godaddy wildcard issues about posh-acme HOT 10 CLOSED

Hi @olsonnn, thanks for reaching out. That appears to be a fairly common error from the GoDaddy API. But based on your command, I don't see an obvious reason why it would have happened. Do you have more context prior to the error from the verbose output you can post?

This is likely happening during the calls to Publish-Challenge that Submit-ChallengeValidation makes under the hood. You could try sending some test publish commands to narrow down the problem like this. The way wildcard TXT records are published is the same as non-wildcard. So we'll publish two records with different fake token values.

# using the same $pArgs variable from before
Publish-Challenge mydomain.eu (Get-PAAccount) fake1 GoDaddy $pArgs -Verbose
Publish-Challenge mydomain.eu (Get-PAAccount) fake2 GoDaddy $pArgs -Verbose
UnPublish-Challenge mydomain.eu (Get-PAAccount) fake1 GoDaddy $pArgs -Verbose
UnPublish-Challenge mydomain.eu (Get-PAAccount) fake2 GoDaddy $pArgs -Verbose

from posh-acme.

Hi!
Verbose log: nothing special from my point of view.

VERBOSE: Updating directory info from https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Using ACME Server https://acme-v02.api.letsencrypt.org/directory
VERBOSE: Using account 132853xxx
VERBOSE: Order name not specified, using 'mydomain.eu'
VERBOSE: Using existing order 'mydomain.eu' with status pending
VERBOSE: Setting Plugin to GoDaddy
VERBOSE: Updating plugin args for plugin(s) GoDaddy
VERBOSE: Saving order changes
WARNING: Fewer Plugin values than names in the order. Using GoDaddy for the rest.
VERBOSE: Publishing challenge for Domain mydomain.eu with Token JAEckwibzCadfadfdsafDKDzkYLpq2syfWksD05DB1a9OvELE using Plugin GoDaddy and DnsAlias ''.
VERBOSE: Adding a new TXT record for _acme-challenge with value nGuoMadfadfdsafdfdsfrhphKDnzU017KFqtQQIfUI
Submit-ChallengeValidation: C:\Users\user1\Documents\PowerShell\Modules\Posh-ACME\4.19.0\Public\New-PACertificate.ps1:253
Line |
253 | Submit-ChallengeValidation
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
| {"code":"INVALID_BODY","message":"Request body doesn't fulfill schema, see details in fields"}
PS C:\Users\user1>

Single cert like test.mydomain just works fine.

Your publish challenge gives the same error

from posh-acme.

The log shows it failing on the very first publish command. I think the problem is specifically with creating a domain root TXT record. But it only seems to be a problem for your domain. It works normally for one on my account. Can you create a domain root TXT message via the web GUI?

When you try the publish command, is there any more text to the error? Also, are you running on PowerShell 5 or 7?

from posh-acme.

Correction. It's not actually the domain root. It would be an _acme-challenge.example.com record which is even weirder since you said test.example.com worked. There's gotta be more to that error message that would point us in the right direction.

from posh-acme.

Ok, let's try this super raw and see if we can get a better error message. Give this a shot and post the result.

# Change the $zone variable to your own domain and use the same $pArgs variable from before
$zone = 'example.com'
$auth = 'sso-key {0}:{1}' -f $pArgs.GDKey,[pscredential]::new('a',$pArgs.GDSecretSecure).GetNetworkCredential().Password
$headers = @{Authorization = $auth}
$body = ConvertTo-Json @(@{data='fakevalue';ttl=600}) -Compress
$queryParams = @{Uri = "https://api.godaddy.com/v1/domains/$zone/records/TXT/_acme-challenge"; Method='Put'; Headers=$headers; Body=$body; ContentType='application/json'}
Invoke-RestMethod @queryParams

If there's no output, that means it worked and you should see the record in the web GUI.

from posh-acme.

Quick check:
with wildcard
VERBOSE: Adding a new TXT record for _acme-challenge with value nGuoM6SA30hVo-HmsbSytrhphKDnzU017KFqtQQIfUI

with olaf2
VERBOSE: Adding a new TXT record for _acme-challenge.olaf2 with value ocCdNvqjBLdEXQFZCh8YIAAdSEvem1hhH-o9zExMTcw

Note the _acme-challenge..OLAF2
Is that part missing / required in wildcard required?
Going to work on your test req. now

from posh-acme.

one step further.
you script does not add the txt entry for mydomain.eu
but it does for myotherdomain.eu

so it looks like there is something wrong for mydomain.eu at godaddy. (doohhhhh)
and i cannot see what's going on. No other TXT records involved...

from posh-acme.

issue fixed. Existing TXT _acme-challenge. im so sorry for the trouble....

from posh-acme.

Nice! Glad you figured out the problem. Was there something special about the existing _acme-challenge record? The code should have been able to work even if a record already existed and just added another value to it. That's what it ends up doing anyway when you get a cert for both the domain apex and the wildcard name.

from posh-acme.

Ryan, there might be an issue with that.
I had 1 row with _acme-challenge. (nothing special tbh)

Added a second in Godaddy UI. And got an error msg with conflicting records.

It seems it's not allowed!? I can post screenshot later if you want...

from posh-acme.