In our environment we use DNS manual mode and take the TXT record
output of acme.sh and process it with Ansible to install the records
(then we call renew later when the records have been pushed to the DNS
servers by a whole bunch of other bits).
One problem is that after getting/showing the TXT records, acme.sh
always returns 1. This makes it difficult to tell if there is
actually an error condition.
Since we have set the manual-mode flag, not installing the DNS records
is an expected correct result. This returns a separate error code for
this situation (3), which can be distinguished in automation.
When there are errors with namecheap hosts, acme.sh fails with:
dns_namecheap.sh: line 262: _error: command not found
Based on usage elsewhere in the file, I believe this should be _err
The change made in #4057 broke the decoding of OCI_CLI_KEY from
the encoded OCI_CLI_KEY_FILE content so this removes the multiline
parameter to fix it.
Signed-off-by: Avi Miller <avi.miller@oracle.com>
The dns_nederhost DNS API relies on the exact HTTP status code to be
returned (e.g. 204); however, the _get function always returns 200 for a
succesful call when using wget instead of curl. This patch fixes this by
using the _post function for all requests done by dns_nederhost.
The function '_get_root' tries to retrieve the
hostedzone iterating the domains, eg:
1. srv.prod.example.com
2. prod.example.com
3. example.com
This doesn't work if '_acme-challenge' is in it's
own hostedzone for security reasons.
Starting that iteration with '_acme-challenge.srv.prod.example.com'
fixes this issue.
When performing renewals acme.sh checks key length values to determine
if a new key should be created with createDomainKey(). However, older
acme.sh stored key length as an empty value if the default of 2048 was
desired. Now it is explicit and the explict check of 2048 against "" is
causing createDomainKey() to always be called with fails without
--force.
Fix this by converting the keylength value to 2048 if an empty string is
returned from the config file. acme.sh will then write out 2048 updating
old keys and configs to the explicit version.
Issue: 4077
