcard":true}
'
[Sat Feb 26 09:17:16 CET 2022] d='*.example.com'
[Sat Feb 26 09:17:16 CET 2022] Getting webroot for domain='*.example.com'
[Sat Feb 26 09:17:16 CET 2022] _w='dns_easydns'
[Sat Feb 26 09:17:16 CET 2022] _currentRoot='dns_easydns'
[Sat Feb 26 09:17:17 CET 2022] _is_idn_d='*.example.com'
[Sat Feb 26 09:17:17 CET 2022] _idn_temp
[Sat Feb 26 09:17:17 CET 2022] _candidates='*.example.com,{"identifier":{"type":"dns","value":"example.com"},"status":"pending","expires":"2022-03-28T08:17:11Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA","status":"pending","token":"mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw"}],"wildcard":true}'
[Sat Feb 26 09:17:17 CET 2022] response='{"identifier":{"type":"dns","value":"example.com"},"status":"pending","expires":"2022-03-28T08:17:11Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA","status":"pending","token":"mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw"}],"wildcard":true}'
[Sat Feb 26 09:17:17 CET 2022] entry='"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA","status":"pending","token":"mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw"'
[Sat Feb 26 09:17:17 CET 2022] token='mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw'
[Sat Feb 26 09:17:17 CET 2022] uri='https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA'
[Sat Feb 26 09:17:17 CET 2022] keyauthorization='mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw.jP0NZScigQEUSkI8rscf9YaFUvKOTM9gpzECc1xiUe0'
[Sat Feb 26 09:17:17 CET 2022] dvlist='*.example.com#mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw.jP0NZScigQEUSkI8rscf9YaFUvKOTM9gpzECc1xiUe0#https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA#dns-01#dns_easydns'
[Sat Feb 26 09:17:17 CET 2022] d
[Sat Feb 26 09:17:17 CET 2022] vlist='*.example.com#mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw.jP0NZScigQEUSkI8rscf9YaFUvKOTM9gpzECc1xiUe0#https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA#dns-01#dns_easydns,'
[Sat Feb 26 09:17:17 CET 2022] d='*.example.com'
[Sat Feb 26 09:17:17 CET 2022] _d_alias
[Sat Feb 26 09:17:17 CET 2022] txtdomain='_acme-challenge.example.com'
[Sat Feb 26 09:17:17 CET 2022] txt='p6iJr2v99H9Dnb7r_ce07XLBCl7cgn_iiFdU9p-4hus'
[Sat Feb 26 09:17:17 CET 2022] d_api='/root/.acme.sh/dnsapi/dns_easydns.sh'
[Sat Feb 26 09:17:17 CET 2022] dns_entry='example.com,_acme-challenge.example.com,,dns_easydns,p6iJr2v99H9Dnb7r_ce07XLBCl7cgn_iiFdU9p-4hus,/root/.acme.sh/dnsapi/dns_easydns.sh'
[Sat Feb 26 09:17:17 CET 2022] Found domain api file: /root/.acme.sh/dnsapi/dns_easydns.sh
[Sat Feb 26 09:17:17 CET 2022] Adding txt value: p6iJr2v99H9Dnb7r_ce07XLBCl7cgn_iiFdU9p-4hus for domain:  _acme-challenge.example.com
[Sat Feb 26 09:17:17 CET 2022] First detect the root zone
[Sat Feb 26 09:17:17 CET 2022] h='_acme-challenge.example.com'
[Sat Feb 26 09:17:17 CET 2022] zones/records/all/_acme-challenge.example.com
[Sat Feb 26 09:17:17 CET 2022] GET
[Sat Feb 26 09:17:17 CET 2022] url='https://rest.easydns.net/zones/records/all/_acme-challenge.example.com'
[Sat Feb 26 09:17:17 CET 2022] timeout=
[Sat Feb 26 09:17:17 CET 2022] Http already initialized.
[Sat Feb 26 09:17:17 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.unGkIX0iF8  -g '
[Sat Feb 26 09:17:18 CET 2022] ret='0'
[Sat Feb 26 09:17:18 CET 2022] response='{"error":{"code":420,"message":"Enhance Your Calm. Rate limit exceeded (too many requests)"}}'
[Sat Feb 26 09:17:18 CET 2022] h='example.com'
[Sat Feb 26 09:17:18 CET 2022] zones/records/all/example.com
[Sat Feb 26 09:17:18 CET 2022] GET
[Sat Feb 26 09:17:18 CET 2022] url='https://rest.easydns.net/zones/records/all/example.com'
[Sat Feb 26 09:17:18 CET 2022] timeout=
[Sat Feb 26 09:17:18 CET 2022] Http already initialized.
[Sat Feb 26 09:17:18 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.unGkIX0iF8  -g '
[Sat Feb 26 09:17:18 CET 2022] ret='0'
[Sat Feb 26 09:17:18 CET 2022] response='{"error":{"code":420,"message":"Enhance Your Calm. Rate limit exceeded (too many requests)"}}'
[Sat Feb 26 09:17:18 CET 2022] h='be'
[Sat Feb 26 09:17:18 CET 2022] zones/records/all/be
[Sat Feb 26 09:17:18 CET 2022] GET
[Sat Feb 26 09:17:18 CET 2022] url='https://rest.easydns.net/zones/records/all/be'
[Sat Feb 26 09:17:18 CET 2022] timeout=
[Sat Feb 26 09:17:18 CET 2022] Http already initialized.
[Sat Feb 26 09:17:18 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.unGkIX0iF8  -g '
[Sat Feb 26 09:17:19 CET 2022] ret='0'
[Sat Feb 26 09:17:19 CET 2022] response='{"error":{"code":420,"message":"Enhance Your Calm. Rate limit exceeded (too many requests)"}}'
[Sat Feb 26 09:17:19 CET 2022] h
[Sat Feb 26 09:17:19 CET 2022] invalid domain
[Sat Feb 26 09:17:19 CET 2022] Error add txt for domain:_acme-challenge.example.com
[Sat Feb 26 09:17:19 CET 2022] _on_issue_err
[Sat Feb 26 09:17:19 CET 2022] Please add '--debug' or '--log' to check more details.
[Sat Feb 26 09:17:19 CET 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sat Feb 26 09:17:19 CET 2022] _chk_vlist='*.example.com#mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw.jP0NZScigQEUSkI8rscf9YaFUvKOTM9gpzECc1xiUe0#https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA#dns-01#dns_easydns,'
[Sat Feb 26 09:17:19 CET 2022] start to deactivate authz
[Sat Feb 26 09:17:19 CET 2022] Trigger domain validation.
[Sat Feb 26 09:17:19 CET 2022] _t_url='https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA'
[Sat Feb 26 09:17:19 CET 2022] _t_key_authz='mvEUifxmZ-9x4NRWca68hq6eGtIxBmQ7vS_IygTQuJw.jP0NZScigQEUSkI8rscf9YaFUvKOTM9gpzECc1xiUe0'
[Sat Feb 26 09:17:20 CET 2022] _t_vtype
[Sat Feb 26 09:17:20 CET 2022] url='https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA'
[Sat Feb 26 09:17:20 CET 2022] payload='{}'
[Sat Feb 26 09:17:20 CET 2022] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sat Feb 26 09:17:20 CET 2022] Use _CACHED_NONCE='MVCsaPZtYHK9eAhhKj4uN-doEoGsyBJLPVXM5tMHLvc'
[Sat Feb 26 09:17:20 CET 2022] nonce='MVCsaPZtYHK9eAhhKj4uN-doEoGsyBJLPVXM5tMHLvc'
[Sat Feb 26 09:17:20 CET 2022] POST
[Sat Feb 26 09:17:20 CET 2022] _post_url='https://acme.zerossl.com/v2/DV90/chall/dE8SylrDXDlbvJTZjdzJeA'
[Sat Feb 26 09:17:20 CET 2022] body='{"protected": "eyJub25jZSI6ICJNVkNzYVBadFlISzllQWhoS2o0dU4tZG9Fb0dzeUJKTFBWWE01dE1ITHZjIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9jaGFsbC9kRThTeWxyRFhEbGJ2SlRaamR6SmVBIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC96Uks2MGFSWEdJaXFVYXFRVjJkVjJBIn0", "payload": "e30", "signature": "kDxyM-m3HrLzCxqJC5fcE3iReG45pj_DAB2Lrsl2MWxp7Lxl5RiNhGT5vIuN4SYb3OlKIxTr7t1QR8aQM1ILLDluwhnwaBYbQygIEV969TLNoWU8eDWLzum3VTF_QotA5mRxHi83GPtJhkCnqVpYAaL8oMs5QU0lBcV9uJM2J3FYMtsuDar--lwadxa7o4MeWDbpGJEfNbSus2vbJHfI0IGdT8XsYYZWs4SGJ39GSu-1kI2UeFMKDWbMkakQDuegGfUmvtyqCQ93FiZf-2ApyKP_-t5oX-hoUnTZf1grolTBqr4323QJtXnk4nZXDd_Fwc3azF4udpmcg_BdxP02fQ"}'
[Sat Feb 26 09:17:20 CET 2022] _postContentType='application/jose+json'
[Sat Feb 26 09:17:20 CET 2022] Http already initialized.
[Sat Feb 26 09:17:20 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.unGkIX0iF8  -g '
[Sat Feb 26 09:17:25 CET 2022] _ret='0'
[Sat Feb 26 09:17:25 CET 2022] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Feb 2022 08:17:25 GMT
Content-Type: application/json
Content-Length: 163
Connection: keep-alive
Replay-Nonce: P5C-psCw79VJ4s1Mal-0zpDu3hyuKiKOedPISEyXhh8
Cache-Control: max-age=-1
Access-Control-Allow-Origin: *
Link: <https://acme.zerossl.com/v2/DV90>;rel="index"
Link: <https://acme.zerossl.com/v2/DV90/authz/xdzJo9knlndWluY5epdnxg>;rel="up"
Retry-After: 10
Strict-Transport-Security: max-age=15552000

But when I did acme.sh --debug 2 --issue --dns dns_easydns -d example.com, no error occurred. Does that mean that there will be a wildcard certificate for *.example.com ?

@tom--
Copy link

tom-- commented Mar 24, 2022

I am seeing a lot of these 420 Enhance Your Calm responses from rest.easydns.net too, including when using cURL on the command line.

response='{"error":{"code":420,"message":"Enhance Your Calm. Rate limit exceeded (too many requests)"}}'

If I want to try taking the message literally, what can we do to slow down the request rate, by a lot?

@wurzelpanzer
Copy link
Contributor Author

Im gonna ask easydns about rates and limits.

@tom--
Copy link

tom-- commented Mar 24, 2022

I got to suspect that 420 Enhance Your Calm might be misleading because the first test GET I made to rest.easydns.net after getting my keys got that result. In other words, it gave me a rate limit error message before my API requests even had a rate.

@tom--
Copy link

tom-- commented Mar 25, 2022

@wurzelpanzer I confirmed that the 420 Enhance Your Calm responses are misleading. This is the response also for auth failure.

I checked my account.conf file and saw that the SAVED_EASYDNS_Key and _Token values were reversed (my error when copy-pasting the env var yesterday). So I swapped them and the cert issue completed successfully. Woot! But with incorrect Key and Token values I got 420 Enhance Your Calm responses. So I'll write this large for anyone else who might need to know

420 Enhance Your Calm response from rest.easydns.com does NOT mean you hit a server rate limit

@seanm
Copy link

seanm commented May 3, 2022

I've just tried this for the first time and stumbled. With the help of EasyDNS, we realized that it was basically an authentication failure. Initially at least, EasyDNS gives you sandbox access only, and those credentials fail since the acme.sh script talks to the production environment, not the sandbox environment.

Even with --debug --log there wasn't any message indicating something like "authentication failure, check your key and token". That would be nice to add, if possible.

In addition, like @tom-- I also reversed key and token, I think because the EasyDNS email provides them in one order and the wiki has them in the opposite order. I'll try to change the wiki...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3rd party api report bugs to dns api, deploy hooks and notification hooks
Projects
None yet
Development

No branches or pull requests

5 participants