Comments (10)
Hi @olsonnn, thanks for reaching out. That appears to be a fairly common error from the GoDaddy API. But based on your command, I don't see an obvious reason why it would have happened. Do you have more context prior to the error from the verbose output you can post?
This is likely happening during the calls to Publish-Challenge
that Submit-ChallengeValidation
makes under the hood. You could try sending some test publish commands to narrow down the problem like this. The way wildcard TXT records are published is the same as non-wildcard. So we'll publish two records with different fake token values.
# using the same $pArgs variable from before
Publish-Challenge mydomain.eu (Get-PAAccount) fake1 GoDaddy $pArgs -Verbose
Publish-Challenge mydomain.eu (Get-PAAccount) fake2 GoDaddy $pArgs -Verbose
UnPublish-Challenge mydomain.eu (Get-PAAccount) fake1 GoDaddy $pArgs -Verbose
UnPublish-Challenge mydomain.eu (Get-PAAccount) fake2 GoDaddy $pArgs -Verbose
from posh-acme.
Hi!
Verbose log: nothing special from my point of view.
VERBOSE: Updating directory info from https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Using ACME Server https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Using account 132853xxx
VERBOSE: Order name not specified, using 'mydomain.eu'
VERBOSE: Using existing order 'mydomain.eu' with status pending
VERBOSE: Setting Plugin to GoDaddy
VERBOSE: Updating plugin args for plugin(s) GoDaddy
VERBOSE: Saving order changes
WARNING: Fewer Plugin values than names in the order. Using GoDaddy for the rest.
VERBOSE: Publishing challenge for Domain mydomain.eu with Token JAEckwibzCadfadfdsafDKDzkYLpq2syfWksD05DB1a9OvELE using Plugin GoDaddy and DnsAlias ''.
VERBOSE: Adding a new TXT record for _acme-challenge with value nGuoMadfadfdsafdfdsfrhphKDnzU017KFqtQQIfUI
Submit-ChallengeValidation: C:\Users\user1\Documents\PowerShell\Modules\Posh-ACME\4.19.0\Public\New-PACertificate.ps1:253
Line |
253 | Submit-ChallengeValidation
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
| {"code":"INVALID_BODY","message":"Request body doesn't fulfill schema, see details in fields
"}
PS C:\Users\user1>
Single cert like test.mydomain just works fine.
Your publish challenge gives the same error
from posh-acme.
The log shows it failing on the very first publish command. I think the problem is specifically with creating a domain root TXT record. But it only seems to be a problem for your domain. It works normally for one on my account. Can you create a domain root TXT message via the web GUI?
When you try the publish command, is there any more text to the error? Also, are you running on PowerShell 5 or 7?
from posh-acme.
Correction. It's not actually the domain root. It would be an _acme-challenge.example.com
record which is even weirder since you said test.example.com
worked. There's gotta be more to that error message that would point us in the right direction.
from posh-acme.
Ok, let's try this super raw and see if we can get a better error message. Give this a shot and post the result.
# Change the $zone variable to your own domain and use the same $pArgs variable from before
$zone = 'example.com'
$auth = 'sso-key {0}:{1}' -f $pArgs.GDKey,[pscredential]::new('a',$pArgs.GDSecretSecure).GetNetworkCredential().Password
$headers = @{Authorization = $auth}
$body = ConvertTo-Json @(@{data='fakevalue';ttl=600}) -Compress
$queryParams = @{Uri = "https://api.godaddy.com/v1/domains/$zone/records/TXT/_acme-challenge"; Method='Put'; Headers=$headers; Body=$body; ContentType='application/json'}
Invoke-RestMethod @queryParams
If there's no output, that means it worked and you should see the record in the web GUI.
from posh-acme.
Quick check:
with wildcard
VERBOSE: Adding a new TXT record for _acme-challenge with value nGuoM6SA30hVo-HmsbSytrhphKDnzU017KFqtQQIfUI
with olaf2
VERBOSE: Adding a new TXT record for _acme-challenge.olaf2 with value ocCdNvqjBLdEXQFZCh8YIAAdSEvem1hhH-o9zExMTcw
Note the _acme-challenge..OLAF2
Is that part missing / required in wildcard required?
Going to work on your test req. now
from posh-acme.
one step further.
you script does not add the txt entry for mydomain.eu
but it does for myotherdomain.eu
so it looks like there is something wrong for mydomain.eu at godaddy. (doohhhhh)
and i cannot see what's going on. No other TXT records involved...
from posh-acme.
issue fixed. Existing TXT _acme-challenge. im so sorry for the trouble....
from posh-acme.
Nice! Glad you figured out the problem. Was there something special about the existing _acme-challenge
record? The code should have been able to work even if a record already existed and just added another value to it. That's what it ends up doing anyway when you get a cert for both the domain apex and the wildcard name.
from posh-acme.
Ryan, there might be an issue with that.
I had 1 row with _acme-challenge. (nothing special tbh)
Added a second in Godaddy UI. And got an error msg with conflicting records.
It seems it's not allowed!? I can post screenshot later if you want...
from posh-acme.
Related Issues (20)
- AZ Token not refreshed when switching tenants HOT 3
- ErrorAction doesn't seem to be honored HOT 3
- Namecheap issue with verifying DNS challenge HOT 3
- Error thrown in Linux when $env:POSHACME_HOME is set to other than default HOT 1
- Issues with Publish-Challenge with Simply.com HOT 21
- Add -CsrString parameter to New-PACertificate HOT 4
- possible documentation issue with Tutorial HOT 2
- create certificates with non public TLDs HOT 3
- NewOrder request did not include a SAN short enough to fit in CN HOT 2
- Need better example of how to store plugin values with secretmanagement HOT 5
- 'R53UseIAMRole=true' not working with IMDSv2 Tokens set to 'Required' HOT 6
- Finalize URL not set in order object, cannot Submit-OrderFinalize HOT 3
- "Bad Data" Error WHen Signing Into GCloud DNS HOT 2
- The CSR MUST indicate the exact same set of requested identifiers as the initial newOrder request. HOT 3
- Condition based on result of Submit-Renewal or Install-PACertificate HOT 1
- DNS problem: NXDOMAIN looking up TXT: Azure plugin, manual plugin HOT 3
- Error Thrown with large SAN List HOT 4
- Timeout with WebSelfHost on Server 2022 and some 2019 HOT 4
- Feature Request - Function `Test-PAAccount` HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from posh-acme.