dns challange #33

Hi,

following profile:

# deps
"dependencies": {
    "cert-info": "^1.5.1",
    "greenlock": "^2.6.8",
    "le-challenge-dns": "^2.3.2",
    "le-store-certbot": "^2.2.1"
}

on a Mac Node 11.7.0.

// Storage Backend
var leStore = require('le-store-certbot').create({
    configDir: '~/acme/etc'                                 // or /etc/letsencrypt or wherever
  , debug: false
});


function leAgree(opts, agreeCb) {
    debug(`leAgree`,opts,agreeCb)
    // opts = { email, domains, tosUrl }
    agreeCb(null, opts.tosUrl);
}

var leChallengeDns = require('le-challenge-dns').create({
    debug: false,
});


greenlock = Greenlock.create({
    version: 'draft-12'                                     // 'draft-12' or 'v01'
                                                            // 'draft-12' is for Let's Encrypt v2 otherwise known as ACME draft 12
                                                            // 'v02' is an alias for 'draft-12'
                                                            // 'v01' is for the pre-spec Let's Encrypt v1
    //
    // staging API
    // ,server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
  
    //
    // production API
    ,server: 'https://acme-v02.api.letsencrypt.org/directory'
    // , configDir: require('os').homedir()+'/acme/etc'
  , store: leStore                                          // handles saving of config, accounts, and certificates
  ,challenges: {
    'dns-01': leChallengeDns
  }
  , challengeType: 'dns-01'                                // default to this challenge type
  , agreeToTerms: leAgree                                   // hook to allow user to view and accept LE TOS
  //, sni: require('le-sni-auto').create({})                // handles sni callback
  
                                                            // renewals happen at a random time within this window
  , renewWithin: 14 * 24 * 60 * 60 * 1000                   // certificate renewal may begin at this time
  , renewBy:     10 * 24 * 60 * 60 * 1000                   // certificate renewal should happen by this time
  
  , debug: false
  , log: function (debug) {
        // console.log.apply(console, args);
        console.log(chalk.bold(`le debug:`),debug)
    } // handles debug outputs
})

and


greenlock.check({ domains: [ domain ] }).then(function (results) {
            debug(`greenlock.check`,results)
            if (results) {
                console.log(`Certificate for ${domain} is still valid`)
                // we already have certificates
                return resolve(results)
            }
            console.log(`Obtaining new certificate for ${domain}`)
            // Register Certificate
            var registerOptions  = {
                domains: [domain]
                , email: 'info@mydomain.com'      
                , agreeTos: true              
                , rsaKeySize: 2048            // 2048 or higher
                , challengeType: 'dns-01'     // http-01, tls-sni-01, or dns-01
            }

            greenlock.register(registerOptions).
            then(
            function (certs) {
                console.log(certs);
                // privkey, cert, chain, expiresAt, issuedAt, subject, altnames
                console.log(chalk.green('successfull obtained new cert'));
                process.exit(0)
                return resolve(results)
            },function (err) {
                console.error(chalk.red(`error by obtaining certificate for ${domain}`),err)
                return reject(err)
            });
        })

I am trying to dns-challange a wildcar domain. I am then getting a prompt like:

We now present (for you copy-and-paste pleasure) your ACME Challenge
public Challenge and secret KeyAuthorization and Digest, in that order, respectively:
h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU
h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU.eX57yoPqeMyOITHQF7-7wu6BLvGH4spEoQjK-NwdH3Q
f8rb97hjE0pm2gog4TUEyNCwSU5TeseG7h0qxFrMq3Y

*.herein.world         TXT f8rb97hjE0pm2gog4TUEyNCwSU5TeseG7h0qxFrMq3Y TTL 60

        {
          "domain": "herein.world",
          "challenge": "h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU",
          "keyAuthorization": "h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU.eX57yoPqeMyOITHQF7-7wu6BLvGH4spEoQjK-NwdH3Q",
          "keyAuthDigest": "f8rb97hjE0pm2gog4TUEyNCwSU5TeseG7h0qxFrMq3Y"
        }

hit enter to continue...

even though it says *.herein.world TXT (i think this is a cosmetic bug). I am adding _acme-challenge.herein.world with given TXT value... If i hit enter it calls the error function and i get error by optaining certificate with given error. All Good!

BUT if i have added the TXT (for now manually, later automatic) and hit enter. It does NOT call the success function at all.

insse le-challange-dns i see Challenge.set = function (args, domain, challenge, keyAuthorization, cb) {. I have logged the cb parameter as:

function(err) {
          if(err) { reject(err); } else { resolve(); }
        }

so pressing a key after manual TXT challange calls the cb with null. it then calls resolve. What resolve does i dont know but this success function never gets called.

What might i do wrong please?

Hi, following profile: ``` # deps "dependencies": { "cert-info": "^1.5.1", "greenlock": "^2.6.8", "le-challenge-dns": "^2.3.2", "le-store-certbot": "^2.2.1" } ``` on a Mac Node 11.7.0. ``` // Storage Backend var leStore = require('le-store-certbot').create({ configDir: '~/acme/etc' // or /etc/letsencrypt or wherever , debug: false }); function leAgree(opts, agreeCb) { debug(`leAgree`,opts,agreeCb) // opts = { email, domains, tosUrl } agreeCb(null, opts.tosUrl); } var leChallengeDns = require('le-challenge-dns').create({ debug: false, }); greenlock = Greenlock.create({ version: 'draft-12' // 'draft-12' or 'v01' // 'draft-12' is for Let's Encrypt v2 otherwise known as ACME draft 12 // 'v02' is an alias for 'draft-12' // 'v01' is for the pre-spec Let's Encrypt v1 // // staging API // ,server: 'https://acme-staging-v02.api.letsencrypt.org/directory' // // production API ,server: 'https://acme-v02.api.letsencrypt.org/directory' // , configDir: require('os').homedir()+'/acme/etc' , store: leStore // handles saving of config, accounts, and certificates ,challenges: { 'dns-01': leChallengeDns } , challengeType: 'dns-01' // default to this challenge type , agreeToTerms: leAgree // hook to allow user to view and accept LE TOS //, sni: require('le-sni-auto').create({}) // handles sni callback // renewals happen at a random time within this window , renewWithin: 14 * 24 * 60 * 60 * 1000 // certificate renewal may begin at this time , renewBy: 10 * 24 * 60 * 60 * 1000 // certificate renewal should happen by this time , debug: false , log: function (debug) { // console.log.apply(console, args); console.log(chalk.bold(`le debug:`),debug) } // handles debug outputs }) ``` and ``` greenlock.check({ domains: [ domain ] }).then(function (results) { debug(`greenlock.check`,results) if (results) { console.log(`Certificate for ${domain} is still valid`) // we already have certificates return resolve(results) } console.log(`Obtaining new certificate for ${domain}`) // Register Certificate var registerOptions = { domains: [domain] , email: 'info@mydomain.com' , agreeTos: true , rsaKeySize: 2048 // 2048 or higher , challengeType: 'dns-01' // http-01, tls-sni-01, or dns-01 } greenlock.register(registerOptions). then( function (certs) { console.log(certs); // privkey, cert, chain, expiresAt, issuedAt, subject, altnames console.log(chalk.green('successfull obtained new cert')); process.exit(0) return resolve(results) },function (err) { console.error(chalk.red(`error by obtaining certificate for ${domain}`),err) return reject(err) }); }) ``` I am trying to dns-challange a wildcar domain. I am then getting a prompt like: ``` We now present (for you copy-and-paste pleasure) your ACME Challenge public Challenge and secret KeyAuthorization and Digest, in that order, respectively: h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU.eX57yoPqeMyOITHQF7-7wu6BLvGH4spEoQjK-NwdH3Q f8rb97hjE0pm2gog4TUEyNCwSU5TeseG7h0qxFrMq3Y *.herein.world TXT f8rb97hjE0pm2gog4TUEyNCwSU5TeseG7h0qxFrMq3Y TTL 60 { "domain": "herein.world", "challenge": "h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU", "keyAuthorization": "h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU.eX57yoPqeMyOITHQF7-7wu6BLvGH4spEoQjK-NwdH3Q", "keyAuthDigest": "f8rb97hjE0pm2gog4TUEyNCwSU5TeseG7h0qxFrMq3Y" } hit enter to continue... ``` even though it says *.herein.world TXT (i think this is a cosmetic bug). I am adding _acme-challenge.herein.world with given TXT value... If i hit enter it calls the error function and i get `error by optaining certificate` with given error. All Good! BUT if i have added the TXT (for now manually, later automatic) and hit enter. It does NOT call the success function at all. insse le-challange-dns i see `Challenge.set = function (args, domain, challenge, keyAuthorization, cb) {`. I have logged the cb parameter as: ``` function(err) { if(err) { reject(err); } else { resolve(); } } ``` so pressing a key after manual TXT challange calls the cb with null. it then calls resolve. What resolve does i dont know but this success function never gets called. What might i do wrong please?

I have tried greenlock-cli and it obviously works same with dns challange, it asks for new challange in loop without really resolving to the function. See attachment

Untitled.png

307 KiB

There's another bug related to this that's being worked on. We'll get that cleared up this week most likely.

Try with Greenlock v2.7+ and le-challenge-dns v3+

See

I'm closing this because I've tested and know that it's working now, but feel free to re-open if you still need some direction after trying out the example and looking at that latest dns plugin.