How Can I Report Errors from DNS Authorization Script?

MEwald · August 21, 2018, 10:35am

I’m using the following setup:

Domain Authorization via DNS challenge (dns-01)
Custom Script (because our DNS proider has an API, but is not directly supported)

If the script fails (returns with an exit code != 0), I would have expected that the “Certify the Web” client would detect this as a failure, but it still reports success.

Output on Sidebar:

Test Certificate MyCertificateName
Success
All Tests Completed OK

(Use Custom Script) :: Warning: Script exited with the following ExitCode: 123

I’ve tried positive and negative exit codes, but nothing seems to be picked up by the “Certify the Web” client as an error.

This is not a showstopper because the DNS challenge wll also fail if the script is unable to add the DNS TXT record, but it would certainly be nicer if the script’s failure could cancel the whole proess early on.

webprofusion · August 21, 2018, 11:57am

Hi, we could look for a process exit code but we don’t currently.

The assumption with scripts is that they will either complete successfully or their failure will cause validation to fail. Validation failure would then be handled normally (with a retry later).

Even if the script fails we still have to ask the validation to complete, otherwise incomplete validation attempts will mount up and you eventually hit a Let’s Encrypt limit.

webprofusion · August 21, 2018, 11:59am

Out of interest which DNS Provider are you with?

MEwald · August 21, 2018, 12:13pm

It’s InterNetX AutoDNS (https://www.internetx.com/en/domains/autodns/).

Their API is documented here: https://en.help.internetx.com/display/APIEN/AutoDNS+XML+API