root
/
acme-dns-01-ovh.js
mirror of https://git.rootprojects.org/danleyb2/acme-dns-01-ovh.js.git
2
0
Fork 0
Code Issues 1 Releases Wiki Activity

I don't understand why, my app is ok with my acme module maked with the official lib of ovh. #1

New Issue
Open
opened 2019-11-23 22:08:21 +00:00 by Ghost · 1 comment
Ghost commented 2019-11-23 22:08:21 +00:00
Copy Link

My ovh application has all rights

  • My challenge
const challenges = {}
challenges['dns-01'] = {
  module: 'acme-dns-01-ovh',
  applicationKey: 'my-appKey',
  applicationSecret: 'my-appSecret',
  consumerKey: 'my-cusomerKey',
  region: 'ovh-eu', // (French XD)
  propagationDelay: 30000  
}
  • output:
ACME Directory URL: https://acme-staging-v02.api.letsencrypt.org/directory
'acme-dns-01-ovh' did not return a Promise when called. This should be fixed by the maintainer.
[OVH] API call: GET /auth/time? {}
[OVH] API call: GET /domain/zone?
400
{
  errorCode: 'INVALID_SIGNATURE',
  message: 'Invalid signature',
  httpCode: '400 Bad Request'
}
[OVH] API call: POST /domain/zone/undefined/record {
  fieldType: 'TXT',
  subDomain: undefined,
  target: '2kqsMc4DEtrIO8PYTeCvqRw5YMR_u3D2IjvpQbkT7dU',
  ttl: 1
}
400
{
  httpCode: '400 Bad Request',
  errorCode: 'INVALID_SIGNATURE',
  message: 'Invalid signature'
}
[OVH] API call: DELETE /domain/zone/undefined/record/undefined
[OVH] API call: DELETE /domain/zone/undefined/record/undefined
Error: record did not set.
    at /test/node_modules/acme-dns-01-ovh/lib/index.js:147:12
    at processTicksAndRejections (internal/process/task_queues.js:93:5) {
  context: 'cert_issue',
  subject: 'my-domain-name',
  altnames: [ 'my-domain-name' ]
}
Error: record did not set.
    at /test/node_modules/acme-dns-01-ovh/lib/index.js:147:12
    at processTicksAndRejections (internal/process/task_queues.js:93:5) {
  context: 'cert_issue',
  subject: 'my-domain-name',
  altnames: [ 'my-domain-name' ],
  toJSON: [Function: errorToJSON],
  servername: 'my-domain-name',
  _site: {
    subject: 'my-domain-name',
    altnames: [ 'my-domain-name' ],
    renewAt: 1
  }
}
Error: record did not set.
    at /test/node_modules/acme-dns-01-ovh/lib/index.js:147:12
    at processTicksAndRejections (internal/process/task_queues.js:93:5) {
  context: 'cert_issue',
  subject: 'my-domain-name',
  altnames: [ 'my-domain-name' ],
  toJSON: [Function: errorToJSON],
  servername: 'my-domain-name',
  _site: {
    subject: 'my-domain-name',
    altnames: [ 'my-domain-name' ],
    renewAt: 1
  }
}

I have the feeling that in your module my application does not have permission to make the request while this application has all the rights to the api.

Before you answered my previous message on another repo, I made my own module with the help of the official package ovh, see the code and test below:

  • My module
'use strict'
// Let's Encrypt and OVH Api for Node.js - ACME dns-01 challenges w/ ACME.js and Greenlock.js
const Ovh = require('ovh')
const dns01OVH = module.exports

dns01OVH.create = function (options) {
  if (!options.credentials) throw new Error('OVH Api credentials is require')
  if (!options.credentials.endpoint) throw new Error('OVH Api credentials endpoint is require')
  if (!options.credentials.appKey) throw new Error('OVH Api credentials appKey is require')
  if (!options.credentials.appSecret) throw new Error('OVH Api credentials appSecret is require')
  if (!options.credentials.consumerKey) throw new Error('OVH Api credentials consumerKey is require, to get this key look the docs at: https://github.com/MNLaugh/acme-dns-01-ovh#consumerKey')
  function debug (message) {
    if (options.debug) console.info(`\x1b[33mDEBUG >>>\x1b[0m ${message}`)
  }

  const ovh = Ovh(options.credentials)
  debug('OVH Api init with success') // ** DEBUG **

  function getRecords (zone) {
    return ovh.requestPromised('GET', `/domain/zone/${zone}/record?fieldType=TXT`)
      .then(recordsID => {
        const promises = []
        recordsID.forEach(rid =>
          promises.push(ovh.requestPromised('GET', `/domain/zone/${zone}/record/${rid}`)))
        return Promise.all(promises)
          .then(records => { return records })
      })
  }

  return {
    init: function ({ request }) { return null },
    zones: function ({ dnsHosts }) {
      debug(`Zone list ${dnsHosts}`) // ** DEBUG **
      return ovh.requestPromised('GET', '/domain/zone')
        .then(zones => {
          debug(`Zones found ${zones.length}`) // ** DEBUG **
          return zones.map(function (zone) { return zone })
        })
    },
    set: function ({ challenge }) {
      const { dnsZone, dnsPrefix, dnsHost, dnsAuthorization } = challenge
      debug(`Set record to ${dnsZone}`) // ** DEBUG **
      if (!dnsZone) throw new Error('No matching zone for ' + dnsHost)
      debug(`${dnsZone} matching`) // ** DEBUG **
      return ovh.requestPromised('POST', `/domain/zone/${dnsZone}/record`, { fieldType: 'TXT', subDomain: dnsPrefix, target: dnsAuthorization })
        .then(response => {
          if (response) return true
          throw new Error('record did not set. check subdomain, api key, etc')
        })
    },
    get: function ({ challenge }) {
      var { dnsZone, dnsPrefix, dnsAuthorization } = challenge
      debug(`Get record to ${dnsZone}`) // ** DEBUG **
      return getRecords(dnsZone).then(records => {
        const record = records.filter((record) => {
          return (dnsPrefix === record.subDomain && dnsAuthorization === record.target)
        })[0]
        if (record) return { dnsAuthorization: record.target }
        return null
      })
    },
    remove: function ({ challenge }) {
      const { dnsZone, dnsPrefix, dnsAuthorization } = challenge
      debug(`Remove record to ${dnsZone}`) // ** DEBUG **
      return getRecords(dnsZone).then(records => {
        const record = records.filter((record) => {
          return (dnsPrefix === record.subDomain && dnsAuthorization === record.target)
        })[0]
        if (!record) throw new Error('Txt Record not found for removal')
        return ovh.requestPromised('DELETE', `/domain/zone/${dnsZone}/record/${record.id}`)
          .then(response => {
            debug('Record removed') // ** DEBUG **
            return true
          })
      })
    }
  }
}
  • my output
> acme-dns-01-ovh@1.0.0 test D:\Dev\Packages\acme-dns-01-ovh
> nodenv test.js

DEBUG >>> OVH Api init with success
Testing each of 'example.com, foo.example.com, *.foo.example.com'
DEBUG >>> Zone list example.com,foo.example.com,*.foo.example.com
DEBUG >>> Zones found 9
DEBUG >>> Set record to example.com
DEBUG >>> example.com matching     
DEBUG >>> Set record to example.com
DEBUG >>> example.com matching
DEBUG >>> Set record to example.com
DEBUG >>> example.com matching
DEBUG >>> Get record to example.com
DEBUG >>> Get record to example.com
DEBUG >>> Get record to example.com
DEBUG >>> Remove record to example.com
DEBUG >>> Record removed
DEBUG >>> Get record to example.com
PASS 'example.com'
DEBUG >>> Remove record to example.com
DEBUG >>> Record removed
DEBUG >>> Get record to example.com
PASS 'foo.example.com'
DEBUG >>> Remove record to example.com
DEBUG >>> Record removed
DEBUG >>> Get record to example.com
PASS '*.foo.example.com'

It looks like the soft tests all passed.
It is highly likely that your plugin is correct.
Now go test with Greenlock.js and/or ACME.js to be sure.

PASS
My ovh application has all rights - My challenge ```js const challenges = {} challenges['dns-01'] = { module: 'acme-dns-01-ovh', applicationKey: 'my-appKey', applicationSecret: 'my-appSecret', consumerKey: 'my-cusomerKey', region: 'ovh-eu', // (French XD) propagationDelay: 30000 } ``` - output: ```console ACME Directory URL: https://acme-staging-v02.api.letsencrypt.org/directory 'acme-dns-01-ovh' did not return a Promise when called. This should be fixed by the maintainer. [OVH] API call: GET /auth/time? {} [OVH] API call: GET /domain/zone? 400 { errorCode: 'INVALID_SIGNATURE', message: 'Invalid signature', httpCode: '400 Bad Request' } [OVH] API call: POST /domain/zone/undefined/record { fieldType: 'TXT', subDomain: undefined, target: '2kqsMc4DEtrIO8PYTeCvqRw5YMR_u3D2IjvpQbkT7dU', ttl: 1 } 400 { httpCode: '400 Bad Request', errorCode: 'INVALID_SIGNATURE', message: 'Invalid signature' } [OVH] API call: DELETE /domain/zone/undefined/record/undefined [OVH] API call: DELETE /domain/zone/undefined/record/undefined Error: record did not set. at /test/node_modules/acme-dns-01-ovh/lib/index.js:147:12 at processTicksAndRejections (internal/process/task_queues.js:93:5) { context: 'cert_issue', subject: 'my-domain-name', altnames: [ 'my-domain-name' ] } Error: record did not set. at /test/node_modules/acme-dns-01-ovh/lib/index.js:147:12 at processTicksAndRejections (internal/process/task_queues.js:93:5) { context: 'cert_issue', subject: 'my-domain-name', altnames: [ 'my-domain-name' ], toJSON: [Function: errorToJSON], servername: 'my-domain-name', _site: { subject: 'my-domain-name', altnames: [ 'my-domain-name' ], renewAt: 1 } } Error: record did not set. at /test/node_modules/acme-dns-01-ovh/lib/index.js:147:12 at processTicksAndRejections (internal/process/task_queues.js:93:5) { context: 'cert_issue', subject: 'my-domain-name', altnames: [ 'my-domain-name' ], toJSON: [Function: errorToJSON], servername: 'my-domain-name', _site: { subject: 'my-domain-name', altnames: [ 'my-domain-name' ], renewAt: 1 } } ``` I have the feeling that in your module my application does not have permission to make the request while this application has all the rights to the api. ------------------------------------------------------------------------------------- Before you answered my previous message on another repo, I made my own module with the help of the official package ovh, see the code and test below: - My module ```js 'use strict' // Let's Encrypt and OVH Api for Node.js - ACME dns-01 challenges w/ ACME.js and Greenlock.js const Ovh = require('ovh') const dns01OVH = module.exports dns01OVH.create = function (options) { if (!options.credentials) throw new Error('OVH Api credentials is require') if (!options.credentials.endpoint) throw new Error('OVH Api credentials endpoint is require') if (!options.credentials.appKey) throw new Error('OVH Api credentials appKey is require') if (!options.credentials.appSecret) throw new Error('OVH Api credentials appSecret is require') if (!options.credentials.consumerKey) throw new Error('OVH Api credentials consumerKey is require, to get this key look the docs at: https://github.com/MNLaugh/acme-dns-01-ovh#consumerKey') function debug (message) { if (options.debug) console.info(`\x1b[33mDEBUG >>>\x1b[0m ${message}`) } const ovh = Ovh(options.credentials) debug('OVH Api init with success') // ** DEBUG ** function getRecords (zone) { return ovh.requestPromised('GET', `/domain/zone/${zone}/record?fieldType=TXT`) .then(recordsID => { const promises = [] recordsID.forEach(rid => promises.push(ovh.requestPromised('GET', `/domain/zone/${zone}/record/${rid}`))) return Promise.all(promises) .then(records => { return records }) }) } return { init: function ({ request }) { return null }, zones: function ({ dnsHosts }) { debug(`Zone list ${dnsHosts}`) // ** DEBUG ** return ovh.requestPromised('GET', '/domain/zone') .then(zones => { debug(`Zones found ${zones.length}`) // ** DEBUG ** return zones.map(function (zone) { return zone }) }) }, set: function ({ challenge }) { const { dnsZone, dnsPrefix, dnsHost, dnsAuthorization } = challenge debug(`Set record to ${dnsZone}`) // ** DEBUG ** if (!dnsZone) throw new Error('No matching zone for ' + dnsHost) debug(`${dnsZone} matching`) // ** DEBUG ** return ovh.requestPromised('POST', `/domain/zone/${dnsZone}/record`, { fieldType: 'TXT', subDomain: dnsPrefix, target: dnsAuthorization }) .then(response => { if (response) return true throw new Error('record did not set. check subdomain, api key, etc') }) }, get: function ({ challenge }) { var { dnsZone, dnsPrefix, dnsAuthorization } = challenge debug(`Get record to ${dnsZone}`) // ** DEBUG ** return getRecords(dnsZone).then(records => { const record = records.filter((record) => { return (dnsPrefix === record.subDomain && dnsAuthorization === record.target) })[0] if (record) return { dnsAuthorization: record.target } return null }) }, remove: function ({ challenge }) { const { dnsZone, dnsPrefix, dnsAuthorization } = challenge debug(`Remove record to ${dnsZone}`) // ** DEBUG ** return getRecords(dnsZone).then(records => { const record = records.filter((record) => { return (dnsPrefix === record.subDomain && dnsAuthorization === record.target) })[0] if (!record) throw new Error('Txt Record not found for removal') return ovh.requestPromised('DELETE', `/domain/zone/${dnsZone}/record/${record.id}`) .then(response => { debug('Record removed') // ** DEBUG ** return true }) }) } } } ``` - my output ```console > acme-dns-01-ovh@1.0.0 test D:\Dev\Packages\acme-dns-01-ovh > nodenv test.js DEBUG >>> OVH Api init with success Testing each of 'example.com, foo.example.com, *.foo.example.com' DEBUG >>> Zone list example.com,foo.example.com,*.foo.example.com DEBUG >>> Zones found 9 DEBUG >>> Set record to example.com DEBUG >>> example.com matching DEBUG >>> Set record to example.com DEBUG >>> example.com matching DEBUG >>> Set record to example.com DEBUG >>> example.com matching DEBUG >>> Get record to example.com DEBUG >>> Get record to example.com DEBUG >>> Get record to example.com DEBUG >>> Remove record to example.com DEBUG >>> Record removed DEBUG >>> Get record to example.com PASS 'example.com' DEBUG >>> Remove record to example.com DEBUG >>> Record removed DEBUG >>> Get record to example.com PASS 'foo.example.com' DEBUG >>> Remove record to example.com DEBUG >>> Record removed DEBUG >>> Get record to example.com PASS '*.foo.example.com' It looks like the soft tests all passed. It is highly likely that your plugin is correct. Now go test with Greenlock.js and/or ACME.js to be sure. PASS ```
coolaj86 commented 2020-01-10 08:43:22 +00:00
Owner
Copy Link

I'll have to check this out and figure out what's wrong. I'm glad that you got something that works though.

I'll have to check this out and figure out what's wrong. I'm glad that you got something that works though.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: root/acme-dns-01-ovh.js#1
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?