Report bugs to Constellix DNS API

[woutd]

Please report any bugs with the Constellix DNS API here.

[blockbandit]

Where is the actual Constellix dnsapi code? I can't find it on

https://github.com/acmesh-official/acme.sh/tree/master/dnsapi

[woutd]

It is still under review and not yet merged to the main acme.sh repository.
But for now, you can find and test it here:
https://raw.githubusercontent.com/woutd/acme.sh/master/dnsapi/dns_constellix.sh

[blockbandit]

Thank you. I will test it when I have certificates to renew.

[philippeherard]

I've had to create a new account at Constellix and tried to renew a certificate with this.
It doesn't work properly.

I have moved 3 domains at Constellix to test, and no matter what domain I try to renew a cert for,
the TXT records will be added to the first domain of the API response.

For example, the domain I try to renew is;
("id":323030,"name":"inXXX.info")

The API respond with;

response='[{"id":324703,"name":"onXXX.info","soa":{"primaryNameserver":"ns11.constellix.com.","email":"dns.constellix.com.","ttl":86400,"serial":2015010107,"refresh":43200,"retry":3600,"expire":1209600,"negCache":180},"createdTs":"2020-04-07T14:10:16Z","modifiedTs":"2020-04-07T14:58:33Z","typeId":1,"domainTags":[],"template":1360,"templateName":"3 Main Servers","folder":null,"hasGtdRegions":false,"hasGeoIP":false,"nameserverGroup":1,"nameservers":["ns11.constellix.com.","ns21.constellix.com.","ns31.constellix.com.","ns41.constellix.net.","ns51.constellix.net.","ns61.constellix.net."],"note":null,"version":6,"status":"ACTIVE","tags":[],"contactIds":[]},{"id":323056,"name":"flXXX.net","soa":{"primaryNameserver":"ns11.constellix.com.","email":"dns.constellix.com.","ttl":86400,"serial":2015010103,"refresh":43200,"retry":3600,"expire":1209600,"negCache":180},"createdTs":"2020-04-06T17:14:34Z","modifiedTs":"2020-04-06T17:16:20Z","typeId":1,"domainTags":[],"template":1360,"templateName":"3 Main Servers","folder":null,"hasGtdRegions":false,"hasGeoIP":false,"nameserverGroup":1,"nameservers":["ns11.constellix.com.","ns21.constellix.com.","ns31.constellix.com.","ns41.constellix.net.","ns51.constellix.net.","ns61.constellix.net."],"note":"Add v3","version":2,"status":"ACTIVE","tags":[],"contactIds":[434]},{"id":323030,"name":"inXXX.info","soa":{"primaryNameserver":"ns11.constellix.com.","email":"dns.constellix.com.","ttl":86400,"serial":2015010103,"refresh":43200,"retry":3600,"expire":1209600,"negCache":180},"createdTs":"2020-04-06T16:45:20Z","modifiedTs":"2020-04-06T16:52:05Z","typeId":1,"domainTags":[],"template":1360,"templateName":"3 Main Servers","folder":null,"hasGtdRegions":false,"hasGeoIP":false,"nameserverGroup":1,"nameservers":["ns11.constellix.com.","ns21.constellix.com.","ns31.constellix.com.","ns41.constellix.net.","ns51.constellix.net.","ns61.constellix.net."],"note":"Add 1 domain (test)","version":2,"status":"ACTIVE","tags":[],"contactIds":[434]}]'

[Tue Apr 7 14:58:39 UTC 2020] _domain_id='324703'
[Tue Apr 7 14:58:39 UTC 2020] _sub_domain='_acme-challenge.www'
[Tue Apr 7 14:58:39 UTC 2020] _domain='inXXX.info'
[Tue Apr 7 14:58:39 UTC 2020] Adding TXT record
[Tue Apr 7 14:58:39 UTC 2020] domains/324703/records

So basically the domain_id i'm getting is always wrong, and it's always the first one of the API response.
Seems to be because of this line;
_domain_id=$(printf "%s\n" "$response" | _egrep_o ""id":[^,]*" | head -n 1 | cut -d ':' -f 2 | tr -d '}')

I'm no coding expert, so if someone can have a look, it would be nice.

[woutd]

Thank you for reporting.
Can you try modifying line 89 from:
if ! _constellix_rest GET "domains"; then
to:
if ! _constellix_rest GET "domains/search?name=$h"; then

[philippeherard]

Done, it seems to work OK.

Tested on the 3 domains I have so far there, and got all 3 certs.
I'll have more domain there soon, we'll see how it goes.

Thanks for the fix!

[woutd]

Great! I did a little bit more cleanup, which is available here:
https://raw.githubusercontent.com/woutd/acme.sh/fix-constellix-domain-id/dnsapi/dns_constellix.sh
I'll do some more testing tomorrow, and do a PR if I don't run into issues.
Cheers

[philippeherard]

Weird, today is not working anymore;

[Thu Apr 9 16:06:34 UTC 2020] Detecting root zone
[Thu Apr 9 16:06:34 UTC 2020] domains/search?name=lightXXX.info
[Thu Apr 9 16:06:34 UTC 2020] GET
[Thu Apr 9 16:06:34 UTC 2020] url='https://api.dns.constellix.com/v1/domains/search?name=lightXXX.info'
[Thu Apr 9 16:06:34 UTC 2020] timeout=
[Thu Apr 9 16:06:34 UTC 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Apr 9 16:06:37 UTC 2020] ret='0'
[Thu Apr 9 16:06:37 UTC 2020] response='{"errors":["required parameter is missing."]}'
[Thu Apr 9 16:06:37 UTC 2020] domains/search?name=info
[Thu Apr 9 16:06:37 UTC 2020] GET
[Thu Apr 9 16:06:37 UTC 2020] url='https://api.dns.constellix.com/v1/domains/search?name=info'
[Thu Apr 9 16:06:37 UTC 2020] timeout=
[Thu Apr 9 16:06:37 UTC 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Apr 9 16:06:37 UTC 2020] ret='0'
[Thu Apr 9 16:06:37 UTC 2020] response='{"errors":["required parameter is missing."]}'
[Thu Apr 9 16:06:37 UTC 2020] Invalid domain
[Thu Apr 9 16:06:37 UTC 2020] Error add txt for domain:_acme-challenge.lightXXX.info
[Thu Apr 9 16:06:37 UTC 2020] _on_issue_err

[philippeherard]

Not sure if it was bad timing and they changed something into the api since yesterday;
But adding exact= on line 89 fixed it for me today;

if ! _constellix_rest GET "domains/search?exact=$h";

[woutd]

You are correct, that is very weird, looks like they just changed their API. I will make another fix.

[ragnarkarlsson]

@woutd are you still willing to support this integration? I am a Constellix user and note that they have completely depreciated the v1 API and the current is v4. I've hacked together some stages of an update but am using jq to parse things rather than full bash, happy to collaborate with what little I can.

[woutd]

Hi @ragnarkarlsson, thank you for letting me know. Since I am also still using this plugin as a Constellix user I will certainly try to make sure that is keeps on working. I am not sure when the v1 API will stop working but I will look into the changes needed for v4.

[ragnarkarlsson]

@woutd just reach out to me if you want me to collaborate / help. I haven't tried using the current acme.sh with the v1 API version, unsure if because I'm a newer customer it isn't available to me, I'll try to do so soon and update here.

[woutd]

@ragnarkarlsson I looked into the needed changes but got stuck on a limitation of the v4 API. It seems there is no more way to check if a (TXT) record exists. Which is needed when working with wildcard certificates to either create or update a record (see https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_constellix.sh#L33).
I contacted Constellix about this but unfortunately this functionality is not available at this moment. They escalated the matter to their product manager.
A workaround could be to use the list call and search in the JSON response, but that would be quite cumbersome in the limited shell environment of acme.sh.
So until there is a way to address this shortcoming, I hope you are able to use the plugin with the v1 API.

[ragnarkarlsson]

Thanks @woutd that's what I suspected might be the case.

I did try to do it (but break the acme.sh way) and use jq to search the JSON, but whilst I could get that to work I found I was out of my depth from there.

I'll try the v1 API when I can again, but do respond here if you hear from Constellix.