Report bug to Njalla dns api

[philband]

This is the place to report bugs in the Njalla DNS API.

If you experience a bug, please report it in this issue.

Thanks!

[kattjevfel]

There seems to be an issue with the njalla plugin, it used to work but now acme.sh somehow fails to check for its own DNS record it's created, even though it recognised it at an earlier stage and is able to remove it afterwards...

[Thu 13 May 23:30:27 CEST 2021] lewd.se:Verify error:DNS problem: SERVFAIL looking up TXT for _acme-challenge.lewd.se - the domain's nameservers may be malfunctioning

https://gist.github.com/kattjevfel/f42e52d288227a35aa3c03d79cd8540a debug log
The time waited doesn't matter, I've tried 300 seconds many times, and without --dnssleep it just keeps looping forever saying "Not valid yet, let's wait 10 seconds and check next one."

[philband]

@kattjevfel Thanks for reporting the issue and the log. I just tested it from my end, and it seems to me like records are not propagated to Njalla DNS Servers. So I can confirm your issue at least.

From my testing, this issue happens both for records using the API and for records created in the Web GUI, so it seems to be a general issue with Njalla rather than with just this acme.sh API client.

Do you know how long this has been happening?

[kattjevfel]

I set all this up right about 3 months ago and it was all fine then, but between then and now I have no clue.

[philband]

I tested it again just now, DNS record propagation seems to be fixed now. I was able to issue a certificate.

[kattjevfel]

Yup, works perfectly again, the world is safe! Thanks for looking into it, even though it probably was just something temporary broken :)

[bakeromso]

Auto-renewal through DNS on Njalla is not working for me. I double-checked that my API token is correct in account.conf. Also, I confirmed that my public IP is on the allowed API list. I run ./acme.sh/acme.sh --renew -d subdomain.example.com --force --server letsencrypt --debug.
This gives me the error [Tue Aug 9 07:32:21 UTC 2022] Error add txt for domain:_acme-challenge.subdomain.example.com.

For clarity, I am issuing a certificate to a server that has no publicly exposed ports. Njalla is my DNS provider, acme is on version 3.0.3.

Any idea where this is going wrong?

Full log, see below. I changed my real domain to subdomain.example.com, txt record into txtchallenge1234567891328, tokens into my-first-token, extension and my-second-token, all to my best knowledge not relevant for the log.

[Tue Aug  9 07:32:17 UTC 2022] Selected server: https://acme-v02.api.letsencrypt.org/directory
[Tue Aug  9 07:32:17 UTC 2022] Lets find script dir.
[Tue Aug  9 07:32:17 UTC 2022] _SCRIPT_='./acme.sh/acme.sh'
[Tue Aug  9 07:32:17 UTC 2022] _script='/root/acme.sh/acme.sh'
[Tue Aug  9 07:32:17 UTC 2022] _script_home='/root/acme.sh'
[Tue Aug  9 07:32:17 UTC 2022] Using config home:/root/.acme.sh
https://github.com/acmesh-official/acme.sh
v3.0.3
[Tue Aug  9 07:32:17 UTC 2022] Using server: letsencrypt
[Tue Aug  9 07:32:17 UTC 2022] Running cmd: renew
[Tue Aug  9 07:32:17 UTC 2022] Using config home:/root/.acme.sh
[Tue Aug  9 07:32:17 UTC 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Aug  9 07:32:17 UTC 2022] DOMAIN_PATH='/root/.acme.sh/subdomain.example.com'
[Tue Aug  9 07:32:17 UTC 2022] Renew: 'subdomain.example.com'
[Tue Aug  9 07:32:17 UTC 2022] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Tue Aug  9 07:32:17 UTC 2022] Using config home:/root/.acme.sh
[Tue Aug  9 07:32:17 UTC 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Aug  9 07:32:17 UTC 2022] _main_domain='subdomain.example.com'
[Tue Aug  9 07:32:17 UTC 2022] _alt_domains='www.subdomain.example.com'
[Tue Aug  9 07:32:17 UTC 2022] Le_NextRenewTime='1657929760'
[Tue Aug  9 07:32:17 UTC 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Aug  9 07:32:17 UTC 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Aug  9 07:32:17 UTC 2022] GET
[Tue Aug  9 07:32:17 UTC 2022] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Aug  9 07:32:17 UTC 2022] timeout=
[Tue Aug  9 07:32:17 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue Aug  9 07:32:17 UTC 2022] ret='0'
[Tue Aug  9 07:32:17 UTC 2022] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Aug  9 07:32:17 UTC 2022] ACME_NEW_AUTHZ
[Tue Aug  9 07:32:17 UTC 2022] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Aug  9 07:32:18 UTC 2022] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Aug  9 07:32:18 UTC 2022] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug  9 07:32:18 UTC 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Aug  9 07:32:18 UTC 2022] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Aug  9 07:32:18 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Aug  9 07:32:18 UTC 2022] _on_before_issue
[Tue Aug  9 07:32:18 UTC 2022] _chk_main_domain='subdomain.example.com'
[Tue Aug  9 07:32:18 UTC 2022] _chk_alt_domains='www.subdomain.example.com'
[Tue Aug  9 07:32:18 UTC 2022] Le_LocalAddress
[Tue Aug  9 07:32:18 UTC 2022] d='subdomain.example.com'
[Tue Aug  9 07:32:18 UTC 2022] Check for domain='subdomain.example.com'
[Tue Aug  9 07:32:18 UTC 2022] _currentRoot='dns_njalla'
[Tue Aug  9 07:32:18 UTC 2022] d='www.subdomain.example.com'
[Tue Aug  9 07:32:18 UTC 2022] Check for domain='www.subdomain.example.com'
[Tue Aug  9 07:32:18 UTC 2022] _currentRoot='dns_njalla'
[Tue Aug  9 07:32:18 UTC 2022] d
[Tue Aug  9 07:32:18 UTC 2022] _saved_account_key_hash is not changed, skip register account.
[Tue Aug  9 07:32:18 UTC 2022] Read key length:2048
[Tue Aug  9 07:32:18 UTC 2022] _createcsr
[Tue Aug  9 07:32:18 UTC 2022] Multi domain='DNS:subdomain.example.com,DNS:www.subdomain.example.com'
[Tue Aug  9 07:32:18 UTC 2022] Getting domain auth token for each domain
[Tue Aug  9 07:32:18 UTC 2022] d='www.subdomain.example.com'
[Tue Aug  9 07:32:18 UTC 2022] d
[Tue Aug  9 07:32:18 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Aug  9 07:32:18 UTC 2022] payload='{"identifiers": [{"type":"dns","value":"subdomain.example.com"},{"type":"dns","value":"www.subdomain.example.com"}]}'
[Tue Aug  9 07:32:18 UTC 2022] RSA key
[Tue Aug  9 07:32:18 UTC 2022] HEAD
[Tue Aug  9 07:32:18 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Aug  9 07:32:18 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Tue Aug  9 07:32:18 UTC 2022] _ret='0'
[Tue Aug  9 07:32:18 UTC 2022] POST
[Tue Aug  9 07:32:18 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Aug  9 07:32:18 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue Aug  9 07:32:19 UTC 2022] _ret='0'
[Tue Aug  9 07:32:19 UTC 2022] code='201'
[Tue Aug  9 07:32:19 UTC 2022] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/45720650/11452391829'
[Tue Aug  9 07:32:19 UTC 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/45720650/11452391829'
[Tue Aug  9 07:32:19 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/14002385807'
[Tue Aug  9 07:32:19 UTC 2022] payload
[Tue Aug  9 07:32:19 UTC 2022] POST
[Tue Aug  9 07:32:19 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/14002385807'
[Tue Aug  9 07:32:19 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue Aug  9 07:32:19 UTC 2022] _ret='0'
[Tue Aug  9 07:32:19 UTC 2022] code='200'
[Tue Aug  9 07:32:19 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/14002385808'
[Tue Aug  9 07:32:19 UTC 2022] payload
[Tue Aug  9 07:32:19 UTC 2022] POST
[Tue Aug  9 07:32:19 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/14002385808'
[Tue Aug  9 07:32:19 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue Aug  9 07:32:20 UTC 2022] _ret='0'
[Tue Aug  9 07:32:20 UTC 2022] code='200'
[Tue Aug  9 07:32:20 UTC 2022] d='subdomain.example.com'
[Tue Aug  9 07:32:20 UTC 2022] Getting webroot for domain='subdomain.example.com'
[Tue Aug  9 07:32:20 UTC 2022] _w='dns_njalla'
[Tue Aug  9 07:32:20 UTC 2022] _currentRoot='dns_njalla'
[Tue Aug  9 07:32:20 UTC 2022] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/14002385807/zs_WWw","token":"my-first-token"'
[Tue Aug  9 07:32:20 UTC 2022] token='my-first-token'
[Tue Aug  9 07:32:20 UTC 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/14002385807/zs_WWw'
[Tue Aug  9 07:32:20 UTC 2022] keyauthorization='my-first-token.extension'
[Tue Aug  9 07:32:20 UTC 2022] dvlist='subdomain.example.com#my-first-token.extension#https://acme-v02.api.letsencrypt.org/acme/chall-v3/14002385807/zs_WWw#dns-01#dns_njalla'
[Tue Aug  9 07:32:20 UTC 2022] d='www.subdomain.example.com'
[Tue Aug  9 07:32:20 UTC 2022] Getting webroot for domain='www.subdomain.example.com'
[Tue Aug  9 07:32:20 UTC 2022] _w='dns_njalla'
[Tue Aug  9 07:32:20 UTC 2022] _currentRoot='dns_njalla'
[Tue Aug  9 07:32:20 UTC 2022] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/14002385808/Vypa_E","token":"my-second-token"'
[Tue Aug  9 07:32:20 UTC 2022] token='my-second-token'
[Tue Aug  9 07:32:20 UTC 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/14002385808/Vypa_E'
[Tue Aug  9 07:32:20 UTC 2022] keyauthorization='my-second-token.extension'
[Tue Aug  9 07:32:20 UTC 2022] dvlist='www.subdomain.example.com#my-second-token.extension#https://acme-v02.api.letsencrypt.org/acme/chall-v3/14002385808/Vypa_E#dns-01#dns_njalla'
[Tue Aug  9 07:32:20 UTC 2022] d
[Tue Aug  9 07:32:20 UTC 2022] vlist='subdomain.example.com#my-first-token.extension#https://acme-v02.api.letsencrypt.org/acme/chall-v3/14002385807/zs_WWw#dns-01#dns_njalla,www.subdomain.example.com#my-second-token.extension#https://acme-v02.api.letsencrypt.org/acme/chall-v3/14002385808/Vypa_E#dns-01#dns_njalla,'
[Tue Aug  9 07:32:20 UTC 2022] d='subdomain.example.com'
[Tue Aug  9 07:32:20 UTC 2022] _d_alias
[Tue Aug  9 07:32:20 UTC 2022] txtdomain='_acme-challenge.subdomain.example.com'
[Tue Aug  9 07:32:20 UTC 2022] txt='txtchallenge1234567891328'
[Tue Aug  9 07:32:20 UTC 2022] d_api='/root/acme.sh/dnsapi/dns_njalla.sh'
[Tue Aug  9 07:32:20 UTC 2022] Found domain api file: /root/acme.sh/dnsapi/dns_njalla.sh
[Tue Aug  9 07:32:20 UTC 2022] Adding txt value: txtchallenge1234567891328 for domain:  _acme-challenge.subdomain.example.com
[Tue Aug  9 07:32:20 UTC 2022] First detect the root zone
[Tue Aug  9 07:32:20 UTC 2022] h='_acme-challenge.subdomain.example.com'
[Tue Aug  9 07:32:20 UTC 2022] data='{"method":"get-domain","params":{"domain":"_acme-challenge.subdomain.example.com"}}'
[Tue Aug  9 07:32:20 UTC 2022] POST
[Tue Aug  9 07:32:20 UTC 2022] _post_url='https://njal.la/api/1/'
[Tue Aug  9 07:32:20 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue Aug  9 07:32:20 UTC 2022] _ret='0'
[Tue Aug  9 07:32:20 UTC 2022] h='subdomain.example.com'
[Tue Aug  9 07:32:20 UTC 2022] data='{"method":"get-domain","params":{"domain":"subdomain.example.com"}}'
[Tue Aug  9 07:32:20 UTC 2022] POST
[Tue Aug  9 07:32:20 UTC 2022] _post_url='https://njal.la/api/1/'
[Tue Aug  9 07:32:20 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue Aug  9 07:32:20 UTC 2022] _ret='0'
[Tue Aug  9 07:32:20 UTC 2022] h='example.com'
[Tue Aug  9 07:32:20 UTC 2022] data='{"method":"get-domain","params":{"domain":"example.com"}}'
[Tue Aug  9 07:32:20 UTC 2022] POST
[Tue Aug  9 07:32:20 UTC 2022] _post_url='https://njal.la/api/1/'
[Tue Aug  9 07:32:20 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue Aug  9 07:32:20 UTC 2022] _ret='0'
[Tue Aug  9 07:32:20 UTC 2022] h='com'
[Tue Aug  9 07:32:20 UTC 2022] data='{"method":"get-domain","params":{"domain":"com"}}'
[Tue Aug  9 07:32:20 UTC 2022] POST
[Tue Aug  9 07:32:20 UTC 2022] _post_url='https://njal.la/api/1/'
[Tue Aug  9 07:32:20 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue Aug  9 07:32:21 UTC 2022] _ret='0'
[Tue Aug  9 07:32:21 UTC 2022] h
[Tue Aug  9 07:32:21 UTC 2022] invalid domain
[Tue Aug  9 07:32:21 UTC 2022] Error add txt for domain:_acme-challenge.subdomain.example.com
[Tue Aug  9 07:32:21 UTC 2022] _on_issue_err
[Tue Aug  9 07:32:21 UTC 2022] Please add '--debug' or '--log' to check more details.
[Tue Aug  9 07:32:21 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Tue Aug  9 07:32:21 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/14002385807/zs_WWw'
[Tue Aug  9 07:32:21 UTC 2022] payload='{}'
[Tue Aug  9 07:32:21 UTC 2022] POST
[Tue Aug  9 07:32:21 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/14002385807/zs_WWw'
[Tue Aug  9 07:32:21 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue Aug  9 07:32:21 UTC 2022] _ret='0'
[Tue Aug  9 07:32:21 UTC 2022] code='200'
[Tue Aug  9 07:32:21 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/14002385808/Vypa_E'
[Tue Aug  9 07:32:21 UTC 2022] payload='{}'
[Tue Aug  9 07:32:21 UTC 2022] POST
[Tue Aug  9 07:32:21 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/14002385808/Vypa_E'
[Tue Aug  9 07:32:21 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue Aug  9 07:32:22 UTC 2022] _ret='0'
[Tue Aug  9 07:32:22 UTC 2022] code='200'
[Tue Aug  9 07:32:22 UTC 2022] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.1n  15 Mar 2022
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.2 on Nov 19 2017 13:56:10
   running on Linux version #2 SMP PVE 5.15.39-3 (Wed, 27 Jul 2022 13:45:39 +0200), release 5.15.39-3-pve, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/
[Tue Aug  9 07:32:22 UTC 2022] pid
[Tue Aug  9 07:32:22 UTC 2022] No need to restore nginx, skip.
[Tue Aug  9 07:32:22 UTC 2022] _clearupdns
[Tue Aug  9 07:32:22 UTC 2022] dns_entries
[Tue Aug  9 07:32:22 UTC 2022] skip dns.

EDIT: I fixed it somehow by requesting a new API token on Njalla. On this new token, I had temporarily left the IP whitelist blank. Somehow, everything now works ok.

[alfredfo]

Hey, dns_njalla currently doesn't remove records successfully. Fixed with this PR #5121.