dns_kas.sh: Error removing txt for domain:_acme-challenge.foo

[djonasdev]

Hello,

thanks for implementing an api script for all ink!
I get it working on my synology so far 👍
I want to create a "multi wildcard subdomain" certificate which is working so far. The script is creating 3 TXT entries. But when deleting, the error occurs:

Here is the curl url the script is calling:

[Fri May  3 10:53:39 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=fooPasscode&kas_action=delete_dns_settings&var1=record_id&wert1=77044096 51272448 60528537'

If you call the url (https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=fooPasscode&kas_action=delete_dns_settings&var1=record_id&wert1=77044096%2051272448%2060528537) in webbrowser you can see the error message as well:

Is described in the doc (http://kasapi.kasserver.com/dokumentation/phpdoc/packages/API%20Funktionen.html) you have to pass an array, but I actually don't know how to do it. Another approah would be to call the url 3 times for each id to delete..

[phlegx]

Hi @dojo90! Thanks for the Issue Report. I unfortunately currently do have very little time to get into this. There is also a pull request open since quite some time, but I would need to make quite a few changes to get this merged and I even do not know if Kasserver API can do everything that the acme.sh Maintainer wants to have. See: acmesh-official#1341

I only remember that there are some issues with deleting entries. So if I remember correctly I currently did this manually if I needed to.

The API you linked is from PHP. I think the array is only needed in this PHP function. In the form your string should suffice from what I can say, but to be honest I would need to try it myself. Could the record ID mabye be wrong?
Maybe you could ask the all-inkl support on how this is working and let us then know herer on how this is done correctly.

If you are interested in improving this dns_kas.sh implemetation feel free to do so :-)

[phlegx]

I just see you try to put all three entries there just with whitespaces. I guess like this is not working and via API one needs to indeed make three calls as you already wrote.

Not sure if it is possible to send an array via API and if it is possible, in which form it has to be send.

[phlegx]

Maybe like this: [ "1234", "5678", "9101112" ]

[djonasdev]

Maybe like this: [ "1234", "5678", "9101112" ]

Not working..

• ["1","2"]
• ["1", "2"]
• [ "1", "2" ]
• ['1','2']
• ['1', '2']
• [ '1', '2' ]

🤔

The problem is that in Line 73 (https://github.com/phlegx/acme.sh/blob/all-inkl-kasserver-dns-script/dnsapi/dns_kas.sh#L73) is a whitespace separated list 1234 5678 9101112.

Actually I'm not that familiar with bash. Could you have a look if this could do the trick?

	# If there is a record_id, delete the entry   
	if [ -n "$_record_id" ]; then
		params="?kas_login=$KAS_Login"
		params="$params&kas_auth_type=$KAS_Authtype"
		params="$params&kas_auth_data=$KAS_Authdata"
		params="$params&kas_action=delete_dns_settings"

		# split it into a seperated list, if there where multiples entries made
		records=($_record_id)
		for i in "${records[@]}"
		do
		   params2="$params&var1=record_id"
		   params2="$params2&wert1=$i"
		   _debug2 "Wait for 10 seconds by default before calling KAS API."
		   sleep 10
		   response="$(_get "$KAS_Api$params2")"
		   _debug2 "response" "$response"
		   if ! _contains "$response" "TRUE"; then
			   _err "Either the txt record is not found or another error occurred, please check manually."
			   return 1
		   fi
		done
	else # Cannot delete or unkown error
		_err "No record_id found that can be deleted. Please check manually."
		return 1
	fi
return 0

[phlegx]

I think this looks good @dojo90! Haven't tested it fully though. I assume it is functional right? If yes, can you do a pull request maybe?

[djonasdev]

Actually the solution approach is working, but there is some error in the logic:

---

• I created a certificate with 2 wildcard and 1 domain
  *.dyndns.my-domain.com -d *.my-domain.com -d my-domain.com
• The script added 3 TXT entries, but two of them hat the same CNAME
  • 2x _acme-challenge
  • 1x _acme-challenge.dyndns
• The dns_kas_rm() is called 3 times. 1 time for each certificate:
  1. Removing _acme-challenge.dyndns.my-domain.com DNS TXT entry on All-inkl/Kasserver
     • removes exactly 1 entry
  2. Removing _acme-challenge.my-domain.com DNS TXT entry on All-inkl/Kasserver
     • removes 2 entries
  3. Removing _acme-challenge.my-domain.com DNS TXT entry on All-inkl/Kasserver
     • can't remove any entry, because it was already removed before

The created certificate is working so far and contains all "domains / wildcard subdomains".

Maybe there should be a counter to count the added entries and afterwards use it to check if all entries where already deleted to prevent the error message?

[Fri May  3 12:24:38 CEST 2019] Removing DNS records.
[Fri May  3 12:24:38 CEST 2019] d='dyndns.my-domain.com'
[Fri May  3 12:24:38 CEST 2019] txtdomain='_acme-challenge.dyndns.my-domain.com'
[Fri May  3 12:24:38 CEST 2019] aliasDomain='_acme-challenge.dyndns.my-domain.com'
[Fri May  3 12:24:38 CEST 2019] txt='dZjI2w1fL6-yE_lE8SOR-YhVGy4D7ItJ7C0oTgHVBE8'
[Fri May  3 12:24:38 CEST 2019] d_api='/root/.acme.sh/dnsapi/dns_kas.sh'
[Fri May  3 12:24:38 CEST 2019] Using DNS-01 All-inkl/Kasserver hook
[Fri May  3 12:24:38 CEST 2019] Cleaning up after All-inkl/Kasserver hook
[Fri May  3 12:24:38 CEST 2019] Removing _acme-challenge.dyndns.my-domain.com DNS TXT entry on All-inkl/Kasserver
[Fri May  3 12:24:48 CEST 2019] GET
[Fri May  3 12:24:48 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=sdhgh34dfg23f&kas_action=get_dns_settings&var1=zone_host&wert1=my-domain.com.'
[Fri May  3 12:24:48 CEST 2019] timeout=
[Fri May  3 12:24:48 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri May  3 12:24:48 CEST 2019] ret='0'
[Fri May  3 12:24:58 CEST 2019] GET
[Fri May  3 12:24:58 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=sdhgh34dfg23f&kas_action=delete_dns_settings&var1=record_id&wert1=41955939'
[Fri May  3 12:24:58 CEST 2019] timeout=
[Fri May  3 12:24:58 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri May  3 12:24:59 CEST 2019] ret='0'
[Fri May  3 12:24:59 CEST 2019] d='my-domain.com'
[Fri May  3 12:24:59 CEST 2019] txtdomain='_acme-challenge.my-domain.com'
[Fri May  3 12:24:59 CEST 2019] aliasDomain='_acme-challenge.my-domain.com'
[Fri May  3 12:24:59 CEST 2019] txt='7fHZdvmLBabbr7XikMafMWCfsmOZjFPM1rkLnaJp4ck'
[Fri May  3 12:24:59 CEST 2019] d_api='/root/.acme.sh/dnsapi/dns_kas.sh'
[Fri May  3 12:24:59 CEST 2019] Using DNS-01 All-inkl/Kasserver hook
[Fri May  3 12:24:59 CEST 2019] Cleaning up after All-inkl/Kasserver hook
[Fri May  3 12:24:59 CEST 2019] Removing _acme-challenge.my-domain.com DNS TXT entry on All-inkl/Kasserver
[Fri May  3 12:25:09 CEST 2019] GET
[Fri May  3 12:25:09 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=sdhgh34dfg23f&kas_action=get_dns_settings&var1=zone_host&wert1=my-domain.com.'
[Fri May  3 12:25:09 CEST 2019] timeout=
[Fri May  3 12:25:09 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri May  3 12:25:09 CEST 2019] ret='0'
[Fri May  3 12:25:19 CEST 2019] GET
[Fri May  3 12:25:19 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=sdhgh34dfg23f&kas_action=delete_dns_settings&var1=record_id&wert1=41955955'
[Fri May  3 12:25:19 CEST 2019] timeout=
[Fri May  3 12:25:19 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri May  3 12:25:19 CEST 2019] ret='0'
[Fri May  3 12:25:29 CEST 2019] GET
[Fri May  3 12:25:29 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=sdhgh34dfg23f&kas_action=delete_dns_settings&var1=record_id&wert1=41955957'
[Fri May  3 12:25:29 CEST 2019] timeout=
[Fri May  3 12:25:29 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri May  3 12:25:30 CEST 2019] ret='0'
[Fri May  3 12:25:30 CEST 2019] d='my-domain.com'
[Fri May  3 12:25:30 CEST 2019] txtdomain='_acme-challenge.my-domain.com'
[Fri May  3 12:25:30 CEST 2019] aliasDomain='_acme-challenge.my-domain.com'
[Fri May  3 12:25:30 CEST 2019] txt='EsyzpG9QVXvYRtIbD_DsnE6iiJeuR2cef47sJFL2lSE'
[Fri May  3 12:25:30 CEST 2019] d_api='/root/.acme.sh/dnsapi/dns_kas.sh'
[Fri May  3 12:25:30 CEST 2019] Using DNS-01 All-inkl/Kasserver hook
[Fri May  3 12:25:30 CEST 2019] Cleaning up after All-inkl/Kasserver hook
[Fri May  3 12:25:30 CEST 2019] Removing _acme-challenge.my-domain.com DNS TXT entry on All-inkl/Kasserver
[Fri May  3 12:25:40 CEST 2019] GET
[Fri May  3 12:25:40 CEST 2019] url='https://kasapi.kasserver.com/dokumentation/formular.php?kas_login=w0815&kas_auth_type=sha1&kas_auth_data=sdhgh34dfg23f&kas_action=get_dns_settings&var1=zone_host&wert1=my-domain.com.'
[Fri May  3 12:25:40 CEST 2019] timeout=
[Fri May  3 12:25:40 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri May  3 12:25:40 CEST 2019] ret='0'
[Fri May  3 12:25:40 CEST 2019] No record_id found that can be deleted. Please check manually.
[Fri May  3 12:25:40 CEST 2019] Error removing txt for domain:_acme-challenge.my-domain.com

[djonasdev]

I think this looks good @dojo90! Haven't tested it fully though. I assume it is functional right? If yes, can you do a pull request maybe?

I have added my changes right now.

The script is working (with multiple entries) if you only use wildcard requests:
*.subdomain.my-domain.com and *.my-domain.com

Then every two entries are properly deleted. If you also want to request the full domain my-domain.com, then there is the described error.. Luckily I only need the wildcard ones (for my NAS) and the full domain certificate is only on the webspace (generated by the hoster). So I don't have any issues anymore. 🤓👌

👆 But the problem still exists!