Having some trouble with acme.sh and ISP Config API

Discussion in 'ISPConfig 3 Priority Support' started by ledoktre, Jul 30, 2018.

Tags:
  1. ledoktre

    ledoktre Member

    Greetings all,

    I have an ISP Config multi-server setup. Am running 3.1.12 on both the control panel and dns servers. I also have another box that I use for various things and on this box I was setting up acme.sh script to issue LetsEncrypt certificates.

    Now where I seem to be stuck is I issue the command acme.sh :
    `acme.sh --issue --dns dns_ispconfig -d some.domain.com`

    The system reaches out, creates a CNAME record, everything hums along fine- verifies etc. Now its time to remove the TXT record. It removes it, but does not increment the serial, so the removal does not get pushed out to my slave dns servers. I can see this by using cat to look at the serial before, during, and after the request in the dns pri.domain.com file on the primary dns server. Increments properly when record is created, does not once it is gone from the zone file.

    When I run acme.sh in debug mode, I get the output below.

    Can you help me figure out what I need to do to resolve this increment issue?

    Thanks,



    ***** ACME.SH OUTPUT *****
    [Mon Jul 30 11:11:57 CDT 2018] Removing DNS records.
    [Mon Jul 30 11:11:57 CDT 2018] txt='_vdcY4ByY7jmwHsM-GkDSoUbaVJFAVF6NY1NXcIFvQs'
    [Mon Jul 30 11:11:57 CDT 2018] d_api='/root/.acme.sh/dnsapi/dns_ispconfig.sh'
    [Mon Jul 30 11:11:57 CDT 2018] _d_alias
    [Mon Jul 30 11:11:57 CDT 2018] Calling: dns_ispconfig_rm() '_acme-challenge.some.domain.com'
    [Mon Jul 30 11:11:57 CDT 2018] Getting Session ID
    [Mon Jul 30 11:11:57 CDT 2018] POST
    [Mon Jul 30 11:11:57 CDT 2018] _post_url='https://ispconfig3/remote/json.php?login'
    [Mon Jul 30 11:11:57 CDT 2018] body='{"username":"*****","password":"*****","client_login":false}'
    [Mon Jul 30 11:11:57 CDT 2018] _postContentType
    [Mon Jul 30 11:11:57 CDT 2018] _WGET='wget -q -d --content-on-error --no-check-certificate '
    [Mon Jul 30 11:11:57 CDT 2018] options='s/^ *//g'
    [Mon Jul 30 11:11:58 CDT 2018] Using sed -i
    [Mon Jul 30 11:11:58 CDT 2018] _ret='0'
    [Mon Jul 30 11:11:58 CDT 2018] Calling _ISPC_login: '{"username":"*****","password":"*****","client_login":false}' 'https://ispconfig3/remote/json.php?login'
    [Mon Jul 30 11:11:58 CDT 2018] Result of _ISPC_login: '{"code":"ok","message":"","response":"15b8c1*****66cbbb431511192a3d1b"}'
    [Mon Jul 30 11:11:58 CDT 2018] Retrieved Session ID.
    [Mon Jul 30 11:11:58 CDT 2018] Session ID: '15b8c1*****66cbbb431511192a3d1b'
    [Mon Jul 30 11:11:58 CDT 2018] POST
    [Mon Jul 30 11:11:58 CDT 2018] _post_url='https://ispconfig3/remote/json.php?dns_txt_get'
    [Mon Jul 30 11:11:58 CDT 2018] body='{"session_id":"15b8c1*****66cbbb431511192a3d1b","primary_id":{"name":"_acme-challenge.some.domain.com.","type":"TXT"}}'
    [Mon Jul 30 11:11:58 CDT 2018] _postContentType
    [Mon Jul 30 11:11:58 CDT 2018] _WGET='wget -q -d --content-on-error --no-check-certificate '
    [Mon Jul 30 11:11:58 CDT 2018] options='s/^ *//g'
    [Mon Jul 30 11:11:58 CDT 2018] Using sed -i
    [Mon Jul 30 11:11:58 CDT 2018] _ret='0'
    [Mon Jul 30 11:11:58 CDT 2018] Calling _ISPC_rmTxt: '{"session_id":"15b8c1*****66cbbb431511192a3d1b","primary_id":{"name":"_acme-challenge.some.domain.com.","type":"TXT"}}' 'https://ispconfig3/remote/json.php?dns_txt_get'
    [Mon Jul 30 11:11:58 CDT 2018] Result of _ISPC_rmTxt: '{"code":"ok","message":"","response":[{"id":"2973","sys_userid":"57","sys_groupid":"56","sys_perm_user":"riud","sys_perm_group":"riud","sys_perm_other":"","server_id":"4","zone":"92","name":"_acme-challenge.some.domain.com.","type":"TXT","data":"_vdcY4ByY7jmwHsM-GkDSoUbaVJFAVF6NY1NXcIFvQs","aux":"0","ttl":"3600","active":"Y","stamp":"2018-07-30 11:09:53","serial":"1532966993"}]}'
    [Mon Jul 30 11:11:58 CDT 2018] Record ID: '2973'
    [Mon Jul 30 11:11:58 CDT 2018] Retrieved Record ID.
    [Mon Jul 30 11:11:58 CDT 2018] POST
    [Mon Jul 30 11:11:58 CDT 2018] _post_url='https://ispconfig3/remote/json.php?dns_txt_delete'
    [Mon Jul 30 11:11:58 CDT 2018] body='{"session_id":"15b8c1*****66cbbb431511192a3d1b","primary_id":"2973","update_serial":true}'
    [Mon Jul 30 11:11:58 CDT 2018] _postContentType
    [Mon Jul 30 11:11:58 CDT 2018] _WGET='wget -q -d --content-on-error --no-check-certificate '
    [Mon Jul 30 11:11:58 CDT 2018] options='s/^ *//g'
    [Mon Jul 30 11:11:58 CDT 2018] Using sed -i
    [Mon Jul 30 11:11:58 CDT 2018] _ret='0'
    [Mon Jul 30 11:11:58 CDT 2018] Calling _ISPC_rmTxt: '{"session_id":"15b8c1*****66cbbb431511192a3d1b","primary_id":"2973","update_serial":true}' 'https://ispconfig3/remote/json.php?dns_txt_delete'
    [Mon Jul 30 11:11:58 CDT 2018] Result of _ISPC_rmTxt: '<div class='alert alert-danger clear'>
    <div class='alert-label'><strong><tmpl_var name="error_txt"></strong></div>
    <div class='alert-content'>
    <ol>
    <li>Primary ID fehlt!</li>
    </ol>
    </div>
    </div>'
    [Mon Jul 30 11:11:58 CDT 2018] Couldn't remove ACME Challenge TXT record from zone.
    [Mon Jul 30 11:11:58 CDT 2018] Error removing txt for domain:_acme-challenge.some.domain.com
    [Mon Jul 30 11:11:58 CDT 2018] Verify finished, start to sign.
     
    ledoktre, Jul 30, 2018
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I just had a look at the ISPConfig code of the API and I fear the newly introduced update_serial option in the dns records functions is buggy in all *_delete functions, so that's something that we have to fix in ISPConfig.
     
    till, Jul 30, 2018
    #2
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    till, Jul 30, 2018
    #3
  4. ledoktre

    ledoktre Member

    Thanks Till for the response.
     
    ledoktre, Jul 30, 2018
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    till, Jul 31, 2018
    #5
  6. ledoktre

    ledoktre Member

    I downloaded the file to here : /usr/local/ispconfig/interface/lib/classes/remote.d on the server that I am accessing the API on.

    I am seeing the same results as before. SSL is issued, serial does not increment. Here is the output from acme.sh in debug mode :


    [Tue Jul 31 10:32:33 CDT 2018] Removing DNS records.
    [Tue Jul 31 10:32:33 CDT 2018] txt='e9P8W3hOP8wEwqnHXUC77506v2fAr9-p3GpuoFw_GjI'
    [Tue Jul 31 10:32:33 CDT 2018] d_api='/root/.acme.sh/dnsapi/dns_ispconfig.sh'
    [Tue Jul 31 10:32:33 CDT 2018] _d_alias
    [Tue Jul 31 10:32:33 CDT 2018] Calling: dns_ispconfig_rm() '_acme-challenge.DOMAIN.COM'
    [Tue Jul 31 10:32:33 CDT 2018] Getting Session ID
    [Tue Jul 31 10:32:33 CDT 2018] POST
    [Tue Jul 31 10:32:33 CDT 2018] _post_url='https://ispconfig3/remote/json.php?login'
    [Tue Jul 31 10:32:33 CDT 2018] _WGET='wget -q --content-on-error --no-check-certificate '
    [Tue Jul 31 10:32:33 CDT 2018] Using sed -i
    [Tue Jul 31 10:32:33 CDT 2018] _ret='0'
    [Tue Jul 31 10:32:33 CDT 2018] Calling _ISPC_login: '{"username":"*****","password":"*****","client_login":false}' 'https://ispconfig3/remote/json.php?login'
    [Tue Jul 31 10:32:33 CDT 2018] Result of _ISPC_login: '{"code":"ok","message":"","response":"8a0c62***c201fadc675417280"}'
    [Tue Jul 31 10:32:33 CDT 2018] Retrieved Session ID.
    [Tue Jul 31 10:32:33 CDT 2018] Session ID: '8a0c62***c201fadc675417280'
    [Tue Jul 31 10:32:33 CDT 2018] POST
    [Tue Jul 31 10:32:33 CDT 2018] _post_url='https://ispconfig3/remote/json.php?dns_txt_get'
    [Tue Jul 31 10:32:33 CDT 2018] _WGET='wget -q --content-on-error --no-check-certificate '
    [Tue Jul 31 10:32:33 CDT 2018] Using sed -i
    [Tue Jul 31 10:32:33 CDT 2018] _ret='0'
    [Tue Jul 31 10:32:33 CDT 2018] Calling _ISPC_rmTxt: '{"session_id":"8a0c62***c201fadc675417280","primary_id":{"name":"_acme-challenge.DOMAIN.COM.","type":"TXT"}}' 'https://ispconfig3/remote/json.php?dns_txt_get'
    [Tue Jul 31 10:32:33 CDT 2018] Result of _ISPC_rmTxt: '{"code":"ok","message":"","response":[{"id":"3040","sys_userid":"14","sys_groupid":"13","sys_perm_user":"riud","sys_perm_group":"riud","sys_perm_other":"","server_id":"4","zone":"23","name":"_acme-challenge.DOMAIN.COM.","type":"TXT","data":"e9P8W3hOP8wEwqnHXUC77506v2fAr9-p3GpuoFw_GjI","aux":"0","ttl":"3600","active":"Y","stamp":"2018-07-31 10:30:25","serial":"1533051025"}]}'
    [Tue Jul 31 10:32:33 CDT 2018] Record ID: '3040'
    [Tue Jul 31 10:32:33 CDT 2018] Retrieved Record ID.
    [Tue Jul 31 10:32:33 CDT 2018] POST
    [Tue Jul 31 10:32:33 CDT 2018] _post_url='https://ispconfig3/remote/json.php?dns_txt_delete'
    [Tue Jul 31 10:32:33 CDT 2018] _WGET='wget -q --content-on-error --no-check-certificate '
    [Tue Jul 31 10:32:33 CDT 2018] Using sed -i
    [Tue Jul 31 10:32:33 CDT 2018] _ret='0'
    [Tue Jul 31 10:32:33 CDT 2018] Calling _ISPC_rmTxt: '{"session_id":"8a0c62***c201fadc675417280","primary_id":"3040","update_serial":true}' 'https://ispconfig3/remote/json.php?dns_txt_delete'
    [Tue Jul 31 10:32:33 CDT 2018] Result of _ISPC_rmTxt: '<div class='alert alert-danger clear'>
    <div class='alert-label'><strong><tmpl_var name="error_txt"></strong></div>
    <div class='alert-content'>
    <ol>
    <li>Primary ID fehlt!</li>
    </ol>
    </div>
    </div>'
    [Tue Jul 31 10:32:33 CDT 2018] Couldn't remove ACME Challenge TXT record from zone.
    [Tue Jul 31 10:32:33 CDT 2018] Error removing txt for domain:_acme-challenge.DOMAIN.COM
    [Tue Jul 31 10:32:33 CDT 2018] txt='OaWG3rl_uOMfVIvZKOw0fnyIFNKRPubVtug2feO9TKE'
    [Tue Jul 31 10:32:33 CDT 2018] d_api='/root/.acme.sh/dnsapi/dns_ispconfig.sh'
    [Tue Jul 31 10:32:33 CDT 2018] _d_alias
    [Tue Jul 31 10:32:33 CDT 2018] Calling: dns_ispconfig_rm() '_acme-challenge.www.DOMAIN.COM'
    [Tue Jul 31 10:32:33 CDT 2018] Getting Session ID
    [Tue Jul 31 10:32:33 CDT 2018] POST
    [Tue Jul 31 10:32:33 CDT 2018] _post_url='https://ispconfig3/remote/json.php?login'
    [Tue Jul 31 10:32:33 CDT 2018] _WGET='wget -q --content-on-error --no-check-certificate '
    [Tue Jul 31 10:32:34 CDT 2018] Using sed -i
    [Tue Jul 31 10:32:34 CDT 2018] _ret='0'
    [Tue Jul 31 10:32:34 CDT 2018] Calling _ISPC_login: '{"username":"*****","password":"*****","client_login":false}' 'https://ispconfig3/remote/json.php?login'
    [Tue Jul 31 10:32:34 CDT 2018] Result of _ISPC_login: '{"code":"ok","message":"","response":"c12fc***ccb58bc50e7a2da6a7b"}'
    [Tue Jul 31 10:32:34 CDT 2018] Retrieved Session ID.
    [Tue Jul 31 10:32:34 CDT 2018] Session ID: 'c12fc***ccb58bc50e7a2da6a7b'
    [Tue Jul 31 10:32:34 CDT 2018] POST
    [Tue Jul 31 10:32:34 CDT 2018] _post_url='https://ispconfig3/remote/json.php?dns_txt_get'
    [Tue Jul 31 10:32:34 CDT 2018] _WGET='wget -q --content-on-error --no-check-certificate '
    [Tue Jul 31 10:32:34 CDT 2018] Using sed -i
    [Tue Jul 31 10:32:34 CDT 2018] _ret='0'
    [Tue Jul 31 10:32:34 CDT 2018] Calling _ISPC_rmTxt: '{"session_id":"c12fc***ccb58bc50e7a2da6a7b","primary_id":{"name":"_acme-challenge.www.DOMAIN.COM.","type":"TXT"}}' 'https://ispconfig3/remote/json.php?dns_txt_get'
    [Tue Jul 31 10:32:34 CDT 2018] Result of _ISPC_rmTxt: '{"code":"ok","message":"","response":[{"id":"3041","sys_userid":"14","sys_groupid":"13","sys_perm_user":"riud","sys_perm_group":"riud","sys_perm_other":"","server_id":"4","zone":"23","name":"_acme-challenge.www.DOMAIN.COM.","type":"TXT","data":"OaWG3rl_uOMfVIvZKOw0fnyIFNKRPubVtug2feO9TKE","aux":"0","ttl":"3600","active":"Y","stamp":"2018-07-31 10:30:26","serial":"1533051026"}]}'
    [Tue Jul 31 10:32:34 CDT 2018] Record ID: '3041'
    [Tue Jul 31 10:32:34 CDT 2018] Retrieved Record ID.
    [Tue Jul 31 10:32:34 CDT 2018] POST
    [Tue Jul 31 10:32:34 CDT 2018] _post_url='https://ispconfig3/remote/json.php?dns_txt_delete'
    [Tue Jul 31 10:32:34 CDT 2018] _WGET='wget -q --content-on-error --no-check-certificate '
    [Tue Jul 31 10:32:34 CDT 2018] Using sed -i
    [Tue Jul 31 10:32:34 CDT 2018] _ret='0'
    [Tue Jul 31 10:32:34 CDT 2018] Calling _ISPC_rmTxt: '{"session_id":"c12fc***ccb58bc50e7a2da6a7b","primary_id":"3041","update_serial":true}' 'https://ispconfig3/remote/json.php?dns_txt_delete'
    [Tue Jul 31 10:32:34 CDT 2018] Result of _ISPC_rmTxt: '<div class='alert alert-danger clear'>
    <div class='alert-label'><strong><tmpl_var name="error_txt"></strong></div>
    <div class='alert-content'>
    <ol>
    <li>Primary ID fehlt!</li>
    </ol>
    </div>
    </div>'
    [Tue Jul 31 10:32:34 CDT 2018] Couldn't remove ACME Challenge TXT record from zone.
    [Tue Jul 31 10:32:34 CDT 2018] Error removing txt for domain:_acme-challenge.www.DOMAIN.COM
    [Tue Jul 31 10:32:34 CDT 2018] Verify finished, start to sign.
     
    ledoktre, Jul 31, 2018
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Strange, you uploaded the file to the server where acme.sh connects to? This is not necessarily the server where the SSL cert is generated in a multiserver setup.
     
    till, Jul 31, 2018
    #7
  8. ledoktre

    ledoktre Member

    Wow, fast response time! I downloaded it to my control panel server, which is also the one I am dialling into via API.
     
    ledoktre, Jul 31, 2018
    #8
  9. ledoktre

    ledoktre Member

    root@my:/usr/local/ispconfig/interface/lib/classes/remote.d# ls -la
    total 208
    drwxr-s--- 2 ispconfig ispconfig 4096 Jul 31 10:24 .
    drwxr-s--- 5 ispconfig ispconfig 4096 Jul 30 11:28 ..
    -rwxr-x--- 1 ispconfig ispconfig 6374 Jul 9 20:05 admin.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 11910 Jul 9 20:05 aps.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 24165 Jul 9 20:05 client.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 35859 Jul 31 10:23 dns.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 3717 Jul 9 20:05 domains.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 39023 Jul 9 20:05 mail.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 2712 Jul 9 20:05 monitor.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 17458 Jul 9 20:05 openvz.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 10813 Jul 9 20:05 server.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 39660 Jul 9 20:05 sites.inc.php
    root@my:/usr/local/ispconfig/interface/lib/classes/remote.d# md5sum dns.inc.php
    2fd56793ca7ebfa8926cac58189fc950 dns.inc.php
     
    ledoktre, Jul 31, 2018
    #9
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, that should be fine. I guess I'll have to setup a test system for this then.
     
    till, Jul 31, 2018
    #10
  11. ledoktre

    ledoktre Member

    Sorry about that. Anything I can do or offer, let me know. Appreciate your time on this.
     
    ledoktre, Jul 31, 2018
    #11

Share This Page