blueslow / sslcertzoneedit Goto Github PK

Hi,
If one want's to use Letsencrypt for certification a command:
acme.sh --set-default-ca letsencrypt
One could add it to readme information.

Keep those TPS cover sheet reports coming!
SH

Hello,

I have created: #3950
Would be nice if your created dns challenge could be added to acme. Maybe by doing a pull request there?

The first time I tried this, I did --test with -d <my.dom> -d <alt.my.dom>. It worked, but it failed to remove the TXT record for the alt domain even though there was NO error. Checking the code closer I noticed dns_zoneedit.sh is using _get for create and _post for delete ("DELETE" != GET). I haven't been able to reproduce this, so _post IS working for delete most of the time (I've not tried it for create). You have "Replace the usage of the get method to post in order to get better protection of id and token." so I'm not sure if this is intentional?

If you tell ZoneEdit to delete a non-existent TXT record, it will report HTTP code 200, success. So that might give an idea on why the delete "failed successfully".

ZoneEdit is enforcing a minimum 10 second delay to create or delete TXT records with the same host name. This breaks wildcard support. I have an idea of how I would fix this in the code that isn't just a sleep 10. I haven't spent enough time learning acme.sh's hooks, but you might have a better idea of what acme.sh expects. I'm not entirely sure I will be using wildcards. My internal LAN has a lot of cname's so I thought it might be useful there, otherwise my external end points are limited.

OPNSense is a lot different than Pfsense, there is no inc file for instance. Not sure I will be running acme.sh there. I might just do a SSH deploy from another system.

https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/mvc/app
Just grepping for "FreeDNS" for example...

./library/OPNsense/AcmeClient/LeValidation/DnsFreedns.php: * FreeDNS API
./controllers/OPNsense/AcmeClient/forms/dialogValidation.xml:        <label>FreeDNS</label>
./models/OPNsense/AcmeClient/AcmeClient.xml:                        <dns_freedns>FreeDNS</dns_freedns>

I appreciate your script. Regards.

I have poured over the documentation but cannot seem to locate this acme.inc into which I am to insert the zoneedit credentials. I assume this was an include file that appears to have been done away with. Have I missed something or is there possibly a new approach?

Can you please make the patch either Copied or Unified context format? Otherwise it gets added in the wrong place with slightly newer acme package, resulting in the syntax error for the entire WebGUI...

I made the modification below to /usr/local/pkg/acme/acme.inc on pfsense around line 2750 (just before "//TODO add more challenge validation types" comment:

$acme_domain_validation_method['dns_zoneedit'] = [
'name' => 'DNS-Zoneedit',
'fields' => [
'ZONEEDIT_ID' => [
'name' => 'zoneedit_id',
'description' => 'ZONEEDIT ID',
'columnheader' => 'ID',
'type' => 'textbox',
],
'ZONEEDIT_Token' => [
'name' => 'zoneedit_token',
'description' => 'ZONEEDIT Token',
'columnheader' => 'Token',
'type' => 'textbox',
],
]
];