Having some trouble with acme.sh and ISP Config API

Discussion in 'ISPConfig 3 Priority Support' started by ledoktre, Jul 30, 2018.

  1. ledoktre

    ledoktre Member HowtoForge Supporter

    Greetings all,

    I have an ISP Config multi-server setup. Am running 3.1.12 on both the control panel and dns servers. I also have another box that I use for various things and on this box I was setting up acme.sh script to issue LetsEncrypt certificates.

    Now where I seem to be stuck is I issue the command acme.sh :
    `acme.sh --issue --dns dns_ispconfig -d some.domain.com`

    The system reaches out, creates a CNAME record, everything hums along fine- verifies etc. Now its time to remove the TXT record. It removes it, but does not increment the serial, so the removal does not get pushed out to my slave dns servers. I can see this by using cat to look at the serial before, during, and after the request in the dns pri.domain.com file on the primary dns server. Increments properly when record is created, does not once it is gone from the zone file.

    When I run acme.sh in debug mode, I get the output below.

    Can you help me figure out what I need to do to resolve this increment issue?

    Thanks,



    ***** ACME.SH OUTPUT *****
    [Mon Jul 30 11:11:57 CDT 2018] Removing DNS records.
    [Mon Jul 30 11:11:57 CDT 2018] txt='_vdcY4ByY7jmwHsM-GkDSoUbaVJFAVF6NY1NXcIFvQs'
    [Mon Jul 30 11:11:57 CDT 2018] d_api='/root/.acme.sh/dnsapi/dns_ispconfig.sh'
    [Mon Jul 30 11:11:57 CDT 2018] _d_alias
    [Mon Jul 30 11:11:57 CDT 2018] Calling: dns_ispconfig_rm() '_acme-challenge.some.domain.com'
    [Mon Jul 30 11:11:57 CDT 2018] Getting Session ID
    [Mon Jul 30 11:11:57 CDT 2018] POST
    [Mon Jul 30 11:11:57 CDT 2018] _post_url='https://ispconfig3/remote/json.php?login'
    [Mon Jul 30 11:11:57 CDT 2018] body='{"username":"*****","password":"*****","client_login":false}'
    [Mon Jul 30 11:11:57 CDT 2018] _postContentType
    [Mon Jul 30 11:11:57 CDT 2018] _WGET='wget -q -d --content-on-error --no-check-certificate '
    [Mon Jul 30 11:11:57 CDT 2018] options='s/^ *//g'
    [Mon Jul 30 11:11:58 CDT 2018] Using sed -i
    [Mon Jul 30 11:11:58 CDT 2018] _ret='0'
    [Mon Jul 30 11:11:58 CDT 2018] Calling _ISPC_login: '{"username":"*****","password":"*****","client_login":false}' 'https://ispconfig3/remote/json.php?login'
    [Mon Jul 30 11:11:58 CDT 2018] Result of _ISPC_login: '{"code":"ok","message":"","response":"15b8c1*****66cbbb431511192a3d1b"}'
    [Mon Jul 30 11:11:58 CDT 2018] Retrieved Session ID.
    [Mon Jul 30 11:11:58 CDT 2018] Session ID: '15b8c1*****66cbbb431511192a3d1b'
    [Mon Jul 30 11:11:58 CDT 2018] POST
    [Mon Jul 30 11:11:58 CDT 2018] _post_url='https://ispconfig3/remote/json.php?dns_txt_get'
    [Mon Jul 30 11:11:58 CDT 2018] body='{"session_id":"15b8c1*****66cbbb431511192a3d1b","primary_id":{"name":"_acme-challenge.some.domain.com.","type":"TXT"}}'
    [Mon Jul 30 11:11:58 CDT 2018] _postContentType
    [Mon Jul 30 11:11:58 CDT 2018] _WGET='wget -q -d --content-on-error --no-check-certificate '
    [Mon Jul 30 11:11:58 CDT 2018] options='s/^ *//g'
    [Mon Jul 30 11:11:58 CDT 2018] Using sed -i
    [Mon Jul 30 11:11:58 CDT 2018] _ret='0'
    [Mon Jul 30 11:11:58 CDT 2018] Calling _ISPC_rmTxt: '{"session_id":"15b8c1*****66cbbb431511192a3d1b","primary_id":{"name":"_acme-challenge.some.domain.com.","type":"TXT"}}' 'https://ispconfig3/remote/json.php?dns_txt_get'
    [Mon Jul 30 11:11:58 CDT 2018] Result of _ISPC_rmTxt: '{"code":"ok","message":"","response":[{"id":"2973","sys_userid":"57","sys_groupid":"56","sys_perm_user":"riud","sys_perm_group":"riud","sys_perm_other":"","server_id":"4","zone":"92","name":"_acme-challenge.some.domain.com.","type":"TXT","data":"_vdcY4ByY7jmwHsM-GkDSoUbaVJFAVF6NY1NXcIFvQs","aux":"0","ttl":"3600","active":"Y","stamp":"2018-07-30 11:09:53","serial":"1532966993"}]}'
    [Mon Jul 30 11:11:58 CDT 2018] Record ID: '2973'
    [Mon Jul 30 11:11:58 CDT 2018] Retrieved Record ID.
    [Mon Jul 30 11:11:58 CDT 2018] POST
    [Mon Jul 30 11:11:58 CDT 2018] _post_url='https://ispconfig3/remote/json.php?dns_txt_delete'
    [Mon Jul 30 11:11:58 CDT 2018] body='{"session_id":"15b8c1*****66cbbb431511192a3d1b","primary_id":"2973","update_serial":true}'
    [Mon Jul 30 11:11:58 CDT 2018] _postContentType
    [Mon Jul 30 11:11:58 CDT 2018] _WGET='wget -q -d --content-on-error --no-check-certificate '
    [Mon Jul 30 11:11:58 CDT 2018] options='s/^ *//g'
    [Mon Jul 30 11:11:58 CDT 2018] Using sed -i
    [Mon Jul 30 11:11:58 CDT 2018] _ret='0'
    [Mon Jul 30 11:11:58 CDT 2018] Calling _ISPC_rmTxt: '{"session_id":"15b8c1*****66cbbb431511192a3d1b","primary_id":"2973","update_serial":true}' 'https://ispconfig3/remote/json.php?dns_txt_delete'
    [Mon Jul 30 11:11:58 CDT 2018] Result of _ISPC_rmTxt: '<div class='alert alert-danger clear'>
    <div class='alert-label'><strong><tmpl_var name="error_txt"></strong></div>
    <div class='alert-content'>
    <ol>
    <li>Primary ID fehlt!</li>
    </ol>
    </div>
    </div>'
    [Mon Jul 30 11:11:58 CDT 2018] Couldn't remove ACME Challenge TXT record from zone.
    [Mon Jul 30 11:11:58 CDT 2018] Error removing txt for domain:_acme-challenge.some.domain.com
    [Mon Jul 30 11:11:58 CDT 2018] Verify finished, start to sign.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I just had a look at the ISPConfig code of the API and I fear the newly introduced update_serial option in the dns records functions is buggy in all *_delete functions, so that's something that we have to fix in ISPConfig.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

  4. ledoktre

    ledoktre Member HowtoForge Supporter

    Thanks Till for the response.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

  6. ledoktre

    ledoktre Member HowtoForge Supporter

    I downloaded the file to here : /usr/local/ispconfig/interface/lib/classes/remote.d on the server that I am accessing the API on.

    I am seeing the same results as before. SSL is issued, serial does not increment. Here is the output from acme.sh in debug mode :


    [Tue Jul 31 10:32:33 CDT 2018] Removing DNS records.
    [Tue Jul 31 10:32:33 CDT 2018] txt='e9P8W3hOP8wEwqnHXUC77506v2fAr9-p3GpuoFw_GjI'
    [Tue Jul 31 10:32:33 CDT 2018] d_api='/root/.acme.sh/dnsapi/dns_ispconfig.sh'
    [Tue Jul 31 10:32:33 CDT 2018] _d_alias
    [Tue Jul 31 10:32:33 CDT 2018] Calling: dns_ispconfig_rm() '_acme-challenge.DOMAIN.COM'
    [Tue Jul 31 10:32:33 CDT 2018] Getting Session ID
    [Tue Jul 31 10:32:33 CDT 2018] POST
    [Tue Jul 31 10:32:33 CDT 2018] _post_url='https://ispconfig3/remote/json.php?login'
    [Tue Jul 31 10:32:33 CDT 2018] _WGET='wget -q --content-on-error --no-check-certificate '
    [Tue Jul 31 10:32:33 CDT 2018] Using sed -i
    [Tue Jul 31 10:32:33 CDT 2018] _ret='0'
    [Tue Jul 31 10:32:33 CDT 2018] Calling _ISPC_login: '{"username":"*****","password":"*****","client_login":false}' 'https://ispconfig3/remote/json.php?login'
    [Tue Jul 31 10:32:33 CDT 2018] Result of _ISPC_login: '{"code":"ok","message":"","response":"8a0c62***c201fadc675417280"}'
    [Tue Jul 31 10:32:33 CDT 2018] Retrieved Session ID.
    [Tue Jul 31 10:32:33 CDT 2018] Session ID: '8a0c62***c201fadc675417280'
    [Tue Jul 31 10:32:33 CDT 2018] POST
    [Tue Jul 31 10:32:33 CDT 2018] _post_url='https://ispconfig3/remote/json.php?dns_txt_get'
    [Tue Jul 31 10:32:33 CDT 2018] _WGET='wget -q --content-on-error --no-check-certificate '
    [Tue Jul 31 10:32:33 CDT 2018] Using sed -i
    [Tue Jul 31 10:32:33 CDT 2018] _ret='0'
    [Tue Jul 31 10:32:33 CDT 2018] Calling _ISPC_rmTxt: '{"session_id":"8a0c62***c201fadc675417280","primary_id":{"name":"_acme-challenge.DOMAIN.COM.","type":"TXT"}}' 'https://ispconfig3/remote/json.php?dns_txt_get'
    [Tue Jul 31 10:32:33 CDT 2018] Result of _ISPC_rmTxt: '{"code":"ok","message":"","response":[{"id":"3040","sys_userid":"14","sys_groupid":"13","sys_perm_user":"riud","sys_perm_group":"riud","sys_perm_other":"","server_id":"4","zone":"23","name":"_acme-challenge.DOMAIN.COM.","type":"TXT","data":"e9P8W3hOP8wEwqnHXUC77506v2fAr9-p3GpuoFw_GjI","aux":"0","ttl":"3600","active":"Y","stamp":"2018-07-31 10:30:25","serial":"1533051025"}]}'
    [Tue Jul 31 10:32:33 CDT 2018] Record ID: '3040'
    [Tue Jul 31 10:32:33 CDT 2018] Retrieved Record ID.
    [Tue Jul 31 10:32:33 CDT 2018] POST
    [Tue Jul 31 10:32:33 CDT 2018] _post_url='https://ispconfig3/remote/json.php?dns_txt_delete'
    [Tue Jul 31 10:32:33 CDT 2018] _WGET='wget -q --content-on-error --no-check-certificate '
    [Tue Jul 31 10:32:33 CDT 2018] Using sed -i
    [Tue Jul 31 10:32:33 CDT 2018] _ret='0'
    [Tue Jul 31 10:32:33 CDT 2018] Calling _ISPC_rmTxt: '{"session_id":"8a0c62***c201fadc675417280","primary_id":"3040","update_serial":true}' 'https://ispconfig3/remote/json.php?dns_txt_delete'
    [Tue Jul 31 10:32:33 CDT 2018] Result of _ISPC_rmTxt: '<div class='alert alert-danger clear'>
    <div class='alert-label'><strong><tmpl_var name="error_txt"></strong></div>
    <div class='alert-content'>
    <ol>
    <li>Primary ID fehlt!</li>
    </ol>
    </div>
    </div>'
    [Tue Jul 31 10:32:33 CDT 2018] Couldn't remove ACME Challenge TXT record from zone.
    [Tue Jul 31 10:32:33 CDT 2018] Error removing txt for domain:_acme-challenge.DOMAIN.COM
    [Tue Jul 31 10:32:33 CDT 2018] txt='OaWG3rl_uOMfVIvZKOw0fnyIFNKRPubVtug2feO9TKE'
    [Tue Jul 31 10:32:33 CDT 2018] d_api='/root/.acme.sh/dnsapi/dns_ispconfig.sh'
    [Tue Jul 31 10:32:33 CDT 2018] _d_alias
    [Tue Jul 31 10:32:33 CDT 2018] Calling: dns_ispconfig_rm() '_acme-challenge.www.DOMAIN.COM'
    [Tue Jul 31 10:32:33 CDT 2018] Getting Session ID
    [Tue Jul 31 10:32:33 CDT 2018] POST
    [Tue Jul 31 10:32:33 CDT 2018] _post_url='https://ispconfig3/remote/json.php?login'
    [Tue Jul 31 10:32:33 CDT 2018] _WGET='wget -q --content-on-error --no-check-certificate '
    [Tue Jul 31 10:32:34 CDT 2018] Using sed -i
    [Tue Jul 31 10:32:34 CDT 2018] _ret='0'
    [Tue Jul 31 10:32:34 CDT 2018] Calling _ISPC_login: '{"username":"*****","password":"*****","client_login":false}' 'https://ispconfig3/remote/json.php?login'
    [Tue Jul 31 10:32:34 CDT 2018] Result of _ISPC_login: '{"code":"ok","message":"","response":"c12fc***ccb58bc50e7a2da6a7b"}'
    [Tue Jul 31 10:32:34 CDT 2018] Retrieved Session ID.
    [Tue Jul 31 10:32:34 CDT 2018] Session ID: 'c12fc***ccb58bc50e7a2da6a7b'
    [Tue Jul 31 10:32:34 CDT 2018] POST
    [Tue Jul 31 10:32:34 CDT 2018] _post_url='https://ispconfig3/remote/json.php?dns_txt_get'
    [Tue Jul 31 10:32:34 CDT 2018] _WGET='wget -q --content-on-error --no-check-certificate '
    [Tue Jul 31 10:32:34 CDT 2018] Using sed -i
    [Tue Jul 31 10:32:34 CDT 2018] _ret='0'
    [Tue Jul 31 10:32:34 CDT 2018] Calling _ISPC_rmTxt: '{"session_id":"c12fc***ccb58bc50e7a2da6a7b","primary_id":{"name":"_acme-challenge.www.DOMAIN.COM.","type":"TXT"}}' 'https://ispconfig3/remote/json.php?dns_txt_get'
    [Tue Jul 31 10:32:34 CDT 2018] Result of _ISPC_rmTxt: '{"code":"ok","message":"","response":[{"id":"3041","sys_userid":"14","sys_groupid":"13","sys_perm_user":"riud","sys_perm_group":"riud","sys_perm_other":"","server_id":"4","zone":"23","name":"_acme-challenge.www.DOMAIN.COM.","type":"TXT","data":"OaWG3rl_uOMfVIvZKOw0fnyIFNKRPubVtug2feO9TKE","aux":"0","ttl":"3600","active":"Y","stamp":"2018-07-31 10:30:26","serial":"1533051026"}]}'
    [Tue Jul 31 10:32:34 CDT 2018] Record ID: '3041'
    [Tue Jul 31 10:32:34 CDT 2018] Retrieved Record ID.
    [Tue Jul 31 10:32:34 CDT 2018] POST
    [Tue Jul 31 10:32:34 CDT 2018] _post_url='https://ispconfig3/remote/json.php?dns_txt_delete'
    [Tue Jul 31 10:32:34 CDT 2018] _WGET='wget -q --content-on-error --no-check-certificate '
    [Tue Jul 31 10:32:34 CDT 2018] Using sed -i
    [Tue Jul 31 10:32:34 CDT 2018] _ret='0'
    [Tue Jul 31 10:32:34 CDT 2018] Calling _ISPC_rmTxt: '{"session_id":"c12fc***ccb58bc50e7a2da6a7b","primary_id":"3041","update_serial":true}' 'https://ispconfig3/remote/json.php?dns_txt_delete'
    [Tue Jul 31 10:32:34 CDT 2018] Result of _ISPC_rmTxt: '<div class='alert alert-danger clear'>
    <div class='alert-label'><strong><tmpl_var name="error_txt"></strong></div>
    <div class='alert-content'>
    <ol>
    <li>Primary ID fehlt!</li>
    </ol>
    </div>
    </div>'
    [Tue Jul 31 10:32:34 CDT 2018] Couldn't remove ACME Challenge TXT record from zone.
    [Tue Jul 31 10:32:34 CDT 2018] Error removing txt for domain:_acme-challenge.www.DOMAIN.COM
    [Tue Jul 31 10:32:34 CDT 2018] Verify finished, start to sign.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Strange, you uploaded the file to the server where acme.sh connects to? This is not necessarily the server where the SSL cert is generated in a multiserver setup.
     
  8. ledoktre

    ledoktre Member HowtoForge Supporter

    Wow, fast response time! I downloaded it to my control panel server, which is also the one I am dialling into via API.
     
  9. ledoktre

    ledoktre Member HowtoForge Supporter

    [email protected]:/usr/local/ispconfig/interface/lib/classes/remote.d# ls -la
    total 208
    drwxr-s--- 2 ispconfig ispconfig 4096 Jul 31 10:24 .
    drwxr-s--- 5 ispconfig ispconfig 4096 Jul 30 11:28 ..
    -rwxr-x--- 1 ispconfig ispconfig 6374 Jul 9 20:05 admin.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 11910 Jul 9 20:05 aps.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 24165 Jul 9 20:05 client.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 35859 Jul 31 10:23 dns.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 3717 Jul 9 20:05 domains.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 39023 Jul 9 20:05 mail.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 2712 Jul 9 20:05 monitor.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 17458 Jul 9 20:05 openvz.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 10813 Jul 9 20:05 server.inc.php
    -rwxr-x--- 1 ispconfig ispconfig 39660 Jul 9 20:05 sites.inc.php
    [email protected]:/usr/local/ispconfig/interface/lib/classes/remote.d# md5sum dns.inc.php
    2fd56793ca7ebfa8926cac58189fc950 dns.inc.php
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, that should be fine. I guess I'll have to setup a test system for this then.
     
  11. ledoktre

    ledoktre Member HowtoForge Supporter

    Sorry about that. Anything I can do or offer, let me know. Appreciate your time on this.
     

Share This Page