Hi there I'm currently trying the new REST API especially with regard to Let's Encrypt. I'd like do use the DNS-01 method so that I can get certs for VPNed only stuff. What I'm missing is how to get the proper info by domain name? All the methods seem require the primary id of the zone. So does teh dns_zone_get method required the primary id. The dns_zone_get_by_user requires the client id. Since for LE I just need to provide a domain name, I don't have a zone id.
The primray ID can be an array and this array (FIELDNAME => SEARCHEDVALUE) is used to search for a record.
Ok, I have two more questions: When adding a txt records several fields are required. The most troublesome are "stamp" and "serial". From what I see in the DB, "stamp" shouldn't be required at all since the db uses "current_timestamp" as default value. Is that right? Can this be omitted? Also, how is the value of the serial field being computed? I'm trying to submit this data by curl: Code: {"session_id":"xxxx","client_id":"2","params":[{"server_id":"1","zone":"1","name":"acme_test.domain.tld","type":"txt","data":"acme_test_data","aux":"0","ttl":"3600","active":"y","stamp":"1479327993","serial":"1"}]} but I get this reply: Code: {"code":"remote_fault","message":"data_error_empty<br \/>\r\nttl_range_error<br \/>\r\n","response":false} The submitted data a bit more nicely formatted Code: { "session_id":"xxxx", "client_id":"2", "params":[{ "server_id":"1", "zone":"1", "name":"acme_test.domain.tld", "type":"txt", "data":"acme_test_data", "aux":"0", "ttl":"3600", "active":"y", "stamp":"1479327993", "serial":"1" }] } and here's the whole current shell script https://paste.simplylinux.ch/view/371d9c07 - writing it as standalone for testing ATM
don't know, you might have to try it. This is the code that ISPConfig is using to compute a new serial based on the old serial: Code: function increase_serial($serial){ global $app, $conf; // increase serial $serial_date = $app->functions->intval(substr($serial, 0, 8)); $count = $app->functions->intval(substr($serial, 8, 2)); $current_date = date("Ymd"); if($serial_date >= $current_date){ $count += 1; if ($count > 99) { $serial_date += 1; $count = 0; } $count = str_pad($count, 2, "0", STR_PAD_LEFT); $new_serial = $serial_date.$count; } else { $new_serial = $current_date.'01'; } return $new_serial; }
can the primary id always be an array? It seems for deleting you can't use an array as primary_id: Code: {"session_id":"xxxx","primary_id":{"name":"acme_test555.domain.tld."}} {"code":"remote_fault","message":"Unknown column 'Array' in 'where clause' DELETE FROM `dns_rr` WHERE id = Array AND 1","response":false}
It seems it can't be an array in dns_txt_get either... or at least there's an issue: Code: curData="{\"session_id\":\"${sessionID}\",\"primary_id\":[{\"name\":\"${fulldomain}.\"}]}" echo "$curData"; curResult=$(_post "${curData}" "${ISPC_Api}?dns_txt_get") This returns: All records from that test vm are returned. However if I don't use an array but the id, it works as it should: Code: curData="{\"session_id\":\"${sessionID}\",\"primary_id\":\"18\"}" echo "$curData"; curResult=$(_post "${curData}" "${ISPC_Api}?dns_txt_get") This gives properly just the deisred record:
I can try that. I made a little workaround. I just loop through all the retrieved records (first seperated by { because of json), and check if it contains the specific "_acme-challenge.domain.tld." string. If so, I retrieve its ID and then remove it. But I'm going to test your suggestion. That would make it much better. My dnsapi addon for ISPC 3.1 with the acme.sh script works now... it just have to be pushed to the master repo. It was a pain to write it posix-only and not being able to use stuff like jq https://github.com/sjau/acme.sh/blob/master/dnsapi/dns_ispconfig.sh
Doesn't seem to work either: Code: curData="{\"session_id\":\"${sessionID}\",\"primary_id\":[{\"name\":\"${fulldomain}.\",\"type\":\"TXT\"}]}" curResult="$(_post "${curData}" "${ISPC_Api}?dns_txt_get")" echo $curData echo $curResult However, the same syntax works fine when looking up the SOA entry as you can see here: https://github.com/sjau/acme.sh/blob/master/dnsapi/dns_ispconfig.sh#L72 So, to me it seems dns_zone_get and dns_txt_get behave differently. dns_zone_get will use the supplied array to filter the results while dns_zone_get does not behave in such a way.[/code]
I just tested it with PHP/soap and i works fine there: Code: $primary_id = array('name' => '_acme-challenge.sjau.ch.'); $dns_record = $client->dns_txt_get($session_id, $primary_id);
So, problem was with the data that I supplied. Now I have it working: Code: curData="{\"session_id\":\"${sessionID}\",\"primary_id\":{\"name\":\"${fulldomain}.\",\"type\":\"TXT\"}}" curResult="$(_post "${curData}" "${ISPC_Api}?dns_txt_get")" https://github.com/sjau/acme.sh/blob/master/dnsapi/dns_ispconfig.sh#L135
So, all is working now: https://github.com/Neilpang/acme.sh/pull/421#issuecomment-262821703 Only need to wait now for the merge of the PR. After that, those who use ISPC 3.1 as dns server can use acme.sh for LE certs using DNS-01 challenge.
