Comments (10)
Hi @olsonnn, thanks for reaching out. That appears to be a fairly common error from the GoDaddy API. But based on your command, I don't see an obvious reason why it would have happened. Do you have more context prior to the error from the verbose output you can post?
This is likely happening during the calls to Publish-Challenge
that Submit-ChallengeValidation
makes under the hood. You could try sending some test publish commands to narrow down the problem like this. The way wildcard TXT records are published is the same as non-wildcard. So we'll publish two records with different fake token values.
# using the same $pArgs variable from before
Publish-Challenge mydomain.eu (Get-PAAccount) fake1 GoDaddy $pArgs -Verbose
Publish-Challenge mydomain.eu (Get-PAAccount) fake2 GoDaddy $pArgs -Verbose
UnPublish-Challenge mydomain.eu (Get-PAAccount) fake1 GoDaddy $pArgs -Verbose
UnPublish-Challenge mydomain.eu (Get-PAAccount) fake2 GoDaddy $pArgs -Verbose
from posh-acme.
Hi!
Verbose log: nothing special from my point of view.
VERBOSE: Updating directory info from https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Using ACME Server https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Using account 132853xxx
VERBOSE: Order name not specified, using 'mydomain.eu'
VERBOSE: Using existing order 'mydomain.eu' with status pending
VERBOSE: Setting Plugin to GoDaddy
VERBOSE: Updating plugin args for plugin(s) GoDaddy
VERBOSE: Saving order changes
WARNING: Fewer Plugin values than names in the order. Using GoDaddy for the rest.
VERBOSE: Publishing challenge for Domain mydomain.eu with Token JAEckwibzCadfadfdsafDKDzkYLpq2syfWksD05DB1a9OvELE using Plugin GoDaddy and DnsAlias ''.
VERBOSE: Adding a new TXT record for _acme-challenge with value nGuoMadfadfdsafdfdsfrhphKDnzU017KFqtQQIfUI
Submit-ChallengeValidation: C:\Users\user1\Documents\PowerShell\Modules\Posh-ACME\4.19.0\Public\New-PACertificate.ps1:253
Line |
253 | Submit-ChallengeValidation
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
| {"code":"INVALID_BODY","message":"Request body doesn't fulfill schema, see details in fields
"}
PS C:\Users\user1>
Single cert like test.mydomain just works fine.
Your publish challenge gives the same error
from posh-acme.
The log shows it failing on the very first publish command. I think the problem is specifically with creating a domain root TXT record. But it only seems to be a problem for your domain. It works normally for one on my account. Can you create a domain root TXT message via the web GUI?
When you try the publish command, is there any more text to the error? Also, are you running on PowerShell 5 or 7?
from posh-acme.
Correction. It's not actually the domain root. It would be an _acme-challenge.example.com
record which is even weirder since you said test.example.com
worked. There's gotta be more to that error message that would point us in the right direction.
from posh-acme.
Ok, let's try this super raw and see if we can get a better error message. Give this a shot and post the result.
# Change the $zone variable to your own domain and use the same $pArgs variable from before
$zone = 'example.com'
$auth = 'sso-key {0}:{1}' -f $pArgs.GDKey,[pscredential]::new('a',$pArgs.GDSecretSecure).GetNetworkCredential().Password
$headers = @{Authorization = $auth}
$body = ConvertTo-Json @(@{data='fakevalue';ttl=600}) -Compress
$queryParams = @{Uri = "https://api.godaddy.com/v1/domains/$zone/records/TXT/_acme-challenge"; Method='Put'; Headers=$headers; Body=$body; ContentType='application/json'}
Invoke-RestMethod @queryParams
If there's no output, that means it worked and you should see the record in the web GUI.
from posh-acme.
Quick check:
with wildcard
VERBOSE: Adding a new TXT record for _acme-challenge with value nGuoM6SA30hVo-HmsbSytrhphKDnzU017KFqtQQIfUI
with olaf2
VERBOSE: Adding a new TXT record for _acme-challenge.olaf2 with value ocCdNvqjBLdEXQFZCh8YIAAdSEvem1hhH-o9zExMTcw
Note the _acme-challenge..OLAF2
Is that part missing / required in wildcard required?
Going to work on your test req. now
from posh-acme.
one step further.
you script does not add the txt entry for mydomain.eu
but it does for myotherdomain.eu
so it looks like there is something wrong for mydomain.eu at godaddy. (doohhhhh)
and i cannot see what's going on. No other TXT records involved...
from posh-acme.
issue fixed. Existing TXT _acme-challenge. im so sorry for the trouble....
from posh-acme.
Nice! Glad you figured out the problem. Was there something special about the existing _acme-challenge
record? The code should have been able to work even if a record already existed and just added another value to it. That's what it ends up doing anyway when you get a cert for both the domain apex and the wildcard name.
from posh-acme.
Ryan, there might be an issue with that.
I had 1 row with _acme-challenge. (nothing special tbh)
Added a second in Godaddy UI. And got an error msg with conflicting records.
It seems it's not allowed!? I can post screenshot later if you want...
from posh-acme.
Related Issues (20)
- Trying to use ZeroSSL HOT 4
- Problem with OVH plugin for creating/renewing certificates HOT 8
- Error requesting certificate with WebRoot plugin HOT 5
- FullChainFile doesn't contain ISRG Root X1 HOT 9
- Active24 plugin no longer working HOT 25
- Pull cert into local certificate store using FQDN and Subsequent renew HOT 5
- CmdLets Repeatedly asking for DNS Text Records HOT 3
- Running "Get-PACertificate" can cause a long stream of errors HOT 4
- OVH plugin is not compatible with PowerShell 5.1
- DNSimple Plugin not removing dns challange HOT 3
- DNSimple Plugin regression HOT 3
- DNSPod Argument Names HOT 3
- Gandi API change HOT 3
- Question - Problems loading bouncy castle HOT 6
- NameCom plugin - Domain not found HOT 8
- Plugin request: Scaleway.com/Online.net HOT 10
- How do you check for current installed version of Posh-ACME client and how do you upgrade the Posh-ACME client HOT 3
- Cannot indicate an order replaces certificate with serial <code>, which already has a replacement order HOT 4
- Submit-Renewal throws errors checking ARI on certs with no AKI HOT 3
- Azure IMDS authentication doesn't work on Arc-enabled servers HOT 17
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from posh-acme.