Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:acme.sh --issue --dns dns_yandex -d '*.vadim.com.ru' --dnssleep 3600
It produced this output:Using CA: https://acme-v02.api.letsencrypt.org/directory
Single domain='.vadim.com.ru'
Getting domain auth token for each domain
Getting webroot for domain='.vadim.com.ru'
Adding txt value: rNzHfj_1vd7BX1OEH0ZQivu1zoqAH2ax6PlJiG7Psb4 for domain: _acme-challenge.vadim.com.ru
Error add txt for domain:_acme-challenge.vadim.com.ru
Please add '--debug' or '--log' to check more details.
See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub
My web server is (include version): nginx version: nginx/1.18.0
The operating system my web server runs on is (include version):TrueNAS-SCALE-22.12.2
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
It worked last time fine - no clue why the --dnssleep 3600 won't start the countdown
First, you should add -d vadim.com.ru to command so you have both your root and the wildcard name in your cert. Your current cert is setup this way.
Also, try adding --debug 2 to get more info.
What do you mean by this? Are you saying the script doesn't pause for one hour to wait for yandex auth servers to sync ? Yandex can be very slow. Does this problem repeat? Have you tried 5400 (1h30m)?
Correct! script doesn't pause for one hour to wait for yandex auth servers to sync. As a matter of fact it doesn't pause even for a second. And yes the problem repeats.I tried different numbers - immediate error. acme.sh --issue --dns dns_yandex -d '*.vadim.com.ru' -d vadim.com.ru --dnssleep 5400 same error. Debug output is here
Seeing that API call to https://pddimp.yandex.ru/api2/admin/dns/list?domain=vadim.com.ru returns an html page instead of (presumably?) json, it seems like there's something wrong with the API or the acme.sh Yandex plugin.
Ask Yandex why their API isn't working any longer. Might be just temporary. Or not and they've changed their API. Or have shut down their API entirely. Might be any of those.
Внимание. Почта для домена больше не поддерживается. API сервиса прекратит работу с 1 апреля 2023 года. С 24 марта доступность сервиса будет ограничена.
@Osiris I will - since API page is still there my guess would be some temporary glitch as usual with these folks. I will submit the request and keep you posted! Thanks for your help.
Domain control API was part of this whole Mail For Domain product, which got discontinued. Also they put this big scary note on every page of their docs
I've sent them a request anyway - see what happens but quite obviously I should change the DNS provider and most likely it is Cloudfare and it is also recommended by TrueNAS.
I completely get why they might have forgotten about it, I presume English speaking crowd was among a fraction of a fraction of a percent of users of this service
Meant to reply to @Osiris but must have fat-fingered my post somehow
@Volkodav, Yea I got slightly wrong impression from that note, the service is not discontinued, but rather “unsupported”. Checked one of my domains, and the sending does seem to work still.
But the API part seems accurate, as evident by the error you're experiencing.
Well I'd love to keep my e-mail accounts with them but since they are discontinued officially but still working that tells me it can stop at any point of time really. I just logged in in Yandex 360 and they are all there.