Hook command "<path>/auth-hook" returned error code 1
hvanmegen opened this issue · comments
I just did a fresh install of this tool, but when trying to connect, I get an error: (domain and hash replaced)
$ certbot certonly --dry-run --manual-public-ip-logging-ok --manual --preferred-challenges=dns --manual-auth-hook /opt/transip_api/certbot-transip-dns-01-validator/auth-hook --manual-cleanup-hook /opt/transip_api/certbot-transip-dns-01-validator/cleanup-hook -d '<domain>' -d '*.<domain>'
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for <domain>
dns-01 challenge for <domain>
Output from auth-hook:
[2020-02-02 00:42:29.079110] ERROR: Exception received from JSON Server: Invalid API signature, signature does not match the request. (timestamp: 0.07718200 1580600549)
Hook command "/opt/certbot-transip-dns-01-validator/auth-hook" returned error code 1
Output from auth-hook:
[2020-02-02 00:42:29.273066] ERROR: Exception received from JSON Server: Invalid API signature, signature does not match the request. (timestamp: 0.27165200 1580600549)
Hook command "/opt/certbot-transip-dns-01-validator/auth-hook" returned error code 1
Waiting for verification...
Cleaning up challenges
Output from cleanup-hook:
[2020-02-02 00:42:33.071716] ERROR: Exception received from JSON Server: Invalid API signature, signature does not match the request. (timestamp: 0.07043500 1580600553)
Hook command "/opt/certbot-transip-dns-01-validator/cleanup-hook" returned error code 1
Output from cleanup-hook:
[2020-02-02 00:42:33.244140] ERROR: Exception received from JSON Server: Invalid API signature, signature does not match the request. (timestamp: 0.24259800 1580600553)
Hook command "/opt/certbot-transip-dns-01-validator/cleanup-hook" returned error code 1
Failed authorization procedure. <domain> (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "<hash>" found at _acme-challenge.<domain>, <domain> (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "<hash>" found at _acme-challenge.<domain>
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: <domain>
Type: unauthorized
Detail: Incorrect TXT record
"<hash>" found at
_acme-challenge.<domain>
Domain: <domain>
Type: unauthorized
Detail: Incorrect TXT record
"<hash>" found at
_acme-challenge.<domain>
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I made sure that config/transip.php contains my correct key by creating a new one and inserting it correctly into transip.php :
<?php
return [
'login' => '<username>',
'private_key' => '
-----BEGIN PRIVATE KEY-----
<api_private_key>
-----END PRIVATE KEY-----
',
'logfile' => 'logs/certbot-transip.log',
'loglevel' => 'info', // options: debug, info, error
];
I'm trying to figure out where this error comes from.
Is there any info in the logfile logs/certbot-transip.log?
Could you temporary replace the getDomainNames() function in src/CertbotTransIpDns01/Providers/TransIp.php on line 56 with the function below and try the command again?
public function `getDomainNames(): array
{
if (empty($this->domainNames)) {
$this->domainNames = Transip_DomainService::getDomainNames();
}
print_r($this->domainNames);
return $this->domainNames;
}It should print out the domainnames listed in your Control Panel.
@hvanmegen is this issue still relevant?