Report bugs to All-Inkl.com DNS API

[Marco4223]

Please report any bugs with the All-Inkl.com dns api here.

Thanks!

[frostieDE]

Today I realized, that all-inkl has changed their API endpoint from https://kasapi.kasserver.com/dokumentation/formular.php to https://test-account.com/formular.php

I get the following response from the KAS API which makes certificate renewal improssible (without manually patching the dns_kas.sh file:

<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
   <style type="text/css">
      th {
         background-color:#E0ECFF;
      }
      .fehler {
         color: #E2003D;
         background: #F9C9D6;
                 padding: 1em 3em;
      }
          .soap {
         color: #2200FF;
         background: #FFE016;
                 padding: 1em 3em;
      }
      .erfolg {
         color: #008822;
         background:#CCFFD9;
                 padding: 1em 3em;
      }
   </style>
</head>
<body>
        project discontinued, use <a href='https://test-account.com/formular.php?ref=kasapi.kasserver.com'>https://test-account.com/formular.php</a> instead
</body>

After a quick test, it seems changing the endpoint URL here should fix the issue.

[Marco4223]

Hi frostieDE, I will double check this tomorrow with all-inkl.com. I got the information that the URL has changed but didn’t get the confirmation that this will now be the final URL. This can only confirmed by Developers and they are currently not working. Cheers

[frostieDE]

Thank you very much - in the meantime, people can patch the URL by hand as mentioned above :)

[Marco4223]

Not only the URL has changed. They also changed the interface to soap. This change will take some time.

[Marco4223]

Hi frostieDE, can you please check if this is working on you side? https://github.com/Marco4223/acme.sh/blob/master/dnsapi/dns_kas.sh

[frostieDE]

It does not seem to work (on my school's pfsense):

[Thu Aug  4 17:32:18 CEST 2022] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory
[Thu Aug  4 17:32:19 CEST 2022] Registering account: https://acme-staging-v02.api.letsencrypt.org/directory
[Thu Aug  4 17:32:20 CEST 2022] Already registered
[Thu Aug  4 17:32:20 CEST 2022] ACCOUNT_THUMBPRINT='****'
[Thu Aug  4 17:32:20 CEST 2022] Multi domain='DNS:mydomain.com,DNS:*.mydomain.com'
[Thu Aug  4 17:32:20 CEST 2022] Getting domain auth token for each domain
[Thu Aug  4 17:32:22 CEST 2022] Getting webroot for domain='mydomain.com'
[Thu Aug  4 17:32:22 CEST 2022] Getting webroot for domain='*.mydomain.com'
[Thu Aug  4 17:32:22 CEST 2022] Adding txt value: **** for domain:  _acme-challenge.mydomain.com
[Thu Aug  4 17:32:22 CEST 2022] ### -> Using DNS-01 All-inkl/Kasserver hook
[Thu Aug  4 17:32:22 CEST 2022] ### -> Adding _acme-challenge.mydomain.com DNS TXT entry on All-inkl/Kasserver
[Thu Aug  4 17:32:22 CEST 2022] ### -> Retriving Credential Token
[Thu Aug  4 17:32:32 CEST 2022] ### -> Check and Save Props
[Thu Aug  4 17:32:32 CEST 2022] ### -> Checking Zone and Record_Name
[Thu Aug  4 17:32:42 CEST 2022] ### -> Checking for existing Record entries
[Thu Aug  4 17:32:52 CEST 2022] No record found.
[Thu Aug  4 17:32:52 CEST 2022] ### -> Creating TXT DNS record
[Thu Aug  4 17:33:03 CEST 2022] An unkown error occurred, please check manually.
[Thu Aug  4 17:33:03 CEST 2022] Error add txt for domain:_acme-challenge.mydomain.com
[Thu Aug  4 17:33:03 CEST 2022] Please check log file for more details: /tmp/acme/mydomain.com-TESTING/acme_issuecert.log

[frostieDE]

wait a sec... turns out the password was misconfigured. works perfectly :)

[Marco4223]

Happy to help

[alxwolf]

Great you fixed it, and it worked on another machine for me... but now it fails on me again. Credentials are correct (tested on the KAS web API), and Auth_Type sha1 still works contrary to what they write on their website.

# acme.sh --renew --domain <edited> --dns dns_kas --debug 
[Sa 27 Aug 2022 01:38:13 CEST] Lets find script dir.
[Sa 27 Aug 2022 01:38:13 CEST] _SCRIPT_='/<edited>/.acme.sh/acme.sh'
[Sa 27 Aug 2022 01:38:13 CEST] _script='/<edited>/.acme.sh/acme.sh'
[Sa 27 Aug 2022 01:38:13 CEST] _script_home='/<edited>/.acme.sh'
[Sa 27 Aug 2022 01:38:13 CEST] Using config home:/<edited>/.acme.sh
https://github.com/acmesh-official/acme.sh
v3.0.5
[Sa 27 Aug 2022 01:38:13 CEST] Running cmd: renew
[Sa 27 Aug 2022 01:38:13 CEST] _renewServer
[Sa 27 Aug 2022 01:38:13 CEST] Using config home:/<edited>/.acme.sh
[Sa 27 Aug 2022 01:38:13 CEST] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Sa 27 Aug 2022 01:38:13 CEST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sa 27 Aug 2022 01:38:13 CEST] DOMAIN_PATH='/<edited>'
[Sa 27 Aug 2022 01:38:13 CEST] Renew: '<edited>'
[Sa 27 Aug 2022 01:38:13 CEST] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Sa 27 Aug 2022 01:38:13 CEST] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory
[Sa 27 Aug 2022 01:38:13 CEST] Using config home:/<edited>/.acme.sh
[Sa 27 Aug 2022 01:38:13 CEST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sa 27 Aug 2022 01:38:13 CEST] _main_domain='<edited>'
[Sa 27 Aug 2022 01:38:13 CEST] _alt_domains='no'
[Sa 27 Aug 2022 01:38:13 CEST] Le_NextRenewTime='1661467024'
[Sa 27 Aug 2022 01:38:13 CEST] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sa 27 Aug 2022 01:38:13 CEST] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sa 27 Aug 2022 01:38:13 CEST] GET
[Sa 27 Aug 2022 01:38:13 CEST] url='https://acme-v02.api.letsencrypt.org/directory'
[Sa 27 Aug 2022 01:38:13 CEST] timeout=
[Sa 27 Aug 2022 01:38:13 CEST] _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L '
[Sa 27 Aug 2022 01:38:14 CEST] ret='0'
[Sa 27 Aug 2022 01:38:14 CEST] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sa 27 Aug 2022 01:38:14 CEST] ACME_NEW_AUTHZ
[Sa 27 Aug 2022 01:38:14 CEST] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sa 27 Aug 2022 01:38:14 CEST] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sa 27 Aug 2022 01:38:14 CEST] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sa 27 Aug 2022 01:38:14 CEST] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf'
[Sa 27 Aug 2022 01:38:14 CEST] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sa 27 Aug 2022 01:38:14 CEST] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sa 27 Aug 2022 01:38:14 CEST] _on_before_issue
[Sa 27 Aug 2022 01:38:14 CEST] _chk_main_domain='<edited>'
[Sa 27 Aug 2022 01:38:14 CEST] _chk_alt_domains
[Sa 27 Aug 2022 01:38:14 CEST] Le_LocalAddress
[Sa 27 Aug 2022 01:38:14 CEST] d='<edited>'
[Sa 27 Aug 2022 01:38:14 CEST] Check for domain='<edited>'
[Sa 27 Aug 2022 01:38:14 CEST] _currentRoot='dns_kas'
[Sa 27 Aug 2022 01:38:14 CEST] d
[Sa 27 Aug 2022 01:38:14 CEST] _saved_account_key_hash is not changed, skip register account.
[Sa 27 Aug 2022 01:38:14 CEST] Read key length:2048
[Sa 27 Aug 2022 01:38:14 CEST] _createcsr
[Sa 27 Aug 2022 01:38:14 CEST] Single domain='<edited>'
[Sa 27 Aug 2022 01:38:14 CEST] Getting domain auth token for each domain
[Sa 27 Aug 2022 01:38:14 CEST] d
[Sa 27 Aug 2022 01:38:14 CEST] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sa 27 Aug 2022 01:38:14 CEST] payload='{"identifiers": [{"type":"dns","value":"<edited>"}]}'
[Sa 27 Aug 2022 01:38:14 CEST] RSA key
[Sa 27 Aug 2022 01:38:14 CEST] HEAD
[Sa 27 Aug 2022 01:38:14 CEST] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sa 27 Aug 2022 01:38:15 CEST] _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L  -I  '
[Sa 27 Aug 2022 01:38:15 CEST] _ret='0'
[Sa 27 Aug 2022 01:38:15 CEST] POST
[Sa 27 Aug 2022 01:38:15 CEST] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sa 27 Aug 2022 01:38:15 CEST] _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L '
[Sa 27 Aug 2022 01:38:16 CEST] _ret='0'
[Sa 27 Aug 2022 01:38:16 CEST] code='201'
[Sa 27 Aug 2022 01:38:16 CEST] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/92907553/<edited>'
[Sa 27 Aug 2022 01:38:16 CEST] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/929553/<edited>'
[Sa 27 Aug 2022 01:38:16 CEST] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/<edited>'
[Sa 27 Aug 2022 01:38:16 CEST] payload
[Sa 27 Aug 2022 01:38:16 CEST] POST
[Sa 27 Aug 2022 01:38:16 CEST] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/<edited>'
[Sa 27 Aug 2022 01:38:16 CEST] _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L '
[Sa 27 Aug 2022 01:38:16 CEST] _ret='0'
[Sa 27 Aug 2022 01:38:16 CEST] code='200'
[Sa 27 Aug 2022 01:38:16 CEST] d='<edited>'
[Sa 27 Aug 2022 01:38:16 CEST] Getting webroot for domain='<edited>'
[Sa 27 Aug 2022 01:38:16 CEST] _w='dns_kas'
[Sa 27 Aug 2022 01:38:16 CEST] _currentRoot='dns_kas'
[Sa 27 Aug 2022 01:38:17 CEST] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/<edited>/<edited>","token":"<edited>"'
[Sa 27 Aug 2022 01:38:17 CEST] token='<edited>'
[Sa 27 Aug 2022 01:38:17 CEST] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/<edited>/<edited>'
[Sa 27 Aug 2022 01:38:17 CEST] keyauthorization='<edited>.<edited>-bZN-<edited>'
[Sa 27 Aug 2022 01:38:17 CEST] dvlist='<edited>#https://acme-v02.api.letsencrypt.org/acme/chall-v3/<edited>/QAruVw#dns-01#dns_kas'
[Sa 27 Aug 2022 01:38:17 CEST] d
[Sa 27 Aug 2022 01:38:17 CEST] vlist='<edited>#https://acme-v02.api.letsencrypt.org/acme/chall-v3/<edited>/QAruVw#dns-01#dns_kas,'
[Sa 27 Aug 2022 01:38:17 CEST] d='<edited>'
[Sa 27 Aug 2022 01:38:17 CEST] _d_alias
[Sa 27 Aug 2022 01:38:17 CEST] txtdomain='_acme-challenge.<edited>'
[Sa 27 Aug 2022 01:38:17 CEST] txt='<edited>-<edited>'
[Sa 27 Aug 2022 01:38:17 CEST] d_api='/<edited>/.acme.sh/dnsapi/dns_kas.sh'
[Sa 27 Aug 2022 01:38:17 CEST] Found domain api file: /<edited>/.acme.sh/dnsapi/dns_kas.sh
[Sa 27 Aug 2022 01:38:17 CEST] GET
[Sa 27 Aug 2022 01:38:17 CEST] url='https://kasapi.kasserver.com/soap/wsdl/KasApi.wsdl'
[Sa 27 Aug 2022 01:38:17 CEST] timeout=
[Sa 27 Aug 2022 01:38:17 CEST] _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L '
[Sa 27 Aug 2022 01:38:17 CEST] ret='0'
[Sa 27 Aug 2022 01:38:17 CEST] [KAS] -> API URL https://kasapi.kasserver.com/soap/KasApi.php
[Sa 27 Aug 2022 01:38:17 CEST] GET
[Sa 27 Aug 2022 01:38:17 CEST] url='https://kasapi.kasserver.com/soap/wsdl/KasAuth.wsdl'
[Sa 27 Aug 2022 01:38:17 CEST] timeout=
[Sa 27 Aug 2022 01:38:17 CEST] _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L '
[Sa 27 Aug 2022 01:38:17 CEST] ret='0'
[Sa 27 Aug 2022 01:38:17 CEST] [KAS] -> AUTH URL https://kasapi.kasserver.com/soap/KasAuth.php
[Sa 27 Aug 2022 01:38:17 CEST] Adding txt value: <edited>-<edited> for domain:  _acme-challenge.<edited>
[Sa 27 Aug 2022 01:38:17 CEST] [KAS] -> Using DNS-01 All-inkl/Kasserver hook
[Sa 27 Aug 2022 01:38:17 CEST] [KAS] -> Adding _acme-challenge.<edited> DNS TXT entry on all-inkl.com/Kasserver
[Sa 27 Aug 2022 01:38:17 CEST] [KAS] -> Retriving Credential Token
[Sa 27 Aug 2022 01:38:17 CEST] [KAS] -> Be friendly and wait 5 seconds by default before calling KAS API.
[Sa 27 Aug 2022 01:38:23 CEST] POST
[Sa 27 Aug 2022 01:38:23 CEST] _post_url='https://kasapi.kasserver.com/soap/KasAuth.php'
[Sa 27 Aug 2022 01:38:23 CEST] _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L '
[Sa 27 Aug 2022 01:38:23 CEST] _ret='0'

so far so good, and then it fails:

[Sa 27 Aug 2022 01:38:23 CEST] [KAS] -> Credential Token: ='<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode><faultstring>missing_parameter</faultstring><faultactor>KasAuth</faultactor></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope> '

missing parameter??

[Sa 27 Aug 2022 01:38:23 CEST] [KAS] -> Check and Save Props
[Sa 27 Aug 2022 01:38:23 CEST] [KAS] -> Checking Zone and Record_Name
[Sa 27 Aug 2022 01:38:23 CEST] [KAS] -> Be friendly and wait 5 seconds by default before calling KAS API.
[Sa 27 Aug 2022 01:38:29 CEST] POST
[Sa 27 Aug 2022 01:38:29 CEST] _post_url='https://kasapi.kasserver.com/soap/KasApi.php'
[Sa 27 Aug 2022 01:38:29 CEST] _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L '
[Sa 27 Aug 2022 01:38:30 CEST] _ret='0'
[Sa 27 Aug 2022 01:38:30 CEST] [KAS] -> Either no domains were found or another error =>Bad Request<= occurred, please check manually.
[Sa 27 Aug 2022 01:38:30 CEST] [KAS] -> Checking for existing Record entries
[Sa 27 Aug 2022 01:38:30 CEST] [KAS] -> Be friendly and wait 5 seconds by default before calling KAS API.
[Sa 27 Aug 2022 01:38:36 CEST] POST
[Sa 27 Aug 2022 01:38:36 CEST] _post_url='https://kasapi.kasserver.com/soap/KasApi.php'
[Sa 27 Aug 2022 01:38:36 CEST] _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L '
[Sa 27 Aug 2022 01:38:36 CEST] _ret='0'
[Sa 27 Aug 2022 01:38:36 CEST] [KAS] -> Either no domains were found or another error =>Bad Request<= occurred, please check manually.
[Sa 27 Aug 2022 01:38:36 CEST] [KAS] -> No record found.
[Sa 27 Aug 2022 01:38:36 CEST] [KAS] -> Creating TXT DNS record
[Sa 27 Aug 2022 01:38:36 CEST] [KAS] -> Be friendly and wait 5 seconds by default before calling KAS API.
[Sa 27 Aug 2022 01:38:42 CEST] POST
[Sa 27 Aug 2022 01:38:42 CEST] _post_url='https://kasapi.kasserver.com/soap/KasApi.php'
[Sa 27 Aug 2022 01:38:42 CEST] _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L '
[Sa 27 Aug 2022 01:38:42 CEST] _ret='0'
[Sa 27 Aug 2022 01:38:42 CEST] [KAS] -> An error =>Bad Request<= occurred, please check manually.
[Sa 27 Aug 2022 01:38:42 CEST] Error add txt for domain:_acme-challenge.<edited>
[Sa 27 Aug 2022 01:38:42 CEST] _on_issue_err
[Sa 27 Aug 2022 01:38:42 CEST] Please check log file for more details: /<edited>/.acme.sh/acme.sh.log
[Sa 27 Aug 2022 01:38:42 CEST] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/<edited>/QAruVw'
[Sa 27 Aug 2022 01:38:42 CEST] payload='{}'
[Sa 27 Aug 2022 01:38:42 CEST] POST
[Sa 27 Aug 2022 01:38:42 CEST] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/<edited>/QAruVw'
[Sa 27 Aug 2022 01:38:42 CEST] _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L '
[Sa 27 Aug 2022 01:38:43 CEST] _ret='0'
[Sa 27 Aug 2022 01:38:43 CEST] code='200'
[Sa 27 Aug 2022 01:38:43 CEST] socat doesn't exist.
[Sa 27 Aug 2022 01:38:43 CEST] Diagnosis versions: 
openssl:openssl
LibreSSL 2.8.3
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
[Sa 27 Aug 2022 01:38:43 CEST] pid
[Sa 27 Aug 2022 01:38:43 CEST] No need to restore nginx, skip.
[Sa 27 Aug 2022 01:38:43 CEST] _clearupdns
[Sa 27 Aug 2022 01:38:43 CEST] dns_entries
[Sa 27 Aug 2022 01:38:43 CEST] skip dns.

[Marco4223]

Hi, please send a log with —debug 2

[alxwolf]

Did some more analysis (now with --debug 2 or 3, which I was not aware of before).

Calling _check_and_save (login props) before calling _get_credential_token in both routines dns_kas_add() and dns_kas_rm() fixes the issue for me.

  _info "[KAS] -> Check and Save Props"
  _check_and_save

  _info "[KAS] -> Retrieving Credential Token"
  _get_credential_token

--debug 3 output (before fix):

[Sa 27 Aug 2022 10:17:56 CEST] [KAS] -> Using DNS-01 All-inkl/Kasserver hook
[Sa 27 Aug 2022 10:17:56 CEST] [KAS] -> Adding _acme-challenge.<edited> DNS TXT entry on all-inkl.com/Kasserver
[Sa 27 Aug 2022 10:17:56 CEST] [KAS] -> Retriving Credential Token
[Sa 27 Aug 2022 10:17:56 CEST] dnsapi/dns_kas.sh:_get_credential_token:234 [KAS] -> Be friendly and wait 5 seconds by default before calling KAS API.
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_post:1897                       POST
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_post:1898                       _post_url='https://kasapi.kasserver.com/soap/KasAuth.php'
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_post:1899                       body='<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:xmethodsKasApiAuthentication" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><ns1:KasAuth><Params xsi:type="xsd:string">**{"kas_login":"","kas_auth_type":"","kas_auth_data":""**,"session_lifetime":600,"session_update_lifetime":"Y"}</Params></ns1:KasAuth></SOAP-ENV:Body></SOAP-ENV:Envelope>'
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_post:1900                       _postContentType='text/xml'
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_inithttp:1834                   Http already initialized.
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_post:1912                       _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L  --trace-ascii /var/folders/02/0vfyzgpj4g33wtnnn22gfz1w0000gn/T/tmp.gQelXNH6 '
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_post:2007                       _ret='0'
[Sa 27 Aug 2022 10:18:02 CEST] dnsapi/dns_kas.sh:_get_credential_token:240 [KAS] -> Response='<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode>**<faultstring>missing_parameter</faultstring><faultactor>KasAuth</faultactor>**</SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>'
[Sa 27 Aug 2022 10:18:02 CEST] dnsapi/dns_kas.sh:_get_credential_token:243 [KAS] -> Credential Token: ='<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode><faultstring>missing_parameter</faultstring><faultactor>KasAuth</faultactor></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope> '
[Sa 27 Aug 2022 10:18:02 CEST] [KAS] -> Check and Save Props
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_setopt:2244                     OK
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_setopt:2262                     11:SAVED_KAS_Login='w0<edited>'
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_setopt:2244                     OK
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_setopt:2262                     12:SAVED_KAS_Authtype='sha1'
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_setopt:2244                     OK
[Sa 27 Aug 2022 10:18:02 CEST] acme.sh:_setopt:2262                     13:SAVED_KAS_Authdata='<edited>'
[Sa 27 Aug 2022 10:18:02 CEST] [KAS] -> Checking Zone and Record_Name
[Sa 27 Aug 2022 10:18:02 CEST] dnsapi/dns_kas.sh:_callAPI:262           [KAS] -> Request='<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:xmethodsKasApi" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><ns1:KasApi><Params xsi:type="xsd:string">{"kas_login":"w0<edited>","kas_auth_type":"session","kas_auth_data":"<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode><faultstring>missing_parameter</faultstring><faultactor>KasAuth</faultactor></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope> ","kas_action":"get_domains"}</Params></ns1:KasApi></SOAP-ENV:Body></SOAP-ENV:Envelope>'
[Sa 27 Aug 2022 10:18:02 CEST] dnsapi/dns_kas.sh:_callAPI:264           [KAS] -> Be friendly and wait 5 seconds by default before calling KAS API.
[Sa 27 Aug 2022 10:18:08 CEST] acme.sh:_post:1897                       POST
[Sa 27 Aug 2022 10:18:08 CEST] acme.sh:_post:1898                       _post_url='https://kasapi.kasserver.com/soap/KasApi.php'
[Sa 27 Aug 2022 10:18:08 CEST] acme.sh:_post:1899                       body='<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:xmethodsKasApi" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><ns1:KasApi><Params xsi:type="xsd:string">{"kas_login":"w0<edited>","kas_auth_type":"session","kas_auth_data":"<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode><faultstring>missing_parameter</faultstring><faultactor>KasAuth</faultactor></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope> ","kas_action":"get_domains"}</Params></ns1:KasApi></SOAP-ENV:Body></SOAP-ENV:Envelope>'
[Sa 27 Aug 2022 10:18:08 CEST] acme.sh:_post:1900                       _postContentType='text/xml'
[Sa 27 Aug 2022 10:18:08 CEST] acme.sh:_inithttp:1834                   Http already initialized.
[Sa 27 Aug 2022 10:18:08 CEST] acme.sh:_post:1912                       _CURL='curl --silent --dump-header /<edited>/.acme.sh/http.header  -L  --trace-ascii /var/folders/02/0vfyzgpj4g33wtnnn22gfz1w0000gn/T/tmp.gQelXNH6 '
[Sa 27 Aug 2022 10:18:08 CEST] acme.sh:_post:2007                       _ret='0'
[Sa 27 Aug 2022 10:18:08 CEST] dnsapi/dns_kas.sh:_callAPI:270           [KAS] -> Response='<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode><faultstring>Bad Request</faultstring></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>'
<?xml version="1.0" encoding="UTF-8"?>dns_kas.sh:_get_zone_and_record_name:171 [KAS] -> Response='
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode><faultstring>Bad Request</faultstring></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>'
[Sa 27 Aug 2022 10:18:08 CEST] [KAS] -> Either no domains were found or another error =>Bad Request<= occurred, please check manually.

[Marco4223]

Hi, I'm sorry but its not longer my code in the repo. Please contact @Hobby-Student

[Hobby-Student]

I try to wrap it up:

The URL with any sort of "formular" on it (e. g. https://test-account.com/formular.php) ist not the valid endpoint. I did speak with someone form all-inkl.com staff and he said that people are using (better: abusing) the test form in production queries which was never intended nor recommended. The right place for the API calls is the SOAP endpoint.

@Marco4223 and I did several changes to the dns_kas.sh. Now it's the right syntax with the right endpoint. Thx to @Marco4223 the code is using a session token. Upon merging those 2 versions something got mixed up and the _check_and_save wasn't called in the first place. Now everything is in place and the dev branch needs to be merged into the master branch.

@Neilpang You can assign me to the owner of this issue. Do you have a schedule when the changes in dev branch will get merged into master?

[Neilpang]

merged

[alxwolf]

btw @Hobby-Student and @Marco4223, thanks a ton for transferring this API to SOAP. Those complicated SOAP xml structures are way beyond me...

[alxwolf]

@Neilpang could we please fix the Wiki for all-inkl.com.

Their API does not accept sha1 any longer, so it should say

# export KAS_Login=<ACCOUNTID> 
# export KAS_Authdata=<PLAINTEXTPASSWORD>
# export KAS_Authtype=plain

[alxwolf]

And @Neilpang, the current release does not include the fixed dns_kas.sh (using SOAP access) - can we please include that as right now the release is just broken.

[rhurling]

This script doesn't seem to work with Wildcard certs or multiple certs using dns alias since it always deletes existing txt entries in dns_kas_add, regardless whether these were only just created 10 seconds earlier in the same command.

I copied the command to a custom file and commented out the Lines 47-55 and now my issue command works.

[Hobby-Student]

This script doesn't seem to work with Wildcard certs or multiple certs using dns alias since it always deletes existing txt entries in dns_kas_add, regardless whether these were only just created 10 seconds earlier in the same command.

I copied the command to a custom file and commented out the Lines 47-55 and now my issue command works.

In my first commits I also didn't clean the DNS entries before generating the ones for the current request. Somewhere in the process I merged my idea with Marco4223's and this is the result. Perhaps you are right and the script should not clean before adding entries, just at the end of the cert request. Give me some days to test and I'll come back.

[Hobby-Student]

@rhurling I didn't come up with a scenario where skipping deletion before cert request is a problem. I did test it and had no problems for now. I'll edit the source accordingly.

[Hobby-Student]

@Marco4223 what's your oppinion on this? Do you have any scenario where NOT deleting all _acme TXT entries before issuing a new cert could cause problems?

[Marco4223]

@Hobby-Student This was a leftover to clean only the generated token. The problem is that you generate many tokens on your dns server when you are in debug mode and not deleting them. But when you have multiple instances running (like one on a NAS, second one on a Router etc) at the same time you get a problem with race conditions because of one instance delete the token from the other one. So yes, it's a good idea to delete only the one you had generated. The used record value is stored in _txtvalue in the dns_kas_rm. So you only have to change a few lines.

[Hobby-Student]

So yes, it's a good idea to delete only the one you had generated. The used record value is stored in _txtvalue in the dns_kas_rm. So you only have to change a few lines.

Thanks. I thought nearly the same. The deletion of entries after a success can lead to a race condition, too.

@rhurling I'll try to optimize ~~dns_kas_rm~~ _get_record_id as soon as possible and just delete the entry of the current request.

[Hobby-Student]

This script doesn't seem to work with Wildcard certs or multiple certs using dns alias since it always deletes existing txt entries in dns_kas_add, regardless whether these were only just created 10 seconds earlier in the same command.

I copied the command to a custom file and commented out the Lines 47-55 and now my issue command works.

@rhurling I modified the deletion of records. Could you please try this version https://github.com/Hobby-Student/acme.sh/blob/540d4180d2cc258433442df2e14faf8f0c3f9169/dnsapi/dns_kas.sh

[OnkelM]

script is not working and running infinite checks on the same domain

[Hobby-Student]

script is not working and running infinite checks on the same domain

do you have some details on how you invoke acme.sh? I did some tests while modifying and I repeated a multi domain request few minutes ago. On my system it's working. Every TXT for all 3 domains (in 1 cert) is added and deleted accordingly afterwards.

[OnkelM]

i use this command to run acme.sh

./acme.sh --home ./ --config-home ./ --certhome ./certs --set-default-ca --server letsencrypt --log ./acme.log --keylength 3072 --issue --dns dns_kas -d DOMAIN.TLD --dns dns_kas -d *.DOMAIN.TLD --webroot /LOCALPATH/WEBROOT -d xxx.myfritz.net

and this fails

i solved it by simply running acme.sh two times. first with only the default Domain, and second with all others.

./acme.sh --home ./ --config-home ./ --certhome ./certs --set-default-ca --server letsencrypt --log ./acme.log --keylength 3072 --issue --dns dns_kas -d DOMAIN.TLD
./acme.sh --home ./ --config-home ./ --certhome ./certs --set-default-ca --server letsencrypt --log ./acme.log --keylength 3072 --issue --dns dns_kas -d DOMAIN.TLD --dns dns_kas -d *.DOMAIN.TLD --webroot /LOCALPATH/WEBROOT -d xxx.myfritz.net

it seems it struggles with the wildcard domain if the default domain is not yet successfully created. by doing the issueing two times the first one finishes and is being skipped on the second run.

[Hobby-Student]

it seems it struggles with the wildcard domain if the default domain is not yet successfully created. by doing the issueing two times the first one finishes and is being skipped on the second run.

thx for the information. Unfortunately, I can't reproduce this issue. For me it's working as intended.

2023-02-09T09:12:38	acme.sh	[Thu Feb 9 09:12:38 CET 2023] Cert success.
2023-02-09T09:12:38	acme.sh	[Thu Feb 9 09:12:38 CET 2023] REMOVED
2023-02-09T09:12:37	acme.sh	[Thu Feb 9 09:12:37 CET 2023] Downloading cert.
2023-02-09T09:12:36	acme.sh	[Thu Feb 9 09:12:36 CET 2023] REMOVED
2023-02-09T09:12:36	acme.sh	[Thu Feb 9 09:12:36 CET 2023] Lets finalize the order.
2023-02-09T09:12:36	acme.sh	[Thu Feb 9 09:12:36 CET 2023] Verify finished, start to sign.
2023-02-09T09:12:36	acme.sh	[Thu Feb 9 09:12:36 CET 2023] Removed: Success
2023-02-09T09:12:31	acme.sh	[Thu Feb 9 09:12:31 CET 2023] [KAS] -> Removing entries with ID: ID02
2023-02-09T09:12:26	acme.sh	[Thu Feb 9 09:12:26 CET 2023] [KAS] -> Getting Record ID
2023-02-09T09:12:21	acme.sh	[Thu Feb 9 09:12:20 CET 2023] [KAS] -> Checking Zone and Record_Name
2023-02-09T09:12:15	acme.sh	[Thu Feb 9 09:12:15 CET 2023] [KAS] -> Retriving Credential Token
2023-02-09T09:12:15	acme.sh	[Thu Feb 9 09:12:15 CET 2023] [KAS] -> Removing _acme-challenge.test-07.DOMAIN.TLD DNS TXT entry on All-inkl/Kasserver
2023-02-09T09:12:15	acme.sh	[Thu Feb 9 09:12:15 CET 2023] [KAS] -> Cleaning up after All-inkl/Kasserver hook
2023-02-09T09:12:15	acme.sh	[Thu Feb 9 09:12:15 CET 2023] [KAS] -> Check and Save Props
2023-02-09T09:12:15	acme.sh	[Thu Feb 9 09:12:15 CET 2023] [KAS] -> Using DNS-01 All-inkl/Kasserver hook
2023-02-09T09:12:15	acme.sh	[Thu Feb 9 09:12:15 CET 2023] Removing txt: VALUE02 for domain: _acme-challenge.test-07.DOMAIN.TLD
2023-02-09T09:12:15	acme.sh	[Thu Feb 9 09:12:15 CET 2023] [KAS] -> AUTH URL https://kasapi.kasserver.com/soap/KasAuth.php
2023-02-09T09:12:15	acme.sh	[Thu Feb 9 09:12:15 CET 2023] [KAS] -> API URL https://kasapi.kasserver.com/soap/KasApi.php
2023-02-09T09:12:14	acme.sh	[Thu Feb 9 09:12:14 CET 2023] Removed: Success
2023-02-09T09:12:09	acme.sh	[Thu Feb 9 09:12:09 CET 2023] [KAS] -> Removing entries with ID: ID01
2023-02-09T09:12:04	acme.sh	[Thu Feb 9 09:12:04 CET 2023] [KAS] -> Getting Record ID
2023-02-09T09:11:57	acme.sh	[Thu Feb 9 09:11:57 CET 2023] [KAS] -> Checking Zone and Record_Name
2023-02-09T09:11:52	acme.sh	[Thu Feb 9 09:11:52 CET 2023] [KAS] -> Retriving Credential Token
2023-02-09T09:11:52	acme.sh	[Thu Feb 9 09:11:52 CET 2023] [KAS] -> Removing _acme-challenge.test-07.DOMAIN.TLD DNS TXT entry on All-inkl/Kasserver
2023-02-09T09:11:52	acme.sh	[Thu Feb 9 09:11:52 CET 2023] [KAS] -> Cleaning up after All-inkl/Kasserver hook
2023-02-09T09:11:52	acme.sh	[Thu Feb 9 09:11:52 CET 2023] [KAS] -> Check and Save Props
2023-02-09T09:11:52	acme.sh	[Thu Feb 9 09:11:52 CET 2023] [KAS] -> Using DNS-01 All-inkl/Kasserver hook
2023-02-09T09:11:52	acme.sh	[Thu Feb 9 09:11:52 CET 2023] Removing txt: VALUE01 for domain: _acme-challenge.test-07.DOMAIN.TLD
2023-02-09T09:11:52	acme.sh	[Thu Feb 9 09:11:52 CET 2023] [KAS] -> AUTH URL https://kasapi.kasserver.com/soap/KasAuth.php
2023-02-09T09:11:51	acme.sh	[Thu Feb 9 09:11:51 CET 2023] [KAS] -> API URL https://kasapi.kasserver.com/soap/KasApi.php
2023-02-09T09:11:51	acme.sh	[Thu Feb 9 09:11:51 CET 2023] Removing DNS records.
2023-02-09T09:11:51	acme.sh	[Thu Feb 9 09:11:51 CET 2023] Success
2023-02-09T09:11:48	acme.sh	[Thu Feb 9 09:11:48 CET 2023] Pending, The CA is processing your order, please just wait. (1/30)
2023-02-09T09:11:47	acme.sh	[Thu Feb 9 09:11:47 CET 2023] Verifying: *.test-07.DOMAIN.TLD
2023-02-09T09:11:47	acme.sh	[Thu Feb 9 09:11:47 CET 2023] Success
2023-02-09T09:11:45	acme.sh	[Thu Feb 9 09:11:45 CET 2023] Pending, The CA is processing your order, please just wait. (1/30)
2023-02-09T09:11:44	acme.sh	[Thu Feb 9 09:11:44 CET 2023] Verifying: test-07.DOMAIN.TLD
2023-02-09T09:11:34	acme.sh	[Thu Feb 9 09:11:34 CET 2023] Sleep 10 seconds for the txt records to take effect
2023-02-09T09:11:34	acme.sh	[Thu Feb 9 09:11:34 CET 2023] The txt record is added: Success.
2023-02-09T09:11:28	acme.sh	[Thu Feb 9 09:11:28 CET 2023] [KAS] -> Creating TXT DNS record
2023-02-09T09:11:28	acme.sh	[Thu Feb 9 09:11:28 CET 2023] [KAS] -> No record found.
2023-02-09T09:11:23	acme.sh	[Thu Feb 9 09:11:23 CET 2023] [KAS] -> Checking for existing Record entries
2023-02-09T09:11:18	acme.sh	[Thu Feb 9 09:11:18 CET 2023] [KAS] -> Checking Zone and Record_Name
2023-02-09T09:11:12	acme.sh	[Thu Feb 9 09:11:12 CET 2023] [KAS] -> Retriving Credential Token
2023-02-09T09:11:12	acme.sh	[Thu Feb 9 09:11:12 CET 2023] [KAS] -> Adding _acme-challenge.test-07.DOMAIN.TLD DNS TXT entry on all-inkl.com/Kasserver
2023-02-09T09:11:12	acme.sh	[Thu Feb 9 09:11:12 CET 2023] [KAS] -> Check and Save Props
2023-02-09T09:11:12	acme.sh	[Thu Feb 9 09:11:12 CET 2023] [KAS] -> Using DNS-01 All-inkl/Kasserver hook
2023-02-09T09:11:12	acme.sh	[Thu Feb 9 09:11:12 CET 2023] Adding txt value: VALUE02 for domain: _acme-challenge.test-07.DOMAIN.TLD
2023-02-09T09:11:12	acme.sh	[Thu Feb 9 09:11:12 CET 2023] [KAS] -> AUTH URL https://kasapi.kasserver.com/soap/KasAuth.php
2023-02-09T09:11:12	acme.sh	[Thu Feb 9 09:11:12 CET 2023] [KAS] -> API URL https://kasapi.kasserver.com/soap/KasApi.php
2023-02-09T09:11:12	acme.sh	[Thu Feb 9 09:11:12 CET 2023] The txt record is added: Success.
2023-02-09T09:11:06	acme.sh	[Thu Feb 9 09:11:06 CET 2023] [KAS] -> Creating TXT DNS record
2023-02-09T09:11:06	acme.sh	[Thu Feb 9 09:11:06 CET 2023] [KAS] -> No record found.
2023-02-09T09:11:01	acme.sh	[Thu Feb 9 09:11:01 CET 2023] [KAS] -> Checking for existing Record entries
2023-02-09T09:10:55	acme.sh	[Thu Feb 9 09:10:55 CET 2023] [KAS] -> Checking Zone and Record_Name
2023-02-09T09:10:50	acme.sh	[Thu Feb 9 09:10:50 CET 2023] [KAS] -> Retriving Credential Token
2023-02-09T09:10:50	acme.sh	[Thu Feb 9 09:10:50 CET 2023] [KAS] -> Adding _acme-challenge.test-07.DOMAIN.TLD DNS TXT entry on all-inkl.com/Kasserver
2023-02-09T09:10:50	acme.sh	[Thu Feb 9 09:10:50 CET 2023] [KAS] -> Check and Save Props
2023-02-09T09:10:50	acme.sh	[Thu Feb 9 09:10:50 CET 2023] [KAS] -> Using DNS-01 All-inkl/Kasserver hook
2023-02-09T09:10:50	acme.sh	[Thu Feb 9 09:10:50 CET 2023] Adding txt value: VALUE01 for domain: _acme-challenge.test-07.DOMAIN.TLD
2023-02-09T09:10:50	acme.sh	[Thu Feb 9 09:10:50 CET 2023] [KAS] -> AUTH URL https://kasapi.kasserver.com/soap/KasAuth.php
2023-02-09T09:10:50	acme.sh	[Thu Feb 9 09:10:50 CET 2023] [KAS] -> API URL https://kasapi.kasserver.com/soap/KasApi.php
2023-02-09T09:10:49	acme.sh	[Thu Feb 9 09:10:49 CET 2023] Getting webroot for domain='*.test-07.DOMAIN.TLD'
2023-02-09T09:10:49	acme.sh	[Thu Feb 9 09:10:49 CET 2023] Getting webroot for domain='test-07.DOMAIN.TLD'
2023-02-09T09:10:43	acme.sh	[Thu Feb 9 09:10:43 CET 2023] Getting domain auth token for each domain
2023-02-09T09:10:43	acme.sh	[Thu Feb 9 09:10:43 CET 2023] Multi domain='DNS:test-07.DOMAIN.TLD,DNS:*.test-07.DOMAIN.TLD'
2023-02-09T09:10:43	acme.sh	[Thu Feb 9 09:10:43 CET 2023] The domain key is here: /var/etc/acme-client/home/test-07.DOMAIN.TLD/test-07.DOMAIN.TLD.key
2023-02-09T09:10:39	acme.sh	[Thu Feb 9 09:10:39 CET 2023] Creating domain key
2023-02-09T09:10:39	acme.sh	[Thu Feb 9 09:10:39 CET 2023] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory

[Hobby-Student]

./acme.sh --home ./ --config-home ./ --certhome ./certs --set-default-ca --server letsencrypt --log ./acme.log --keylength 3072 --issue --dns dns_kas -d DOMAIN.TLD --dns dns_kas -d *.DOMAIN.TLD --webroot /LOCALPATH/WEBROOT -d xxx.myfritz.net

second thought: are you sure you need --dns dns_kas twice? what about:

./acme.sh --home ./ --config-home ./ --certhome ./certs --set-default-ca --server letsencrypt --log ./acme.log --keylength 3072 --issue \
--dns dns_kas -d DOMAIN.TLD -d *.DOMAIN.TLD \
--webroot /LOCALPATH/WEBROOT -d xxx.myfritz.net

see: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert#3-multiple-domains-san-mode--hybrid-mode

[alxwolf]

@OnkelM using dns_kas once is enough and I'd be surprised if you could issue LE certificates for a myfritz.net domain.

Unless you work for AVM and are in charge of that domain...

If you leave those two items out - does it work without complaining?