acme.sh icon indicating copy to clipboard operation
acme.sh copied to clipboard

Published 20 hours ago verified publisher icon acmesh-official

Why try to purge Cloudflare DNS TXT record?

Open cherinyy opened this issue 3 years ago • 1 comments

Steps to reproduce

Issuing ZeroSSL RSA Certificates via DNSPod API in the Chinese mainland

Debug log

# docker exec acme.sh --issue --dns dns_dp --server zerossl -k 2048 --ocsp --force --debug 2 -d xn--c5w032d4vi.xn--fiqs8s -d *.xn--c5w032d4vi.xn--fiqs8s
...
[Wed Oct 26 14:50:52 UTC 2022] _is_idn_d='_acme-challenge.xn--c5w032d4vi.xn--fiqs8s'
[Wed Oct 26 14:50:52 UTC 2022] _idn_temp
[Wed Oct 26 14:50:52 UTC 2022] _is_idn_d='_acme-challenge.xn--c5w032d4vi.xn--fiqs8s'
[Wed Oct 26 14:50:52 UTC 2022] _idn_temp
[Wed Oct 26 14:50:52 UTC 2022] d='xn--c5w032d4vi.xn--fiqs8s'
[Wed Oct 26 14:50:52 UTC 2022] txtdomain='_acme-challenge.xn--c5w032d4vi.xn--fiqs8s'
[Wed Oct 26 14:50:52 UTC 2022] aliasDomain='_acme-challenge.xn--c5w032d4vi.xn--fiqs8s'
[Wed Oct 26 14:50:52 UTC 2022] txt='2N80e5N1aaiz3q5mjL05Ce_pGHMs2G9cdBCemvJ4a2U'
[Wed Oct 26 14:50:52 UTC 2022] d_api='/root/.acme.sh/dnsapi/dns_dp.sh'
[Wed Oct 26 14:50:52 UTC 2022] _c_txtdomain='_acme-challenge.xn--c5w032d4vi.xn--fiqs8s'
[Wed Oct 26 14:50:52 UTC 2022] _c_aliasdomain='_acme-challenge.xn--c5w032d4vi.xn--fiqs8s'
[Wed Oct 26 14:50:52 UTC 2022] _c_txt='2N80e5N1aaiz3q5mjL05Ce_pGHMs2G9cdBCemvJ4a2U'
[Wed Oct 26 14:50:52 UTC 2022] Detect dns server first.
[Wed Oct 26 14:50:53 UTC 2022] Use aliyun doh server
[Wed Oct 26 14:50:53 UTC 2022] _ns_ep='https://dns.alidns.com/resolve'
[Wed Oct 26 14:50:53 UTC 2022] _ns_domain='_acme-challenge.xn--c5w032d4vi.xn--fiqs8s'
[Wed Oct 26 14:50:53 UTC 2022] _ns_type='TXT'
[Wed Oct 26 14:50:53 UTC 2022] GET
[Wed Oct 26 14:50:53 UTC 2022] url='https://dns.alidns.com/resolve?name=_acme-challenge.xn--c5w032d4vi.xn--fiqs8s&type=TXT'
[Wed Oct 26 14:50:53 UTC 2022] timeout=
[Wed Oct 26 14:50:53 UTC 2022] Http already initialized.
[Wed Oct 26 14:50:53 UTC 2022] _CURL='curl --silent --dump-header /acme.sh/http.header  -L  --trace-ascii /tmp/tmp.KdQxcEFQpp '
[Wed Oct 26 14:50:53 UTC 2022] ret='0'
[Wed Oct 26 14:50:53 UTC 2022] response='{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":{"name":"_acme-challenge.xn--c5w032d4vi.xn--fiqs8s.","type":16},"Answer":[{"name":"_acme-challenge.xn--c5w032d4vi.xn--fiqs8s.","TTL":1,"type":16,"data":"\"ELB_d-P_YBRO_x4ytgBOd-icZZSGGNQsp1Akqd5H2Sg\""},{"name":"_acme-challenge.xn--c5w032d4vi.xn--fiqs8s.","TTL":1,"type":16,"data":"\"pKgQSUeOdJOuZ_yj_iRbuOaoL1YVxMJ_ELvKe-luWQ8\""}]}'
[Wed Oct 26 14:50:53 UTC 2022] _answers='"Answer":[
"name":"_acme-challenge.xn--c5w032d4vi.xn--fiqs8s.","TTL":1,"type":16,"data":"\"ELB_d-P_YBRO_x4ytgBOd-icZZSGGNQsp1Akqd5H2Sg\""
,
"name":"_acme-challenge.xn--c5w032d4vi.xn--fiqs8s.","TTL":1,"type":16,"data":"\"pKgQSUeOdJOuZ_yj_iRbuOaoL1YVxMJ_ELvKe-luWQ8\""
]'
[Wed Oct 26 14:50:53 UTC 2022] _p_txtdomain='_acme-challenge.xn--c5w032d4vi.xn--fiqs8s'
[Wed Oct 26 14:50:53 UTC 2022] Cloudflare purge TXT record for domain _acme-challenge.xn--c5w032d4vi.xn--fiqs8s
[Wed Oct 26 14:50:53 UTC 2022] POST
[Wed Oct 26 14:50:53 UTC 2022] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.xn--c5w032d4vi.xn--fiqs8s&type=TXT'
[Wed Oct 26 14:50:53 UTC 2022] body
[Wed Oct 26 14:50:53 UTC 2022] _postContentType
[Wed Oct 26 14:50:53 UTC 2022] Http already initialized.
[Wed Oct 26 14:50:53 UTC 2022] _CURL='curl --silent --dump-header /acme.sh/http.header  -L  --trace-ascii /tmp/tmp.KdQxcEFQpp '
[Wed Oct 26 14:50:54 UTC 2022] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Wed Oct 26 14:50:54 UTC 2022] Here is the curl dump log:
[Wed Oct 26 14:50:54 UTC 2022] == Info:   Trying 104.16.249.249:443...
== Info:   Trying 2606:4700::6810:f9f9:443...
== Info: Connected to cloudflare-dns.com (2606:4700::6810:f9f9) port 443 (#0)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info:  CAfile: /etc/ssl/certs/ca-certificates.crt
== Info:  CApath: none
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: .........1q@....@.&g..I.1x+C5..a...Q ..!.*.....>SS.\m.. ..]...
0040: ..|.....>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
0080: <.5./.....u.........cloudflare-dns.com........................3t
00c0: .........h2.http/1.1.........1.....0............................
0100: .....................+............-.....3.&.$... .t....a+..?vQ.h
0140: .........:...k.Jv...............................................
0180: ................................................................
01c0: ................................................................
== Info: OpenSSL SSL_connect: Connection reset by peer in connection to cloudflare-dns.com:443
== Info: Closing connection 0
[Wed Oct 26 14:50:54 UTC 2022] _ret='35'
...

Using AliDNS DoH, but purging Cloudflare DNS records?

Since the connection is RSTed, acme.sh enters a dead loop.

cherinyy avatar Oct 26 '22 15:10 cherinyy

fixed, try again please:

acme.sh --upgrade -b dev

Neilpang avatar Oct 29 '22 02:10 Neilpang

fixed, try again please:

acme.sh --upgrade -b dev

it seems work fine, thx.

cherinyy avatar Nov 01 '22 06:11 cherinyy