Issue with Hetzner wildcard cert

[introspectionism]

$ /root/.acme.sh/acme.sh --debug --issue --dns dns_hetzner -d 123.no -d *.123.no -k ec-384

[Mon 16 May 2022 08:07:15 PM UTC] GET
[Mon 16 May 2022 08:07:15 PM UTC] url='https://dns.hetzner.com/api/v1/zones?name=123.no'
[Mon 16 May 2022 08:07:15 PM UTC] timeout=
[Mon 16 May 2022 08:07:15 PM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Mon 16 May 2022 08:07:15 PM UTC] ret='0'
[Mon 16 May 2022 08:07:15 PM UTC] h='no'
[Mon 16 May 2022 08:07:15 PM UTC] zones?name=no
[Mon 16 May 2022 08:07:15 PM UTC] GET
[Mon 16 May 2022 08:07:15 PM UTC] url='https://dns.hetzner.com/api/v1/zones?name=no'
[Mon 16 May 2022 08:07:15 PM UTC] timeout=
[Mon 16 May 2022 08:07:15 PM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Mon 16 May 2022 08:07:15 PM UTC] ret='0'
[Mon 16 May 2022 08:07:15 PM UTC] Invalid domain
[Mon 16 May 2022 08:07:15 PM UTC] Error add txt for domain:_acme-challenge.123.no
[Mon 16 May 2022 08:07:15 PM UTC] _on_issue_err
[Mon 16 May 2022 08:07:15 PM UTC] Please add '--debug' or '--log' to check more details.
[Mon 16 May 2022 08:07:15 PM UTC] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Mon 16 May 2022 08:07:15 PM UTC] url='https://acme.zerossl.com/v2/DV90/chall/__wv5b__st0mIic1DnJEKA'
[Mon 16 May 2022 08:07:15 PM UTC] payload='{}'
[Mon 16 May 2022 08:07:15 PM UTC] POST
[Mon 16 May 2022 08:07:15 PM UTC] _post_url='https://acme.zerossl.com/v2/DV90/chall/__wv5b__st0mIic1DnJEKA'
[Mon 16 May 2022 08:07:15 PM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L '
[Mon 16 May 2022 08:07:17 PM UTC] _ret='0'
[Mon 16 May 2022 08:07:17 PM UTC] code='200'

This line seems wrong, as name is set to the tld (no) only: https://dns.hetzner.com/api/v1/zones?name=no

[Murtagy]

Asterics domain should be in quotes?

[introspectionism]

Asterics domain should be in quotes?

I tried quotes as well. However, it made no difference to me.

[Murtagy]

So you have tried this already, right? https://github.com/acmesh-official/acme.sh#11-issue-wildcard-certificates

[introspectionism]

So you have tried this already, right? https://github.com/acmesh-official/acme.sh#11-issue-wildcard-certificates

I thought I did try $ /root/.acme.sh/acme.sh --debug --issue --dns dns_hetzner -d 123.no -d '*.123.no' -k ec-384 as well. However, as the server where this happened has been deleted, I have to admin that I am not 100% sure.

I will try to get this tested again.

Have you yourself successfully used dns_hetzner?

[Murtagy]

Have you yourself successfully used dns_hetzner?

I have just went through setup of www domain, faced issues with ZeroSSL and had to fall back to Let's Encrypt. Wildcard domain A record is yet processing, I will update here on results

[introspectionism]

Great. Thanks!

[Murtagy]

A disclaimer - I am not experienced with any of this, repeat with caution.

I faced an error and found some https://github.com/acmesh-official/acme.sh/issues/1433. Then I went to manual page https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert It references this folder https://github.com/acmesh-official/acme.sh/tree/master/dnsapi And there I found hetzner file and a env var to provide key. I generated the key here https://dns.hetzner.com/settings/api-token So I ran this: HETZNER_Token=YOUR_TOKEN acme.sh --issue -d '*.<site>.me' -d '<site>.me' --debug --server letsencrypt --dns dns_hetzner And then installed the certs.

So now both www.murtagy.me and hi.murtagy.me seem to work and browser doesn't scream at me

I am not sure, but might be I will have to place hetzner key in env vars for future auto-renewal)