Adding DNSAPI wrapper for Websupport webhosting (Slovakia) #3392
Conversation
Catching up with the current state of things
Adding this to at least partially prevent the virtually nonexistent possibility of timestamp and _utc_date() mismatch. If the normal date -u -d does not get converted (looking at you Solaris!), the poor man's method with manipulating the _utc_date() string output kicks in.
Silly mistake with a "/" -.-
|
Obviously, the DNS check will fail in the pull request due to different secrets etc, but again, the actions in my repo and my real-life test on NAS show that it is working properly. |
_hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex)
but removed "printf "s%" ...
It only works this way, apparently
|
Tried all sorts of combinations for the _hmac authorization but none worked, I reverted back to what worked originally. |
Just in case, make sure CR or NL don't end up in an email header.
Improves standards compatibility and utf-8 handling in Python 3.3-3.8. (email.policy.default becomes the default in Python 3.9.)
Secure by default. Also try to minimize configuration errors. (Many ESPs/ISPs require STARTTLS, and most support it.)
没有encode中文字符会导致提交失败
(they are embedded)
The API now supports a POST route for adding records. Therefore checking for already existing records and including them in a PATCH request is no longer necessary.
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
Hopefully the last one
|
The code is exactly as it was when it initially worked, passing all checks, in February. Now Oraclelinux:8 fails and the log does not give me any hint what might be wrong... |
|
you can debug oraclelinux docker locally. It's easy to run acmetest locally: https://github.com/acmesh-official/acmetest All the CI checks must be passing before it can be merged. Thanks. |
|
@Neilpang after some time, I got back to this. I tested everything locally and it worked flawlessly even on oracle linux. I also re-ran the checks and they all passed (see here, commit 051775b String update). I came to the conclusion that when I was testing this a month ago, there was actually a short-term issue on the webhosting provider server, because in fact it gave me a 400 error only one one platform, without any clashes on the others. This being said, I am confident that this implementation works, it passes all the checks, it has been tested locally on at least three platforms in DNS and Standalone modes and I think it is ready to be pushed to the dev repo, and then to master. |
|
did you create an issue for bug reporting ? https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide |
|
Thank you for reminding me, I did now here #3486 |
Hello @Neilpang, I managed to fix everything and I am opening a new pull request for easier organization. Please close the original #3184 .
A couple of things that I fixed and improved from the original script by @trgosk (again, great job!).
For the future reference, anyone struggling with Solaris as much as I did, read this:
Solaris shell cannot convert dates from epoch properly. Neither "date -u -d @"timestamp"", nor "date -u -r "timestamp"" work.
To mend this, after some experimenting, did another 2>/dev/null condition resulting in using the _utc_date() function modified by sed to achieve the ISO8601 format (line 161).
Please do not change this. The Websupport API is particularly sensitive to a match of the epoch timestamp and the utc date generated from the timestamp. Every other system can convert the timestamp variable into a date and work with that, so that is prioritized. If that fails, the _utc_date()/sed kicks in as a failsafe.
However, there is a (virtually nonexistent) possibility of a bug occurence, when there is a 1 (or more) second delay between execution of _time() and _utc_date(), then they won't match. Again this should never happen because we are in the 21st century and have powerful processors, but the possibility exists. In Solaris there is no other way that I know of to mend this, perhaps using some long perl scripts etc., but I don't think it's worth the time finding this solution out.
Other than that, everything works perfectly, I tested it on my Synology NAS and believe it can be pushed as-is. Once it gets pushed into the dev branch, I will update the Wiki entry.