Acme.sh: Invalid error handling on manual mode?
Hello.
I'm issuing wildcard certs using manual mode (no other option here) with following commands:
/getup-engine/acme.sh/acme.sh \
--issue \
--dns \
--yes-I-know-dns-manual-mode-enough-go-ahead-please \
-d "${zone}" \
-d "*.${zone}" \
--home $STATE_DIR/letsencrypt \
--cert-file $CERTS_DIR/${zone}.crt \
--key-file $CERTS_DIR/${zone}.key \
--ca-file $CERTS_DIR/ca-${zone}.crt \
--fullchain-file $CERTS_DIR/fullchain-${zone}.crt
}
After add all required TXT records to DNS, I run:
/getup-engine/acme.sh/acme.sh \
--renew \
--dns \
--yes-I-know-dns-manual-mode-enough-go-ahead-please \
-d "${zone}" \
-d "*.${zone}" \
--home $STATE_DIR/letsencrypt \
--cert-file $CERTS_DIR/${zone}.crt \
--key-file $CERTS_DIR/${zone}.key \
--ca-file $CERTS_DIR/ca-${zone}.crt \
--fullchain-file $CERTS_DIR/fullchain-${zone}.crt
The command is failing with:
Renewing certificates for cloud.ump.uoldiveo.com
[Fri May 4 21:44:22 UTC 2018] Renew: 'cloud.ump.uoldiveo.com'
[Fri May 4 21:44:23 UTC 2018] Multi domain='DNS:cloud.ump.uoldiveo.com,DNS:*.cloud.ump.uoldiveo.com'
[Fri May 4 21:44:23 UTC 2018] Getting domain auth token for each domain
[Fri May 4 21:44:23 UTC 2018] Verifying:cloud.ump.uoldiveo.com
[Fri May 4 21:44:26 UTC 2018] Success
[Fri May 4 21:44:26 UTC 2018] Verifying:*.cloud.ump.uoldiveo.com
[Fri May 4 21:44:28 UTC 2018] Success
[Fri May 4 21:44:28 UTC 2018] Verify finished, start to sign.
[Fri May 4 21:44:29 UTC 2018] Cert success.
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
[Fri May 4 21:44:29 UTC 2018] Your cert is in /state/letsencrypt/cloud.ump.uoldiveo.com/cloud.ump.uoldiveo.com.cer
[Fri May 4 21:44:29 UTC 2018] Your cert key is in /state/letsencrypt/cloud.ump.uoldiveo.com/cloud.ump.uoldiveo.com.key
[Fri May 4 21:44:29 UTC 2018] The intermediate CA cert is in /state/letsencrypt/cloud.ump.uoldiveo.com/ca.cer
[Fri May 4 21:44:29 UTC 2018] And the full chain certs is there: /state/letsencrypt/cloud.ump.uoldiveo.com/fullchain.cer
[Fri May 4 21:44:29 UTC 2018] It seems that you are using dns manual mode. please take care: The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead.
[Fri May 4 21:44:29 UTC 2018] Call hook error.
All files are there, inside --home $STATE_DIR/letsencrypt as expected. However the script is failling to copy it to other locations specified on command line parameters.
I'm wondering if the line below should fail the function or this call to _err could be shielded not to leak $? to caller.
https://github.com/Neilpang/acme.sh/blob/f7c3f5281704f90f7341cde43587801c8f47ff75/acme.sh#L3186
It can be done with _err "$_DNS_MANUAL_WARN" || true.
Thanks.
caruccio
All 5 comments
I'm also running into an issue here as I've automated using manual mode, but it's exiting with a "1" returning as opposed to a 0, which means I can't verify that everything else worked.
I'd love to request that if using manual mode, the system returns 0 and the post hooks continue to function.
ehprivacy
on 4 Jul 2019
I think this
https://github.com/Neilpang/acme.sh/blob/54143ae6d40ba8845de392ab8350c525f47a9417/acme.sh#L3334
should be fixed with
if _hasfield "$Le_Webroot" "$W_DNS" && [ -z "$FORCE_DNS_MANUAL" ]; then
kolbma
on 10 Oct 2019
I encountered the same issue. Fix proposed in https://github.com/Neilpang/acme.sh/issues/1586#issuecomment-540626531 worked for my setup (thanks @kolbma).
Is there any plan to propose a pull request to fix this ?
Thanks !
PauuloG
on 12 Nov 2019
Maybe @kolbma would like to submit a PR?
caruccio
on 12 Nov 2019
We'll see what happens with a back queue of 110 pull requests :ok_man:
kolbma
on 12 Nov 2019
Related issues
FernandoMiguel
路
5Comments
duxiu-chen
路
4Comments
extensionsapp
路
4Comments
MarcusWolschon
路
3Comments
p3x-robot
路
5Comments