lego
lego copied to clipboard
go-acme
CPanel Support
Hi there,
Wonder if it would be possible to add support for CPanel for DNS? I think it would open up abase of users, those that have a domain on an external host and subdomain to other things. I have a domain I use on a host with CPanel, but I spur off a few subdomains for testing sites etc. Myself I use exec to run a modified version the script below.
A certbot .py exists for it and I checked over the request params it uses with a CPanel I have on hostgator and it all lines up. https://github.com/letsdebug/certbot-cpanel-dns-auth-hook
I dont know go else i'd have a shot at it
Oh one thing I do that nots in that script, is do a delete on the TXT record just incase it still exists.
@ldez, I have a very, very basic working script in bash that uses nslookup to get the current DNS serial, since the CPanel API requires it but does not provide it in any of their calls.
I don't know Go for me to contribute directly.
Do you have some API documentation?
- Fetching current information about the DNS zone: https://api.docs.cpanel.net/openapi/cpanel/operation/dns-parse_zone/
- Updating the zone: https://api.docs.cpanel.net/openapi/cpanel/operation/dns-mass_edit_zone/
- My script: https://pastebin.com/Z83tcY6L
FYI, my nickname is Ldez
Sorry, @ldez
edit: I planned to modify the script to fit the "external script" provider call signature, but have instead written it in Rust and build it into a custom traefik image (the last part is in the works still) with the binary included. If that provides any value to you, I can share the repo.
Hello @ssipos90,
Better late than never :smile:
I created a PR (#1977) to add CPanel, could you test it? The PR is based on your script and the API documentation.
Sponsoring is a good way to sustain open source maintainers: sponsor me
@ldez continue here
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 48800
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; test.mydomain.com.ar. IN SOA
;; ANSWER SECTION:
;; AUTHORITY SECTION:
mydomain.com.ar. 1696 IN SOA all1.dnsroundrobin.net. email.ipxcore.com. 2024020306 3600 1800 1209600 86400
;; ADDITIONAL SECTION:
;; Query time: 7 msec
;; SERVER: 127.0.0.53
;; WHEN: Sat Feb 3 20:59:27 2024
;; MSG SIZE rcvd: 112
@pcastelo the answer is empty because of the test. prefix.
I try the call your domain xxxxxxx.com.ar
$ drill domain.com.ar SOA
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 61109
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; domain.com.ar. IN SOA
;; ANSWER SECTION:
domain.com.ar. 86400 IN SOA all1.dnsroundrobin.net. email.ipxcore.com. 2024020307 3600 1800 1209600 86400
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 153 msec
;; SERVER: 2a02:842b:5a8:b601:ce19:a8ff:fe05:c8ff
;; WHEN: Sat Feb 3 21:59:45 2024
;; MSG SIZE rcvd: 107
the NS seems to be all1.dnsroundrobin.net. (CPANEL_NAMESERVER=all1.dnsroundrobin.net:53)
ye si try this too , but same error
letme execute again and paste the output
export CPANEL_NAMESERVER="all1.dnsroundrobin.net:53"
2024/02/03 21:08:11 [INFO] [*.test.mydomian.com.ar, test.mydomian.com.ar] acme: Obtaining bundled SAN certificate
2024/02/03 21:08:12 [INFO] [*.test.mydomian.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10981809573
2024/02/03 21:08:12 [INFO] [test.mydomian.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10981809583
2024/02/03 21:08:12 [INFO] [*.test.mydomian.com.ar] acme: use dns-01 solver
2024/02/03 21:08:12 [INFO] [test.mydomian.com.ar] acme: Could not find solver for: tls-alpn-01
2024/02/03 21:08:12 [INFO] [test.mydomian.com.ar] acme: Could not find solver for: http-01
2024/02/03 21:08:12 [INFO] [test.mydomian.com.ar] acme: use dns-01 solver
2024/02/03 21:08:12 [INFO] [*.test.mydomian.com.ar] acme: Preparing to solve DNS-01
2024/02/03 21:08:12 [INFO] [test.mydomian.com.ar] acme: Preparing to solve DNS-01
2024/02/03 21:08:13 [INFO] [*.test.mydomian.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 21:08:13 [WARN] [*.test.mydomian.com.ar] acme: cleaning up failed: cpanel: could not find SOA for domain "test.mydomian.com.ar" (_acme-challenge.test.mydomian.com.ar.) in all1.dnsroundrobin.net:53: SOA not found for _acme-challenge.test.mydomian.com.ar. in all1.dnsroundrobin.net:53
2024/02/03 21:08:13 [INFO] [test.mydomian.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 21:08:13 [WARN] [test.mydomian.com.ar] acme: cleaning up failed: cpanel: could not find SOA for domain "test.mydomian.com.ar" (_acme-challenge.test.mydomian.com.ar.) in all1.dnsroundrobin.net:53: SOA not found for _acme-challenge.test.mydomian.com.ar. in all1.dnsroundrobin.net:53
2024/02/03 21:08:13 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10981809573
2024/02/03 21:08:14 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10981809583
2024/02/03 21:08:14 Could not obtain certificates:
error: one or more domains had a problem:
[*.test.mydomian.com.ar] [*.test.mydomian.com.ar] acme: error presenting token: cpanel: could not find SOA for domain "test.mydomian.com.ar" (_acme-challenge.test.mydomian.com.ar.) in all1.dnsroundrobin.net:53: SOA not found for _acme-challenge.test.mydomian.com.ar. in all1.dnsroundrobin.net:53
[test.mydomian.com.ar] [test.mydomian.com.ar] acme: error presenting token: cpanel: could not find SOA for domain "test.mydomian.com.ar" (_acme-challenge.test.mydomian.com.ar.) in all1.dnsroundrobin.net:53: SOA not found for _acme-challenge.test.mydomian.com.ar. in all1.dnsroundrobin.net:53
@ldez now i see a status code 403 , a problem with api ? i will to recheck the permisons of the token but i think it has full access
2024/02/03 21:39:23 [INFO] [*.test.mydomian.com.ar, test.mydomian.com.ar] acme: Obtaining bundled SAN certificate
2024/02/03 21:39:24 [INFO] [*.test.mydomian.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982071853
2024/02/03 21:39:24 [INFO] [test.mydomian.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982071863
2024/02/03 21:39:24 [INFO] [*.test.mydomian.com.ar] acme: use dns-01 solver
2024/02/03 21:39:24 [INFO] [test.mydomian.com.ar] acme: Could not find solver for: tls-alpn-01
2024/02/03 21:39:24 [INFO] [test.mydomian.com.ar] acme: Could not find solver for: http-01
2024/02/03 21:39:24 [INFO] [test.mydomian.com.ar] acme: use dns-01 solver
2024/02/03 21:39:24 [INFO] [*.test.mydomian.com.ar] acme: Preparing to solve DNS-01
2024/02/03 21:39:24 ;; opcode: QUERY, status: NOERROR, id: 48958
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version 0; flags:; udp: 1232
;; QUESTION SECTION:
;test.mydomian.com.ar. IN SOA
;; AUTHORITY SECTION:
mydomian.com.ar. 86400 IN SOA all1.dnsroundrobin.net. email.ipxcore.com. 2024020309 3600 1800 1209600 86400
true
2024/02/03 21:39:25 ;; opcode: QUERY, status: NOERROR, id: 25008
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version 0; flags:; udp: 1232
;; QUESTION SECTION:
;mydomian.com.ar. IN SOA
;; ANSWER SECTION:
mydomian.com.ar. 86400 IN SOA all1.dnsroundrobin.net. email.ipxcore.com. 2024020309 3600 1800 1209600 86400
2024/02/03 21:39:26 [INFO] [test.mydomian.com.ar] acme: Preparing to solve DNS-01
2024/02/03 21:39:27 ;; opcode: QUERY, status: NOERROR, id: 15038
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version 0; flags:; udp: 1232
;; QUESTION SECTION:
;test.mydomian.com.ar. IN SOA
;; AUTHORITY SECTION:
mydomian.com.ar. 86400 IN SOA all1.dnsroundrobin.net. email.ipxcore.com. 2024020309 3600 1800 1209600 86400
true
2024/02/03 21:39:27 ;; opcode: QUERY, status: NOERROR, id: 59010
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version 0; flags:; udp: 1232
;; QUESTION SECTION:
;mydomian.com.ar. IN SOA
;; ANSWER SECTION:
mydomian.com.ar. 86400 IN SOA all1.dnsroundrobin.net. email.ipxcore.com. 2024020309 3600 1800 1209600 86400
2024/02/03 21:39:28 [INFO] [*.test.mydomian.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 21:39:28 ;; opcode: QUERY, status: NXDOMAIN, id: 28330
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version 0; flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.test.mydomian.com.ar. IN SOA
;; AUTHORITY SECTION:
mydomian.com.ar. 86400 IN SOA all1.dnsroundrobin.net. email.ipxcore.com. 2024020309 3600 1800 1209600 86400
true
2024/02/03 21:39:29 ;; opcode: QUERY, status: NOERROR, id: 27003
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version 0; flags:; udp: 1232
;; QUESTION SECTION:
;mydomian.com.ar. IN SOA
;; ANSWER SECTION:
mydomian.com.ar. 86400 IN SOA all1.dnsroundrobin.net. email.ipxcore.com. 2024020309 3600 1800 1209600 86400
2024/02/03 21:39:30 [WARN] [*.test.mydomian.com.ar] acme: cleaning up failed: cpanel: fetch zone information: unexpected status code: [status code: 403] body: Access denied
2024/02/03 21:39:30 [INFO] [test.mydomian.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 21:39:30 ;; opcode: QUERY, status: NXDOMAIN, id: 59504
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version 0; flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.test.mydomian.com.ar. IN SOA
;; AUTHORITY SECTION:
mydomian.com.ar. 86400 IN SOA all1.dnsroundrobin.net. email.ipxcore.com. 2024020309 3600 1800 1209600 86400
true
2024/02/03 21:39:30 ;; opcode: QUERY, status: NOERROR, id: 24081
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version 0; flags:; udp: 1232
;; QUESTION SECTION:
;mydomian.com.ar. IN SOA
;; ANSWER SECTION:
mydomian.com.ar. 86400 IN SOA all1.dnsroundrobin.net. email.ipxcore.com. 2024020309 3600 1800 1209600 86400
2024/02/03 21:39:31 [WARN] [test.mydomian.com.ar] acme: cleaning up failed: cpanel: fetch zone information: unexpected status code: [status code: 403] body: Access denied
2024/02/03 21:39:32 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982071853
2024/02/03 21:39:32 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982071863
2024/02/03 21:39:32 Could not obtain certificates:
error: one or more domains had a problem:
[*.test.mydomian.com.ar] [*.test.mydomian.com.ar] acme: error presenting token: cpanel: fetch zone information: unexpected status code: [status code: 403] body: Access denied
[test.mydomian.com.ar] [test.mydomian.com.ar] acme: error presenting token: cpanel: fetch zone information: unexpected status code: [status code: 403] body: Access denied
My PR uses the cPanel UAPI, so maybe you are using a token related to WHM API?
cpanel
2024/02/03 21:54:04 [INFO] [*.test.mydomian.com.ar, test.mydomian.com.ar] acme: Obtaining bundled SAN certificate
2024/02/03 21:54:05 [INFO] [*.test.mydomian.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982211093
2024/02/03 21:54:05 [INFO] [test.mydomian.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982211103
2024/02/03 21:54:05 [INFO] [*.test.mydomian.com.ar] acme: use dns-01 solver
2024/02/03 21:54:05 [INFO] [test.mydomian.com.ar] acme: Could not find solver for: tls-alpn-01
2024/02/03 21:54:05 [INFO] [test.mydomian.com.ar] acme: Could not find solver for: http-01
2024/02/03 21:54:05 [INFO] [test.mydomian.com.ar] acme: use dns-01 solver
2024/02/03 21:54:05 [INFO] [*.test.mydomian.com.ar] acme: Preparing to solve DNS-01
2024/02/03 21:54:15 [INFO] [test.mydomian.com.ar] acme: Preparing to solve DNS-01
2024/02/03 21:54:26 [INFO] [*.test.mydomian.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 21:54:36 [WARN] [*.test.mydomian.com.ar] acme: cleaning up failed: cpanel: could not find SOA for domain "test.mydomian.com.ar" (_acme-challenge.test.mydomian.com.ar.) in all1.dnsroundrobin.net:53: read udp 85.31.231.13:58200->103.214.108.66:53: i/o timeout
2024/02/03 21:54:36 [INFO] [test.mydomian.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 21:54:36 GET /execute/DNS/parse_zone?zone=mydomian.com.ar. HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: cpanel USER:TOKEN
2024/02/03 21:55:06 [WARN] [test.mydomian.com.ar] acme: cleaning up failed: cpanel: fetch zone information: unable to communicate with the API server: error: Get "https://mydomian.com.ar:2083/execute/DNS/parse_zone?zone=mydomian.com.ar.": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2024/02/03 21:55:06 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982211093
2024/02/03 21:55:07 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982211103
2024/02/03 21:55:07 Could not obtain certificates:
error: one or more domains had a problem:
[*.test.mydomian.com.ar] [*.test.mydomian.com.ar] acme: error presenting token: cpanel: could not find SOA for domain "test.mydomian.com.ar" (_acme-challenge.test.mydomian.com.ar.) in all1.dnsroundrobin.net:53: read udp 85.31.231.13:48485->103.214.108.66:53: i/o timeout
[test.mydomian.com.ar] [test.mydomian.com.ar] acme: error presenting token: cpanel: could not find SOA for domain "test.mydomian.com.ar" (_acme-challenge.test.mydomian.com.ar.) in all1.dnsroundrobin.net:53: read udp 85.31.231.13:39527->103.214.108.66:53: i/o timeout
WHM
2024/02/03 21:57:00 [INFO] [*.test.castelo.com.ar, test.castelo.com.ar] acme: Obtaining bundled SAN certificate
2024/02/03 21:57:01 [INFO] [*.test.castelo.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982238653
2024/02/03 21:57:01 [INFO] [test.castelo.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982238663
2024/02/03 21:57:01 [INFO] [*.test.castelo.com.ar] acme: use dns-01 solver
2024/02/03 21:57:01 [INFO] [test.castelo.com.ar] acme: Could not find solver for: tls-alpn-01
2024/02/03 21:57:01 [INFO] [test.castelo.com.ar] acme: Could not find solver for: http-01
2024/02/03 21:57:01 [INFO] [test.castelo.com.ar] acme: use dns-01 solver
2024/02/03 21:57:01 [INFO] [*.test.castelo.com.ar] acme: Preparing to solve DNS-01
2024/02/03 21:57:11 [INFO] [test.castelo.com.ar] acme: Preparing to solve DNS-01
2024/02/03 21:57:21 [INFO] [*.test.castelo.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 21:57:31 [WARN] [*.test.castelo.com.ar] acme: cleaning up failed: cpanel: could not find SOA for domain "test.castelo.com.ar" (_acme-challenge.test.castelo.com.ar.) in all1.dnsroundrobin.net:53: read udp 85.31.231.13:59121->103.214.108.66:53: i/o mydomian
2024/02/03 21:57:31 [INFO] [test.castelo.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 21:57:41 [WARN] [test.castelo.com.ar] acme: cleaning up failed: cpanel: could not find SOA for domain "test.castelo.com.ar" (_acme-challenge.test.castelo.com.ar.) in all1.dnsroundrobin.net:53: read udp 85.31.231.13:40154->103.214.108.66:53: i/o mydomian
2024/02/03 21:57:41 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982238653
2024/02/03 21:57:42 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982238663
2024/02/03 21:57:42 Could not obtain certificates:
error: one or more domains had a problem:
[*.test.castelo.com.ar] [*.test.castelo.com.ar] acme: error presenting token: cpanel: could not find SOA for domain "test.castelo.com.ar" (_acme-challenge.test.castelo.com.ar.) in all1.dnsroundrobin.net:53: read udp 85.31.231.13:53465->103.214.108.66:53: i/o mydomian
[test.castelo.com.ar] [test.castelo.com.ar] acme: error presenting token: cpanel: could not find SOA for domain "test.castelo.com.ar" (_acme-challenge.test.castelo.com.ar.) in all1.dnsroundrobin.net:53: read udp 85.31.231.13:43765->103.214.108.66:53: i/o mydomian
You have another problem:
in all1.dnsroundrobin.net:53: read udp 85.31.231.13:39527->103.214.108.66:53: i/o timeout
Your DNS seems down, it's not related to my latest commits.
FYI there is a timeout of 10 seconds.
The previous error was related to the API access:
fetch zone information: unexpected status code: [status code: 403] body: Access denied
it change after the PR , let me go back to the previous commit and I'll try again
yes my ip was blocked before by multiple denied access it was fixed
cpanel
2024/02/03 22:23:58 [INFO] [*.test.mydomian.com.ar, test.mydomian.com.ar] acme: Obtaining bundled SAN certificate
2024/02/03 22:23:59 [INFO] [*.test.mydomian.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982508073
2024/02/03 22:23:59 [INFO] [test.mydomian.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982508083
2024/02/03 22:23:59 [INFO] [*.test.mydomian.com.ar] acme: use dns-01 solver
2024/02/03 22:23:59 [INFO] [test.mydomian.com.ar] acme: Could not find solver for: tls-alpn-01
2024/02/03 22:23:59 [INFO] [test.mydomian.com.ar] acme: Could not find solver for: http-01
2024/02/03 22:23:59 [INFO] [test.mydomian.com.ar] acme: use dns-01 solver
2024/02/03 22:23:59 [INFO] [*.test.mydomian.com.ar] acme: Preparing to solve DNS-01
2024/02/03 22:24:00 GET /execute/DNS/parse_zone?zone=mydomian.com.ar. HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: cpanel USER:TOKEN
2024/02/03 22:24:01 [INFO] [test.mydomian.com.ar] acme: Preparing to solve DNS-01
2024/02/03 22:24:01 GET /execute/DNS/parse_zone?zone=mydomian.com.ar. HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: cpanel USER:TOKEN
2024/02/03 22:24:01 [INFO] [*.test.mydomian.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 22:24:02 GET /execute/DNS/parse_zone?zone=mydomian.com.ar. HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: cpanel USER:TOKEN
2024/02/03 22:24:02 [WARN] [*.test.mydomian.com.ar] acme: cleaning up failed: cpanel: fetch zone information: error: :
2024/02/03 22:24:02 [INFO] [test.mydomian.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 22:24:02 GET /execute/DNS/parse_zone?zone=mydomian.com.ar. HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: cpanel USER:TOKEN
2024/02/03 22:24:02 [WARN] [test.mydomian.com.ar] acme: cleaning up failed: cpanel: fetch zone information: error: :
2024/02/03 22:24:03 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982508073
2024/02/03 22:24:03 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982508083
2024/02/03 22:24:03 Could not obtain certificates:
error: one or more domains had a problem:
[*.test.mydomian.com.ar] [*.test.mydomian.com.ar] acme: error presenting token: cpanel: fetch zone information: error: :
[test.mydomian.com.ar] [test.mydomian.com.ar] acme: error presenting token: cpanel: fetch zone information: error: :`
whm
2024/02/03 22:26:45 [INFO] [*.test.mydomian.com.ar, test.mydomian.com.ar] acme: Obtaining bundled SAN certificate
2024/02/03 22:26:46 [INFO] [*.test.mydomian.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982526763
2024/02/03 22:26:46 [INFO] [test.mydomian.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982526773
2024/02/03 22:26:46 [INFO] [*.test.mydomian.com.ar] acme: use dns-01 solver
2024/02/03 22:26:46 [INFO] [test.mydomian.com.ar] acme: Could not find solver for: tls-alpn-01
2024/02/03 22:26:46 [INFO] [test.mydomian.com.ar] acme: Could not find solver for: http-01
2024/02/03 22:26:46 [INFO] [test.mydomian.com.ar] acme: use dns-01 solver
2024/02/03 22:26:46 [INFO] [*.test.mydomian.com.ar] acme: Preparing to solve DNS-01
2024/02/03 22:26:47 GET /execute/DNS/parse_zone?zone=mydomian.com.ar. HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: USER:WHM_TOKEN
2024/02/03 22:26:48 [INFO] [test.mydomian.com.ar] acme: Preparing to solve DNS-01
2024/02/03 22:26:48 GET /execute/DNS/parse_zone?zone=mydomian.com.ar. HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: cpanel USER:WHM_TOKEN
2024/02/03 22:26:49 [INFO] [*.test.mydomian.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 22:26:49 GET /execute/DNS/parse_zone?zone=mydomian.com.ar. HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: cpanel USER:WHM_TOKEN
2024/02/03 22:26:50 [WARN] [*.test.mydomian.com.ar] acme: cleaning up failed: cpanel: fetch zone information: unexpected status code: [status code: 403] body: Access denied
2024/02/03 22:26:50 [INFO] [test.mydomian.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 22:27:00 [WARN] [test.mydomian.com.ar] acme: cleaning up failed: cpanel: could not find SOA for domain "test.mydomian.com.ar" (_acme-challenge.test.mydomian.com.ar.) in all1.dnsroundrobin.net:53: read udp 85.31.231.13:57595->103.214.108.66:53: i/o timeout
2024/02/03 22:27:01 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982526763
2024/02/03 22:27:01 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982526773
2024/02/03 22:27:01 Could not obtain certificates:
error: one or more domains had a problem:
[*.test.mydomian.com.ar] [*.test.mydomian.com.ar] acme: error presenting token: cpanel: fetch zone information: unexpected status code: [status code: 403] body: Access denied
[test.mydomian.com.ar] [test.mydomian.com.ar] acme: error presenting token: cpanel: fetch zone information: unexpected status code: [status code: 403] body: Access denied
Additionally, reviewing the APIs, I see that the whm token can also be used in cpanel, the difference is that it has more permissions
I rebased the PR (just to be up-to-date) and added a commit to (I hope) fix the problem.
I also noted that you still have some DNS timeout:
2024/02/03 22:27:00 [WARN] [test.mydomian.com.ar] acme: cleaning up failed: cpanel: could not find SOA for domain "test.mydomian.com.ar" (_acme-challenge.test.mydomian.com.ar.) in all1.dnsroundrobin.net:53: read udp 85.31.231.13:57595->103.214.108.66:53: i/o timeout
whm
2024/02/03 22:39:56 [INFO] [*.test.mydomian.com.ar, test.mydomian.com.ar] acme: Obtaining bundled SAN certificate
2024/02/03 22:39:57 [INFO] [*.test.mydomian.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982639553
2024/02/03 22:39:57 [INFO] [test.mydomian.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982639563
2024/02/03 22:39:57 [INFO] [*.test.mydomian.com.ar] acme: use dns-01 solver
2024/02/03 22:39:57 [INFO] [test.mydomian.com.ar] acme: Could not find solver for: tls-alpn-01
2024/02/03 22:39:57 [INFO] [test.mydomian.com.ar] acme: Could not find solver for: http-01
2024/02/03 22:39:57 [INFO] [test.mydomian.com.ar] acme: use dns-01 solver
2024/02/03 22:39:57 [INFO] [*.test.mydomian.com.ar] acme: Preparing to solve DNS-01
2024/02/03 22:39:58 GET /execute/DNS/parse_zone?zone=mydomian.com.ar HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: cpanel user:WHM_TOKEN
2024/02/03 22:39:59 [INFO] [test.mydomian.com.ar] acme: Preparing to solve DNS-01
2024/02/03 22:40:00 GET /execute/DNS/parse_zone?zone=mydomian.com.ar HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: cpanel user:WHM_TOKEN
2024/02/03 22:40:01 [INFO] [*.test.mydomian.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 22:40:01 GET /execute/DNS/parse_zone?zone=mydomian.com.ar HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: cpanel user:WHM_TOKEN
2024/02/03 22:40:02 [WARN] [*.test.mydomian.com.ar] acme: cleaning up failed: cpanel: fetch zone information: unexpected status code: [status code: 403] body: Access denied
2024/02/03 22:40:02 [INFO] [test.mydomian.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 22:40:03 GET /execute/DNS/parse_zone?zone=mydomian.com.ar HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: cpanel user:WHM_TOKEN
2024/02/03 22:40:04 [WARN] [test.mydomian.com.ar] acme: cleaning up failed: cpanel: fetch zone information: unexpected status code: [status code: 403] body: Access denied
2024/02/03 22:40:04 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982639553
2024/02/03 22:40:04 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982639563
2024/02/03 22:40:04 Could not obtain certificates:
error: one or more domains had a problem:
[*.test.mydomian.com.ar] [*.test.mydomian.com.ar] acme: error presenting token: cpanel: fetch zone information: unexpected status code: [status code: 403] body: Access denied
[test.mydomian.com.ar] [test.mydomian.com.ar] acme: error presenting token: cpanel: fetch zone information: unexpected status code: [status code: 403] body: Access denied
cpanel
2024/02/03 22:43:10 [INFO] [*.test.mydomain.com.ar, test.mydomain.com.ar] acme: Obtaining bundled SAN certificate
2024/02/03 22:43:11 [INFO] [*.test.mydomain.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982678423
2024/02/03 22:43:11 [INFO] [test.mydomain.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982678433
2024/02/03 22:43:11 [INFO] [*.test.mydomain.com.ar] acme: use dns-01 solver
2024/02/03 22:43:11 [INFO] [test.mydomain.com.ar] acme: Could not find solver for: tls-alpn-01
2024/02/03 22:43:11 [INFO] [test.mydomain.com.ar] acme: Could not find solver for: http-01
2024/02/03 22:43:11 [INFO] [test.mydomain.com.ar] acme: use dns-01 solver
2024/02/03 22:43:11 [INFO] [*.test.mydomain.com.ar] acme: Preparing to solve DNS-01
2024/02/03 22:43:21 [INFO] [test.mydomain.com.ar] acme: Preparing to solve DNS-01
2024/02/03 22:43:21 GET /execute/DNS/parse_zone?zone=mydomain.com.ar HTTP/1.1
Host: mydomain.com.ar:2083
Accept: application/json
Authorization: cpanel user:CP_TOKEN
2024/02/03 22:43:51 [INFO] [*.test.mydomain.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 22:43:51 GET /execute/DNS/parse_zone?zone=mydomain.com.ar HTTP/1.1
Host: mydomain.com.ar:2083
Accept: application/json
Authorization: cpanel user:CP_TOKEN
2024/02/03 22:44:21 [WARN] [*.test.mydomain.com.ar] acme: cleaning up failed: cpanel: fetch zone information: unable to communicate with the API server: error: Get "https://mydomain.com.ar:2083/execute/DNS/parse_zone?zone=mydomain.com.ar": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2024/02/03 22:44:21 [INFO] [test.mydomain.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 22:44:32 [WARN] [test.mydomain.com.ar] acme: cleaning up failed: cpanel: could not find SOA for domain "test.mydomain.com.ar" (_acme-challenge.test.mydomain.com.ar.) in all1.dnsroundrobin.net:53: read udp 85.31.231.13:40657->103.214.108.66:53: i/o timeout
2024/02/03 22:44:32 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982678423
2024/02/03 22:44:32 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982678433
2024/02/03 22:44:32 Could not obtain certificates:
error: one or more domains had a problem:
[*.test.mydomain.com.ar] [*.test.mydomain.com.ar] acme: error presenting token: cpanel: could not find SOA for domain "test.mydomain.com.ar" (_acme-challenge.test.mydomain.com.ar.) in all1.dnsroundrobin.net:53: read udp 85.31.231.13:50661->103.214.108.66:53: i/o timeout
[test.mydomain.com.ar] [test.mydomain.com.ar] acme: error presenting token: cpanel: fetch zone information: unable to communicate with the API server: error: Get "https://mydomain.com.ar:2083/execute/DNS/parse_zone?zone=mydomain.com.ar": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
root@srv419809:~/lego# ./dist/lego -m [email protected] --dns cpanel -d *.test.mydomain.com.ar -d test.mydomain.com.ar -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/02/03 22:44:52 [INFO] [*.test.mydomain.com.ar, test.mydomain.com.ar] acme: Obtaining bundled SAN certificate
2024/02/03 22:44:53 [INFO] [*.test.mydomain.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982694953
2024/02/03 22:44:53 [INFO] [test.mydomain.com.ar] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982694963
2024/02/03 22:44:53 [INFO] [*.test.mydomain.com.ar] acme: use dns-01 solver
2024/02/03 22:44:53 [INFO] [test.mydomain.com.ar] acme: Could not find solver for: tls-alpn-01
2024/02/03 22:44:53 [INFO] [test.mydomain.com.ar] acme: Could not find solver for: http-01
2024/02/03 22:44:53 [INFO] [test.mydomain.com.ar] acme: use dns-01 solver
2024/02/03 22:44:53 [INFO] [*.test.mydomain.com.ar] acme: Preparing to solve DNS-01
2024/02/03 22:44:54 GET /execute/DNS/parse_zone?zone=mydomain.com.ar HTTP/1.1
Host: mydomain.com.ar:2083
Accept: application/json
Authorization: cpanel user:CP_TOKEN
2024/02/03 22:44:55 [INFO] [test.mydomain.com.ar] acme: Preparing to solve DNS-01
2024/02/03 22:44:56 GET /execute/DNS/parse_zone?zone=mydomain.com.ar HTTP/1.1
Host: mydomain.com.ar:2083
Accept: application/json
Authorization: cpanel user:CP_TOKEN
2024/02/03 22:44:56 [INFO] [*.test.mydomain.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 22:44:57 GET /execute/DNS/parse_zone?zone=mydomain.com.ar HTTP/1.1
Host: mydomain.com.ar:2083
Accept: application/json
Authorization: cpanel user:CP_TOKEN
2024/02/03 22:44:57 [WARN] [*.test.mydomain.com.ar] acme: cleaning up failed: cpanel: fetch zone information: error: :
2024/02/03 22:44:57 [INFO] [test.mydomain.com.ar] acme: Cleaning DNS-01 challenge
2024/02/03 22:44:58 GET /execute/DNS/parse_zone?zone=mydomain.com.ar HTTP/1.1
Host: mydomain.com.ar:2083
Accept: application/json
Authorization: cpanel user:CP_TOKEN
2024/02/03 22:44:58 [WARN] [test.mydomain.com.ar] acme: cleaning up failed: cpanel: fetch zone information: error: :
2024/02/03 22:44:58 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982694953
2024/02/03 22:44:59 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10982694963
2024/02/03 22:44:59 Could not obtain certificates:
error: one or more domains had a problem:
[*.test.mydomain.com.ar] [*.test.mydomain.com.ar] acme: error presenting token: cpanel: fetch zone information: error: :
[test.mydomain.com.ar] [test.mydomain.com.ar] acme: error presenting token: cpanel: fetch zone information: error: :
root@srv419809:~/lego#
2024/02/03 22:40:03 GET /execute/DNS/parse_zone?zone=mydomian.com.ar HTTP/1.1
Host: mydomian.com.ar:2083
Accept: application/json
Authorization: cpanel user:WHM_TOKEN
This call seems to follow the documentation:
- https://api.docs.cpanel.net/openapi/cpanel/operation/dns-parse_zone/
- https://api.docs.cpanel.net/cpanel/tokens/#using-an-api-token
The only missing thing is cpsess########## (security token) but I don't understand if it's optional or not, and how to get it.
Based on the documentation the security token is only for cookie-based calls, so I don't need it.
Cookie-based calls (for example, calls from a web browser) require a security token. For other authentication methods, read our Guide to API Authentication documentation.
There are 2 options:
- the request is wrong but I don't see where is the problem (based on the doc).
- you don't have the right permissions.