Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't get this to work at all #11

Open
elyograg opened this issue Aug 19, 2021 · 2 comments
Open

Can't get this to work at all #11

elyograg opened this issue Aug 19, 2021 · 2 comments

Comments

@elyograg
Copy link

I can't get the script to work at all. Before today my cert wasn't ready for renewal ... now that it is ready, when I attempt a renewal with the unmodified script specified for the hook, I get this after the list of challenges it will be doing:

Running manual-auth-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
Error output from manual-auth-hook command certbot-he-hook.sh:
No zone for domain "" found.
/usr/local/certbot-he-hook/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

Running manual-auth-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
Error output from manual-auth-hook command certbot-he-hook.sh:
No zone for domain "" found.
/usr/local/certbot-he-hook/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

Running manual-auth-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
Error output from manual-auth-hook command certbot-he-hook.sh:
No zone for domain "" found.
/usr/local/certbot-he-hook/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

Running manual-auth-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
Error output from manual-auth-hook command certbot-he-hook.sh:
No zone for domain "" found.
/usr/local/certbot-he-hook/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

Running manual-auth-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
^CCleaning up challenges
Running manual-cleanup-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
Error output from manual-cleanup-hook command certbot-he-hook.sh:
No zone for domain "" found.
/usr/local/certbot-he-hook/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

Running manual-cleanup-hook command: /usr/local/certbot-he-hook/certbot-he-hook.sh
Error output from manual-cleanup-hook command certbot-he-hook.sh:
No zone for domain "" found.
/usr/local/certbot-he-hook/certbot-he-hook.sh: line 99: return: can only `return' from a function or sourced script

It repeats many times because there are a lot of names in my certificate. I tried various replacements for "return 1" ... "continue", "exit", "exit 1", "break" ... and none of them work. See issue #10 that I opened before. With continue, it just hangs, and after some thought, this makes sense, so the pull request I made for that issue is invalid. With the others, it spits out errors similar to the above ... the domain is always "" instead of what it should be. The DNS challenges fail because the TXT records are never added.

Running on Ubuntu 20, the master branch is checked out from this repo and is up to date.

It looks like the part of the script that sets $HE_COOKIE isn't getting what it expects from the HE website. Here's an excerpt of what I get from running 'curl -L --silent --show-error -I "https://dns.he.net/"' :

Set-Cookie: 291541a0a47538f8ae75fdef92aca43c56e2b307832d37725210bb8ed950c8e4=c99383a395e65d94dd37a526c6a7ea03; path=/; expires=Thu, 19-Aug-2021 14:23:39 GMT

The "CGISESSID=" text that the script is looking for is not there. Did HE change their API so that it breaks this script?
@elyograg
Copy link
Author

With the following diff, it works:

diff --git a/certbot-he-hook.sh b/certbot-he-hook.sh
index f65a761..1eae4aa 100755
--- a/certbot-he-hook.sh
+++ b/certbot-he-hook.sh
@@ -56,7 +56,7 @@ if [ -n "$HE_USER" ] && [ -n "$HE_PASS" ]; then
   HE_COOKIE=$( \
     curl -L --silent --show-error -I "https://dns.he.net/" \
       | grep '^Set-Cookie:' \
-      | grep -Eo 'CGISESSID=[a-z0-9]*')
+      | grep -Eo '[a-z0-9]*=[a-z0-9]*' | head -n1)
   # Attempt login
   curl -L --silent --show-error --cookie "$HE_COOKIE" \
     --form "email=${HE_USER}" \
@@ -92,11 +92,10 @@ STRIP_COUNTER=1
 # Walk through all possible zone names
 while true; do
   ATTEMPTED_ZONE=$(echo "$CERTBOT_DOMAIN" | cut -d . -f ${STRIP_COUNTER}-)
-
   # All possible zone names have been tried
   if [ -z "$ATTEMPTED_ZONE" ]; then
     echo "No zone for domain \"$DOMAIN\" found." 1>&2
-    return 1
+    break
   fi

   # Take care of "." and only match whole lines. Note that grep -F

@elyograg
Copy link
Author

My fix for line 99 (See issue #10 too) here may not be right. "exit 1" may be the right way to go.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@elyograg