acme.sh
acme.sh copied to clipboard
Issue with Hetzner wildcard cert
$ /root/.acme.sh/acme.sh --debug --issue --dns dns_hetzner -d 123.no -d *.123.no -k ec-384
[Mon 16 May 2022 08:07:15 PM UTC] GET
[Mon 16 May 2022 08:07:15 PM UTC] url='https://dns.hetzner.com/api/v1/zones?name=123.no'
[Mon 16 May 2022 08:07:15 PM UTC] timeout=
[Mon 16 May 2022 08:07:15 PM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L '
[Mon 16 May 2022 08:07:15 PM UTC] ret='0'
[Mon 16 May 2022 08:07:15 PM UTC] h='no'
[Mon 16 May 2022 08:07:15 PM UTC] zones?name=no
[Mon 16 May 2022 08:07:15 PM UTC] GET
[Mon 16 May 2022 08:07:15 PM UTC] url='https://dns.hetzner.com/api/v1/zones?name=no'
[Mon 16 May 2022 08:07:15 PM UTC] timeout=
[Mon 16 May 2022 08:07:15 PM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L '
[Mon 16 May 2022 08:07:15 PM UTC] ret='0'
[Mon 16 May 2022 08:07:15 PM UTC] Invalid domain
[Mon 16 May 2022 08:07:15 PM UTC] Error add txt for domain:_acme-challenge.123.no
[Mon 16 May 2022 08:07:15 PM UTC] _on_issue_err
[Mon 16 May 2022 08:07:15 PM UTC] Please add '--debug' or '--log' to check more details.
[Mon 16 May 2022 08:07:15 PM UTC] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Mon 16 May 2022 08:07:15 PM UTC] url='https://acme.zerossl.com/v2/DV90/chall/__wv5b__st0mIic1DnJEKA'
[Mon 16 May 2022 08:07:15 PM UTC] payload='{}'
[Mon 16 May 2022 08:07:15 PM UTC] POST
[Mon 16 May 2022 08:07:15 PM UTC] _post_url='https://acme.zerossl.com/v2/DV90/chall/__wv5b__st0mIic1DnJEKA'
[Mon 16 May 2022 08:07:15 PM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L '
[Mon 16 May 2022 08:07:17 PM UTC] _ret='0'
[Mon 16 May 2022 08:07:17 PM UTC] code='200'
This line seems wrong, as name is set to the tld (no
) only:
https://dns.hetzner.com/api/v1/zones?name=no
Asterics domain should be in quotes?
Asterics domain should be in quotes?
I tried quotes as well. However, it made no difference to me.
So you have tried this already, right? https://github.com/acmesh-official/acme.sh#11-issue-wildcard-certificates
So you have tried this already, right? https://github.com/acmesh-official/acme.sh#11-issue-wildcard-certificates
I thought I did try $ /root/.acme.sh/acme.sh --debug --issue --dns dns_hetzner -d 123.no -d '*.123.no' -k ec-384
as well. However, as the server where this happened has been deleted, I have to admin that I am not 100% sure.
I will try to get this tested again.
Have you yourself successfully used dns_hetzner
?
Have you yourself successfully used dns_hetzner?
I have just went through setup of www domain, faced issues with ZeroSSL and had to fall back to Let's Encrypt. Wildcard domain A record is yet processing, I will update here on results
Great. Thanks!
A disclaimer - I am not experienced with any of this, repeat with caution.
I faced an error and found some https://github.com/acmesh-official/acme.sh/issues/1433.
Then I went to manual page https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
It references this folder https://github.com/acmesh-official/acme.sh/tree/master/dnsapi
And there I found hetzner file and a env var to provide key.
I generated the key here https://dns.hetzner.com/settings/api-token
So I ran this:
HETZNER_Token=YOUR_TOKEN acme.sh --issue -d '*.<site>.me' -d '<site>.me' --debug --server letsencrypt --dns dns_hetzner
And then installed the certs.
So now both www.murtagy.me and hi.murtagy.me seem to work and browser doesn't scream at me
I am not sure, but might be I will have to place hetzner key in env vars for future auto-renewal)