Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Report bug to Technitium dns api #6116

Open
qupfer opened this issue Nov 27, 2024 · 4 comments
Open

Report bug to Technitium dns api #6116

qupfer opened this issue Nov 27, 2024 · 4 comments
Assignees
Labels
3rd party api report bugs to dns api, deploy hooks and notification hooks

Comments

@qupfer
Copy link
Contributor

qupfer commented Nov 27, 2024

This is the place to report bugs in the Technitium DNS API.

If you experience a bug, please report it in this issue.

Thanks!

@Neilpang Neilpang added the 3rd party api report bugs to dns api, deploy hooks and notification hooks label Nov 28, 2024
@acmesh-official acmesh-official deleted a comment from github-actions bot Nov 28, 2024
@shrunbr
Copy link

shrunbr commented Dec 3, 2024

I added the dns_technitium.sh file to my .acme.sh folder, very cool to see this listed.

However, it doesn't appear to work with self-signed certificates on the web interface. Here is the associated error I received from using --debug. I could see this being a problem, I would imagine most people who have a use for this are going to be using self-signed certificates on the web interface until one can get issued however this is preventing certificate(s) from being issued.

[Mon Dec  2 19:36:50 CST 2024] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Mon Dec  2 19:36:50 CST 2024] Here is the curl dump log:
[Mon Dec  2 19:36:50 CST 2024] == Info: Host dns.lan.example.com:53443 was resolved.
== Info: IPv6: (none)
== Info: IPv4: 10.0.4.10
== Info:   Trying 10.0.4.10:53443...
== Info: Connected to dns.lan.example.com (10.0.4.10) port 53443
== Info: ALPN: curl offers h2,http/1.1
== Info: (304) (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 335 bytes (0x14f)
0000: ...K..7.......`...c...7.W..a..D...s.z. ...\...W....X...%...H.v.j
0040: 'W+.z...b.............0.,.(.$.......k.9...........=.5...../.+.'.
0080: #.......g.3...E...<./...A.......................+............3.&
00c0: .$... .'n....B..?....rU.....i3.3../..!...#.!...dns.lan
0100: .example.com...................................................
0140: ....h2.http/1.1
== Info:  CAfile: /Users/user/Documents/acme-sh/root-ca.pem
== Info:  CApath: none
== Info: (304) (IN), TLS handshake, Server hello (2):
<= Recv SSL data, 122 bytes (0x7a)
0000: ...v.......A=.,@.}I......='.u...#m...< ...\...W....X...%...H.v.j
0040: 'W+.z........+.....3.$... FG..T.O ........h..".r..^.....U.
== Info: (304) (IN), TLS handshake, Unknown (8):
<= Recv SSL data, 15 bytes (0xf)
0000: .............h2
== Info: (304) (IN), TLS handshake, Certificate (11):
<= Recv SSL data, 740 bytes (0x2e4)
0000: ...........0...0...............u..i0...*.H........0)1'0%..U....e
0040: xample.lan.example.com0...240408200552Z..290408200552Z0)1
0080: '0%..U....dns.lan.example.com0.."0...*.H.............
00c0: 0.........t...@R.;.........l.--.z. ,..}.E....`z.3C.O....ng.4.4..
0100: Z.K9..+C..\.}.v...Q...pa....J4U...(VD.|'BA.{Z}.+S..{.m4r7.......
0140: ]*B.I%.!.<..;...e.3.#........~.`.Y...rg.Yw....q9...1i..f,s.B..k.
0180: ..?.,j.....t.......r..V4.\...DG..z{..k...o]-..Q=}.$.I..G..ax....
01c0: .d.... .......0...*.H.............<..............R3.XY....;n.b..
0200: .......J.$....pn.w.H.A..&=J~.z..S..4.....g...3.K.....f.st.&KZ.,*
0240:  u.A}-=%Du.~.l`30.....m}....k...8.jl..l...ot...uU....>?..[...v..
0280: b..kh..~.......B&.......zV...,....`.doH.............f....[....S.
02c0: ..:0.s.|'/NSr.(c...A..(..C1.D3......
== Info: SSL certificate problem: self signed certificate
== Info: Closing connection

@qupfer
Copy link
Contributor Author

qupfer commented Dec 3, 2024

Hi,
please check the "--ca-bundle" commandline flag from acme.sh
--ca-bundle <file> Specifies the path to the CA certificate bundle to verify api server's certificate.
If you use as file the public certificate of your technitium dns server, curl should accept the self signed certificate.

@shrunbr
Copy link

shrunbr commented Dec 3, 2024

Hi, please check the "--ca-bundle" commandline flag from acme.sh --ca-bundle <file> Specifies the path to the CA certificate bundle to verify api server's certificate. If you use as file the public certificate of your technitium dns server, curl should accept the self signed certificate.

That is for a custom directory server, not the DNS server.

@qupfer
Copy link
Contributor Author

qupfer commented Dec 3, 2024

That is for a custom directory server, not the DNS server.

I don't think so.
Take a look at the _inithttp() function (currently: https://github.com/acmesh-official/acme.sh/blob/master/acme.sh#L1861)
Ca-path (and ca-bundle) are used for curl generally. So it should be used for DNS too. Maybe you have to add both certs (your DNS and LetsEncrypt/ZeroSSL/whoever) to a single cert file and use this or use ca-path and add both certificates there.
You may also add your DNS Server to the global trust store, that curl is trust them by default.

However, I don't see how I can help within this dns_technitium plugin.
Due the coding guidelines, I have (and want) to use the _get() function. I'm also bound to posix sh There I can't see an usefull way to monkey patch the _get function.
With bash, I could do somehing like myGetCopy=$(declare -f _get) and some additional sed/string magic against the copy.
But not with sh

So, I think you can:

  • use ca-bundle/ca-path commandline option (with certificates for ACME-Server and DNS)
  • add your self signed certificate to your hosts trust store
  • patch "your" acme.sh and add --insecure to the curl command
  • patch "your" version of this plugin and replace _get() with a direct curl/wget command.

I would be delighted if you could report if you have success.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3rd party api report bugs to dns api, deploy hooks and notification hooks
Projects
None yet
Development

No branches or pull requests

3 participants