Is creating a wildcard for a subdomain support? Example *.one.example.com

[ghost]

Steps to reproduce

./acme.sh --issue --dns dns_easydns -d sanity.onetrace.io -d *.sanity.onetrace.io

Debug log

acme.sh  --issue .....   --debug 2

Adding txt value: w8R2uF1U738lzf3MCxOIlPV0pvKBj6lMa7SeCEDgZCg for domain: _acme-challenge.sanity.onetrace.io
[Tue Jun 30 05:56:55 UTC 2020] invalid domain
[Tue Jun 30 05:56:55 UTC 2020] Error add txt for domain:_acme-challenge.sanity.onetrace.io

[ghost]

acme.sh --upgrade

[Thu Jul 2 06:47:16 UTC 2020] Already uptodate!
[Thu Jul 2 06:47:16 UTC 2020] Upgrade success!

Thu Jul 2 06:54:38 UTC 2020] ret='0'
[Thu Jul 2 06:54:39 UTC 2020] response='

{"tm":1593672878,"data":[{"id":"76237154","domain":"basecase.io","host":"_acme-challenge.sanity","ttl":"0","prio":"0","type":"TXT","rdata":"1Ah2N8JDuCGPiV7cZC55sBBUiICIOgorozA6VD9Obmc","geozone_id":"0","last_mod":"2020-04-22 19:14:52"}],"search":"_acme-challenge.sanity","count":1,"total":1,"start":0,"max":1000,"status":200}'
[Thu Jul 2 06:54:39 UTC 2020] Adding record
[Thu Jul 2 06:54:39 UTC 2020] zones/records/add/basecase.io/TXT
[Thu Jul 2 06:54:39 UTC 2020] data='{"host":"_acme-challenge.sanity","rdata":"-l64csn5lS33yDj8GJG9u7w63xTJHIaly1iAJQuTmVE"}'
[Thu Jul 2 06:54:39 UTC 2020] PUT
[Thu Jul 2 06:54:39 UTC 2020] _post_url='rest.easydns.net/zones/records/add/basecase.io/TXT'
[Thu Jul 2 06:54:39 UTC 2020] body='{"host":"_acme-challenge.sanity","rdata":"-l64csn5lS33yDj8GJG9u7w63xTJHIaly1iAJQuTmVE"}'
[Thu Jul 2 06:54:39 UTC 2020] _postContentType
[Thu Jul 2 06:54:39 UTC 2020] Http already initialized.
[Thu Jul 2 06:54:39 UTC 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.3g9fTn5Sb5 -g '
[Thu Jul 2 06:54:39 UTC 2020] _ret='0'
[Thu Jul 2 06:54:39 UTC 2020] response='

{"error":{"code":400,"message":"You failed to provide a hostname in your input data. Please check your formatting."}}'
[Thu Jul 2 06:54:39 UTC 2020] Add txt record error.
[Thu Jul 2 06:54:39 UTC 2020] Error add txt for domain:_acme-challenge.sanity.basecase.io
[Thu Jul 2 06:54:39 UTC 2020] _on_issue_err
[Thu Jul 2 06:54:39 UTC 2020] Please add '--debug' or '--log' to check more details.
[Thu Jul 2 06:54:39 UTC 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

[geetfun]

Using the latest version of acme.sh, can confirm I'm getting an error as well for adding txt. My DNS provider is Cloudflare, and I noticed that it's affecting easydns.net as well. Could this be something upstream (ie. not related to acme.sh, but with LetsEncrypt)?

[ghost]

It is either with the acme.sh or with the provider. I can do this manually with no issue. I was hoping to use the acme.sh script to automate.

[wurzelpanzer]

@pa-chris I have no problem with *.subdomain.domain.com, just tried with easydns and acme.sh

here is my stripped log: https://pastebin.com/MA2UT6QQ

Could you please execute:
./acme.sh --issue --dns dns_easydns -d sanity.onetrace.io -d *.sanity.onetrace.io --debug 2

and paste the whole output.

[ghost]

That did not work. Here is my log: https://pastebin.com/0xZMtv2z

[gencer]

I have problems with CloudNS on wildcard domains too.

But in my case, it adds TXT records to wrong zone. And can't verify them.

I confirm this. Let me explain my situation:

I have 2 zones at CloudNS.

• domain.net
• subdomain.domain.net

Yes. Another zone for a subdomain. So, When I request a wildcard SSL for *.subdomain.domain.net, TXT Records added to domain.net instead of subdomain.domain.net. Due to this, verification fails after 120 seconds.

[wurzelpanzer]

That did not work. Here is my log: https://pastebin.com/0xZMtv2z

Could you manually delete the existing record
[{"id":"77228109","domain":"onetrace.io","host":"_acme-challenge.sanity","ttl":"0","prio":"0","type":"TXT","rdata":"h4e-Tv5moTIjKSE0Y4VNds5Vm3EqJeATqUOYZNzgBLk","geozone_id":"0","last_mod":"2020-07-06 21:10:35"}],"search":"_acme-challenge.sanity","count":1,"total":1,"start":0,"max":1000,"status":200

And then try again please.

[ghost]

I deleted the old TXT entries.
I ran it again. It failed. I did do an update. There has been a new update since I have opened the ticket. Now it has created 2 entries into the TXT for the _acme-challenge.sanity Now It goes into an endless loop of trying to validate. Waits 10 secs, and tries to valid again.

Here is the log output: https://pastebin.com/9ZB7P9DH

[wurzelpanzer]

I deleted the old TXT entries.
I ran it again. It failed. I did do an update. There has been a new update since I have opened the ticket. Now it has created 2 entries into the TXT for the _acme-challenge.sanity Now It goes into an endless loop of trying to validate. Waits 10 secs, and tries to valid again.

Here is the log output: https://pastebin.com/9ZB7P9DH

Hi @pa-chris, sorry for my late reply. have been on vacation.
From your log file I can see that both TXT entries got created.

response=' {"msg":"OK","tm":1595107017,"data":{"host":"_acme-challenge.sanity","geozone_id":0,"ttl":null,"prio":null,"rdata":"aPCubmiADnuxXyevimbD7-DftxeZ_E-Dger1XgsbMDY","revoked":0,"id":"77391537","new_host":"_acme-challenge.sanity.onetrace.io"},"status":201}'

response=' {"msg":"OK","tm":1595107019,"data":{"host":"_acme-challenge.sanity","geozone_id":0,"ttl":null,"prio":null,"rdata":"pkRVtYNU3qZOIQA3--pANCja2pEWjGaxDH3iz2hrySI","revoked":0,"id":"77391538","new_host":"_acme-challenge.sanity.onetrace.io"},"status":201}'

You could also check for both entries in your easydns control panel.

It looks like cloudflare dns servers (used to check if these entries exist) only finds the first one.

There is really not much I can do right now. Maybe @Neilpang has an idea?

[ally9696]

Yes the Support is working and i have issued multiple.

[cviebrock]

Any resolution here?