Want to subscribe to topics you're interested in?
Become a Member

Stable Branch fix addons/acmetool.sh Cloudflare DNS API mode in 131.00stable

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jul 29, 2024.

  1. eva2000

    eva2000 Administrator Staff Member

    53,277
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    4:12 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    fix addons/acmetool.sh Cloudflare DNS API mode in 131.00stable

    - Something changed in addons/acmetool.sh underlying acme.sh client when Centmin Mod enables Cloudflare DNS API mode to switch from default webroot domain verification for Letsencrypt SSL certificate issuances that now causes CF_DNSAPI_GLOBAL='y' enabled mode outlined at https://centminmod.com/letsencrypt-freessl.html#dns to fail domain verification as acme.sh client and Letsencrypt tries to incorrectly do both DNS API verification + webroot authentication instead of correctly just doing Cloudflare DNS API domain verification when Cloudflare DNS API mode is enabled. Thus causing Letsencrypt domain verification and domain issuance to fail when it tries webroot authentication after trying DNS API verification.
    - Seems acme.sh client no longer likes addons/acmetool.sh passing the webroot authentication argument -w /home/nginx/domains/yourdomain.com/public when Cloudflare DNS API mode is enabled via CF_DNSAPI_GLOBAL='y'. This update fix to addons/acmetool.sh now removes webroot authentication argument -w /home/nginx/domains/yourdomain.com/public when CF_DNSAPI_GLOBAL='y' is set

    Continue reading...

    131.00stable branch