Report bugs to Active24.cz dns api #2059
Comments
Neilpang
added
the
3rd party api
|
@MilanPala |
|
@Neilpang Thank you. |
|
Any plans for supporting V2 API? |
|
@bckp Not from my side at this moment. |
|
Ok, the Active24 v1 API is dead from the time of the migration of my accounts to the "new" platform. They even deleted my API keys during the migration! For sure zero information was provided to the customers before migration, no information is in the Active24 knowledge base and support operators knows nada. What a great customer approach, just bunch of dilettantes. Anyway as Active24 platform was migrated to the Websupport platform, there is slight chance that dns_websupport.sh might work, when overwriting default API URL:
to the:
As Active24 support do not know anything about this topic, I will test it and report back here. This is also supported with fact, that new Active24 API tokens have two parts - similar to the websupport API. EDITED (multiple times, due to my mistakes): It works.
|
|
Not just Active24. Even Websupport is changing API. https://rest.websupport.sk/docs Currently implemented is legacy V1 API. https://rest.websupport.sk/docs/v1.zone In summary both Active24 and Websupport are migrating to common V2 API. |
|
@litinoveweedle I had to also rename functions |
|
I think you did not read and followed my post correctly. I never renamed any functions! |
|
@litinoveweedle I did follow it, but I got
Do I understand it correctly that you replaced |
|
Yep, you are probably correct, sorry. I can create PR for my changes later today, so you should be able to get my modified file and test it. |
|
Ok, please check here. I reached number of retry limits on Lets Encrypt when testing, so you have to try it yourself... ;-) Also please change web root in your domain.conf to: This still uses v1 not v2 functions for the TXT record manipulation (same as in original dns_websupport.sh). I will check what can be done about that. |
|
Thanks, but I'm still getting |
|
I have the same experience as berycz: I also noticed that the acme documentation is already updated to the new situation where a key_id and key_secret must be used (https://github.com/acmesh-official/acme.sh/wiki/dnsapi#59-use-active24-api), but this actual dns_active24.sh script still refers to to old single api_token. I found that when I pulled down a fresh clone from https://github.com/acmesh-official/acme.sh.git Update: Apparently the update dns_active24.sh was not merged yet, so I also tried downloading the proposed change from here: https://github.com/acmesh-official/acme.sh/blob/8c77634feb030aa981907a5624b44108930ae6f3/dnsapi/dns_active24.sh. I had a wait period of 1000 seconds to make sure the txt record would be ok. Everything seemed to work find at first, but the process failed at the end: |
Sorry xnybihal, I must overlook something very obvious but I think I tested that. See my update. The file I tested is https://github.com/acmesh-official/acme.sh/blob/8c77634feb030aa981907a5624b44108930ae6f3/dnsapi/dns_active24.sh. That is the correct one, right? |
|
Debug log woud help. If the TXT was proprely added, but not propagated in 1000 seconds by the DNS provider, there is nothing I can do about that. |
|
@xvybihal: I understand. Since the TXT was properly added, there is nothing the dns_active24.sh script can do about the verification of it. I did several tests today and in all cases the TXT was created correctly. Normally I make certs for subdomains that include a wildecard. I tried that, also for my main domain and also just for my main domain without a wildcard. It all failed. For the subdomain I got the message that the TXT record did not exist (despite giving it also 1000 seconds):
I'll do some additional testing later including collecting of debug data, but I do not have much time now. All my test from today were on --server letsencrypt_test One last question: It did work for you? Did you request certs for subdomains and/or wildcards? |
|
I think I found the problem, although I do not understand what happens. This morning I tried a few times to request a certificate. Now, about 6 hours later, I tried it again. Before I started, I made sure that all TXT records for my domain where removed (in the Active24 WebUI). When I started the acme script, I checked the TXT in the log. The value was tp9302tq9zXj1HxRZLtcFwFf5EJRUTCpjBbm1FVNfR0. I then checked the Active24 WebUI again and the TXT record was created there. So far, so good. Then I did a dig on a computer (and even network) that had never requested any _acme-challenge.example.com TXT before, so caching on my side can be excluded. To my surprise I got this answer: _acme-challenge.example.com. 3600 IN TXT "EnJseQFa84sAnsSQwcVw8-VzCGbQTLhqDYSe3sg-6s4" As you can see, the values do not match the new TXT. Furthermore, I found that both values popped up in the logs of my tests from this morning. Even then the values were already wrong. So these values are not from my own tests from this morning but already older. Possibly even from before the migration of Active24 to the new platform. |
|
In case anyone has the same problem: I hopefully have the solution (have not tested yet): Instructions to change that can be found here: |
Yes, I use it in production. Works with all kinds of (sub)somains. I am glad you found the solution. I would not have guessed that they migrate customer to new system, but leave the NS (maybe you missed email notification about that and you forgot to do that? I could imagine active24 not wanting to change customers domain records without cusomers involvement). |
|
I just did another test which still did not work, but that does make sense. Yesterday during the chat with Active24, the agent mentioned that I was still on "the old nameservers". He would fix that for me. Only today I had time to look a the nameserver settings myself and found I still had "custom" nameservers selected, so the agent did not make the change for me after all. The names of these "custom" nameservers looked very must like Active24 nameservers (for instance alfa.ns.active24.cz). Apparently these were the "old" nameservers, because I never selected "custom" nameservers myself at any point in my Active24 account. There was a button to switch to the default nameservers (ns1.websupport.cz, ns2.websupport.cza ns3.websupport.eu). According to the documentation it will take 24 to 48 hours though to propagate "Changing the location of DNS records will be processed and updated at the registry in 24 to 48 hours." Interesting enough I never received any message from Active24 that they were changing from "old" nameservers to new ones. The first time I heard about this, was during my chat with the agent yesterday. In that light, the following quote from an email I received from Active24 about the transfer of my account is rather interesting "Whether you use nameservers (DNS) from us or another provider, nothing will change for you. Only in the latter case you may receive informational emails from the .CZ domain registry (nic.cz) about changes to your domain settings during the account transfer." Clearly something did change for me.... Hopefully this will be solved in 24 to 48 hours. I created my own test TXT record that I regularly dig to see it if is resolved. At this moment it is not resolved yet, but that is to be expected. If everything is working again, I will post a last update so other people with the same problem can benefit from it. Many thanks to @xvybihal for your support. |
|
My last update: It works. :-) Much less than 24 - 48 hours. I noticed that the dig on my text TXT record started working after about 1 hour. After that the acme cert work as well. |
|
I edited the dns_active24.sh file by deleting the original content thereof and replacing it with the new one (I used the contents of this file: litinoveweedle@1f818b2). Editing was done in pfSense itself, in the GUI. After rebooting pfSense, I still get the old screen in the pfSense GUI, with only the field for the token and no fields for the API key and secret. I must be overlooking something, but have no clue for the moment. Can anyone help me out on this? EDIT: |
report bugs to Active24.cz.
The text was updated successfully, but these errors were encountered: