angel333 / certbot-he-hook Goto Github PK

I have received an alert from Let's Encrypt Expiry Bot [email protected] stating that one of my domain's validity is expiring in 19 days, but as I check with certbot certificates and from ssllabs.com it has almost 3 months of validity as it should have. So what could be causing the false alarm? The only thing that came to my mind is the hook. Are there others receiving false alarms like this? Thoughts?

Hey,

Had an issue whereby it wouldn't work with my .uk.com domain.

Looks like when its trying to get the ZONENAME_REGEX, it returns uk\.com.
This occurs when the CERBOT_DOMAIN is *.domain.uk.com

I also had to add in a sleep as it wasn't picking it up within the short space of time. After this, it worked great.

Also to note, --manual-cleanup-hook was required to remove the record once complete, not sure if its worth updating the examples shown.

I can't get the script to work at all. Before today my cert wasn't ready for renewal ... now that it is ready, when I attempt a renewal with the unmodified script specified for the hook, I get this after the list of challenges it will be doing:

Running manual-auth-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
Error output from manual-auth-hook command certbot-he-hook.sh:
No zone for domain "" found.
/usr/local/certbot-he-hook/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

Running manual-auth-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
Error output from manual-auth-hook command certbot-he-hook.sh:
No zone for domain "" found.
/usr/local/certbot-he-hook/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

Running manual-auth-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
Error output from manual-auth-hook command certbot-he-hook.sh:
No zone for domain "" found.
/usr/local/certbot-he-hook/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

Running manual-auth-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
Error output from manual-auth-hook command certbot-he-hook.sh:
No zone for domain "" found.
/usr/local/certbot-he-hook/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

Running manual-auth-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
^CCleaning up challenges
Running manual-cleanup-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
Error output from manual-cleanup-hook command certbot-he-hook.sh:
No zone for domain "" found.
/usr/local/certbot-he-hook/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

Running manual-cleanup-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
Error output from manual-cleanup-hook command certbot-he-hook.sh:
No zone for domain "" found.
/usr/local/certbot-he-hook/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

It repeats many times because there are a lot of names in my certificate. I tried various replacements for "return 1" ... "continue", "exit", "exit 1", "break" ... and none of them work. See issue #10 that I opened before. With continue, it just hangs, and after some thought, this makes sense, so the pull request I made for that issue is invalid. With the others, it spits out errors similar to the above ... the domain is always "" instead of what it should be. The DNS challenges fail because the TXT records are never added.

Running on Ubuntu 20, the master branch is checked out from this repo and is up to date.

It looks like the part of the script that sets $HE_COOKIE isn't getting what it expects from the HE website. Here's an excerpt of what I get from running 'curl -L --silent --show-error -I "https://dns.he.net/"' :

Set-Cookie: 291541a0a47538f8ae75fdef92aca43c56e2b307832d37725210bb8ed950c8e4=c99383a395e65d94dd37a526c6a7ea03; path=/; expires=Thu, 19-Aug-2021 14:23:39 GMT

The "CGISESSID=" text that the script is looking for is not there. Did HE change their API so that it breaks this script?

I got an error with the script on Ubuntu 18. Basically there's a return statement at line 99 in the script, but that part of the script is not wrapped in a function, so return is invalid. Made a pull request.

#9

Hi,

I'm new to certbot and would like to have the free ssl cert with Hurricane Electric Free DNS Management (https://dns.he.net).

For the first step in the readme I get a "No renewals were attempted." As I haven't configured any domains. For that I guess I should start with #2 from the readme, but that requires a HE_SESSID=<session_id>. How do I get that HE_SESSID?

Loging in the site and looking to cookies I see only a CGISESSID. Tried with that and got:

Waiting for verification...
Cleaning up challenges
Error output from certbot-he-hook.sh:
No zone for domain "" found.
/root/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

Failed authorization procedure. xyz.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xyz.com

I like faster, but I don't know what the SESSID even is. Could you explain a little more about it and how to get it? Thanks, Tom

Script is failing with
No zone for domain "" found.

Checking the script we get that the cookie format changes, we do not have anymore the CGISESSID cookie, but instead a random id:

 curl -L --silent --show-error -I https://dns.he.net/ |  grep '^Set-Cookie:' 
Set-Cookie: 2915s1a0a47538f8ae75fdef12aca44c56e2b307832d37d25210ba8ed950c3e4=15425ee4e6df96e0c0d23acc4213eb37; path=/; expires=Tue, 09-Jun-2020 10:32:26 GMT