I am trying to “automate” my DNS txt record validation, and I have built a script that updates the record correctly based on what I have seen is parsed here when I run it manually, but it throws the following error in Certify when I try to test the configuration:
DNS Challenge API Provider not set or not recognised. Select an API to proceed.
Here is a sanitized version of the batch file:
@echo off & setlocal
set "URL=https://www.duckdns.org/update?domains=wb6vpm^&token=***REMOVED***^&txt=%3^&verbose=true"
powershell "ipmo BitsTransfer; Start-BitsTransfer \"%URL%\" \"%temp%\a\""
I am running Certify v 4.1.8.0 Community Edition. Am I just missing something, or is this a bug?
I’d say it a bug, but it hasn’t happened before that I know of and this is a fairly mature version of the software.
Under Authorization > DNS Update Method the dropdown list should be set to (Use Custom Script), you could try selecting a different option then setting it back, and also then hit Save to ensure that’s being stored.
The other possibility is that the error is hiding an exception while creating the scripting task. I assume Local System (the user which runs the certify background service) will be able to access the path to your script ok?
By the way I think you can also use Invoke-WebRequest or Invoke-RestMethod to call an http api, that would save you importing Bits, alternatively you can install a local copy of curl and use that directly without invoking powershell.
Hi @webprofusion, thanks for the feedback. I have updated the batch file to use cURL, which I already had installed on the machine and had forgotten about it. The system has full access to the folder (see screenshot below). I have also changed the DNS Update Method to multiple settings, saving between each change, and then back to the (Use Custom Script) and I still get the same error.
Here is the updated (redacted of course) batch file, which of course works perfectly when run manually:
@echo off
curl "https://www.duckdns.org/update?domains=wb6vpm&token=***REMOVED***&txt=%3&verbose=true"
Thanks, can you send through your C:\ProgramData\Certify\manageditems.db file to support {at} certifytheweb.com for investigation, this is an interesting one I’d like to get to the bottom of!
Thanks, note that when pointing to a script (batch file) you can’t specify other arguments because the app is expecting an actual file path ( so you can’t redirect > output.txt for instance, your batch file has to do this internally).
Yeah, I saw that after uploading the db file, I thought I had already remvoed it. It is now able to successfully get the certificate.
However, please note that while it does get the cert when I click “Request Certificate”, “Test” still shows that it fails with the same error as in the original post.
Also, please forgive the potential stupidness of this question, but is there a way to force it to reauthenticate the DNS validation? I know that normally, it only does it when it fails renewal more than 2 times, but obviously, as long as everything is going well, that shouldn’t really happen. I just want to make sure that my success wasn’t a one-time got lucky.
Hi, validation is cached by Let’s Encrypt for up to 30 days. You could add a domain to the certificate request or create a new managed certificate just testing a subdomain (like ‘test.yourdomain.com’) with the same script. Regarding the Test issue, I’ll check that on my copy, the error I got was just to do with the file not being found.
You should maybe create a new managed cert with the same details/script and delete the old one, as you’re seeing very unusual behaviour with this one.
