Archive > 19.7 Legacy Series

Let's Encrypt using DNS-01 with OVH

(1/1)

stasheck:
Hello everyone,
First of all, I want to say this is an awesome project - very functional, fast and with pro-level UI. Props!

Alas, here I am with issue I can't solve: I want to get a Let's Encrypt cert for my domain (I have a static IP). The domain is hosted on OVH, and I'd prefer to use DNS-01 verification.

I installed os-acme-client 1.29 then follow https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api to get a cert... it fails when trying to update OVH zone. I am guessing that I have not provided enough access (though I followed the guide 4 times, just to make sure I don't make mistake), but:
1. I can't really figure out the OVH API :(
2. In the log, there's message "_ovh_p='[hidden](please add '--output-insecure' to see this value)'", and I don't know where should I add it to enable more logging (as a side note, I think this should be either configurable or plain enabled in OPNsense).

Below is relevant part of my log. Can someone help me configure this?


--- Code: ---[Fri Jan 10 00:00:21 CET 2020] Adding txt value: <snip> for domain:  _acme-challenge.fury.contoso.com
[Fri Jan 10 00:00:21 CET 2020] Using OVH endpoint: ovh-eu
[Fri Jan 10 00:00:21 CET 2020] OVH_API='https://eu.api.ovh.com/1.0'
[Fri Jan 10 00:00:21 CET 2020] Checking authentication
[Fri Jan 10 00:00:21 CET 2020] domain
[Fri Jan 10 00:00:21 CET 2020] GET
[Fri Jan 10 00:00:21 CET 2020] url='https://eu.api.ovh.com/1.0/auth/time'
[Fri Jan 10 00:00:21 CET 2020] timeout=30
[Fri Jan 10 00:00:21 CET 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g  --connect-timeout 30'
[Fri Jan 10 00:00:21 CET 2020] ret='0'
[Fri Jan 10 00:00:21 CET 2020] _ovh_p='[hidden](please add '--output-insecure' to see this value)'
[Fri Jan 10 00:00:21 CET 2020] GET
[Fri Jan 10 00:00:21 CET 2020] url='https://eu.api.ovh.com/1.0/domain'
[Fri Jan 10 00:00:21 CET 2020] timeout=
[Fri Jan 10 00:00:21 CET 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Fri Jan 10 00:00:22 CET 2020] ret='0'
[Fri Jan 10 00:00:22 CET 2020] Consumer key is ok.
[Fri Jan 10 00:00:22 CET 2020] First detect the root zone
[Fri Jan 10 00:00:22 CET 2020] domain/zone/fury.contoso.com
[Fri Jan 10 00:00:22 CET 2020] GET
[Fri Jan 10 00:00:22 CET 2020] url='https://eu.api.ovh.com/1.0/auth/time'
[Fri Jan 10 00:00:22 CET 2020] timeout=30
[Fri Jan 10 00:00:22 CET 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g  --connect-timeout 30'
[Fri Jan 10 00:00:22 CET 2020] ret='0'
[Fri Jan 10 00:00:22 CET 2020] _ovh_p='[hidden](please add '--output-insecure' to see this value)'
[Fri Jan 10 00:00:22 CET 2020] GET
[Fri Jan 10 00:00:22 CET 2020] url='https://eu.api.ovh.com/1.0/domain/zone/fury.contoso.com'
[Fri Jan 10 00:00:22 CET 2020] timeout=
[Fri Jan 10 00:00:22 CET 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Fri Jan 10 00:00:22 CET 2020] ret='0'
[Fri Jan 10 00:00:22 CET 2020] domain/zone/contoso.com
[Fri Jan 10 00:00:22 CET 2020] GET
[Fri Jan 10 00:00:22 CET 2020] url='https://eu.api.ovh.com/1.0/auth/time'
[Fri Jan 10 00:00:22 CET 2020] timeout=30
[Fri Jan 10 00:00:22 CET 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g  --connect-timeout 30'
[Fri Jan 10 00:00:22 CET 2020] ret='0'
[Fri Jan 10 00:00:22 CET 2020] _ovh_p='[hidden](please add '--output-insecure' to see this value)'
[Fri Jan 10 00:00:22 CET 2020] GET
[Fri Jan 10 00:00:22 CET 2020] url='https://eu.api.ovh.com/1.0/domain/zone/contoso.com'
[Fri Jan 10 00:00:22 CET 2020] timeout=
[Fri Jan 10 00:00:22 CET 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Fri Jan 10 00:00:23 CET 2020] ret='0'
[Fri Jan 10 00:00:23 CET 2020] domain/zone/com
[Fri Jan 10 00:00:23 CET 2020] GET
[Fri Jan 10 00:00:23 CET 2020] url='https://eu.api.ovh.com/1.0/auth/time'
[Fri Jan 10 00:00:23 CET 2020] timeout=30
[Fri Jan 10 00:00:23 CET 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g  --connect-timeout 30'
[Fri Jan 10 00:00:23 CET 2020] ret='0'
[Fri Jan 10 00:00:23 CET 2020] _ovh_p='[hidden](please add '--output-insecure' to see this value)'
[Fri Jan 10 00:00:23 CET 2020] GET
[Fri Jan 10 00:00:23 CET 2020] url='https://eu.api.ovh.com/1.0/domain/zone/eu'
[Fri Jan 10 00:00:23 CET 2020] timeout=
[Fri Jan 10 00:00:23 CET 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Fri Jan 10 00:00:23 CET 2020] ret='0'
[Fri Jan 10 00:00:23 CET 2020] invalid domain
[Fri Jan 10 00:00:23 CET 2020] Error add txt for domain:_acme-challenge.fury.contoso.com
[Fri Jan 10 00:00:23 CET 2020] _on_issue_err
[Fri Jan 10 00:00:23 CET 2020] Please check log file for more details: /var/log/acme.sh.log

--- End code ---

fabian:
From your output I guess you used the example company domain of Microsoft.

stasheck:
Mate, I surely hope you're joking - ever heard about sanitising logs output before posting to a public forum? Because that's what I did.

cmdr.adama:
I don't know anything about the OVH API but a bit of googling presented me with this https://github.com/Neilpang/acme.sh/issues/1145... Seems to be an almost identical issue. Look at ealphonse's response specifically.

cabrerenc:
Hello,
 
 I got here looking for a solution... but you're stuck in a previous step I think. Did you got your OVH CK?
 Because at first I failed creating an API login instead a script:

--- Code: ---https://api.ovh.com/createToken/?GET=/domain/zone/contoso.com/*&POST=/domain/zone/contoso.com/*&PUT=/domain/zone/contoso.com/*&GET=/domain/zone/contoso.com&DELETE=/domain/zone/contoso.com/record/*
--- End code ---
With that my log looks much better, but now I get timeout to every step it tries... I thinks it's time to wait until tomorrow.

Navigation

[0] Message Index

Go to full version