-
-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issues with Publish-Challenge with Simply.com #502
Comments
Hi @kaspersmjohansen, thanks for reaching out. That error appears to be getting thrown by the Simply.com API because it can't find the DNS zone being queried. What's odd is that the URL it's querying would have been built using a info from a previously successful response from the API. So it's weird that the API would then give a 404 error for that URL. Can you post the output after re-running the command with Debug output so we can get a better idea of what's happening? You can enable debug output by running |
I have the same problem when using CertifyTheWeb and this PowerShell script. |
@Zaico If you browse to https://api.simply.com/2/my/products/ and enter your api credentials when prompted, does the page load ok? I'm wondering if their api has developed a fault. |
Yes it looks just fine. I have talked with Simply.com and they provided me with the following log from their server.
is the get url suppose to have System.Object[] in it? |
Ooh, that's good info and implies there's a bad assumption in the plugin itself. The code assumed it would get a single matching result from the API to find the zone ID and got multiple instead. So the variable that was inserted into the URL was an array object that gets serialized as that Is it possible within the Simply.com control panel to create multiple copies of the same zone? The code that I think is essentially triggering this bug is here: Posh-ACME/Posh-ACME/Plugins/Simply.ps1 Line 234 in a924dc9
But it implies that the previous API call to get the list of "products" on the account returns at least two results with the same However, the results contained duplicate data for both domains and I definitely never created more than one copy of either of them. There's also no difference in the data between the two copies of each domain. I'm thinking this is some sort of API or DB issue on the Simply.com side. I'm really curious if you see the same thing on your account. Can you run the following using your own account ID and API key and maybe post the result here (sanitized if you want)? You could also email it to me at ryan-oss (at) xyto.cc. Here's the code. $acct = Read-Host "Account ID"
$key = Read-Host "API Key"
$encodedCreds = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("$($acct):$key"))
$getParams = @{
Uri = 'https://api.simply.com/2/my/products'
Headers = @{Authorization="Basic $encodedCreds"}
}
Invoke-RestMethod @getParams | ConvertTo-Json -Depth 5 Assuming this is just a weird bug with Simply.com and there's not a legit reason there'd be multiple copies of the same zone on an account, it should be easy enough to work around in the plugin. |
I pushed a change to the main/dev branch that should work around the problem assuming the duplicated domain data is just a mistake. I'd still love to see a copy of the output from the code snippet I posted. But this should theoretically fix your problem for now if you can test it. |
Hi Ryan I have multiple domains registered on my account at Simply.com and just like you, I see duplicate when running the Invoke-RestMethod command specified above. Here is the sanitized (hopefully) information from my account:
|
I took the liberty of truncating your output and sanitizing the web server details just in case. But it basically confirms that something changed with how the Simply.com API is returning product details. Your "domain1.dk" has 8 almost identical results. The only difference between them seems to be the As for your 401 Unauthorized error, that's different than the 404 error from before and implies you might have typo'd the account ID or API key or perhaps copy/pasted some extra characters. Using the "Insecure" vs secure param for it shouldn't make a difference. If you want to just test the plugin without going through the whole cert renewal process, give this a try. $acct = Get-PAAccount
$Params = @{SimplyAccount='xxxx';SimplyAPIKeyInsecure='xxxx'}
$DebugPreference = 'Continue'
Publish-Challenge domain1.dk $acct faketoken Simply $Params -Verbose
Unpublish-Challenge domain1.dk $acct faketoken Simply $Params -Verbose |
I get the same with multiple domains replied for each domain registered. I have raised a ticket at simply.com to ask if they have made changes to how the API replies. Perhaps some dev made some change he though was smart... |
Simply.com replies that it's by design, and the script should know what domain it's updating beforhand as is't part of the url when making a post to the server. I have replied that it's curious that it fails now if they haven't made changes to the API. |
Workaround works. |
Simply.com has now corrected the API sho it only returns valid and active domains. So @kaspersmjohansen if you try now, do you now only see one of each domains you have? |
@Zaico the API fix works. Now I only have 1 entry per domain :) |
I still don't understand why I get the 401 error. As mentioned I am able to publish and unpublish a DNS challenge which I think is evidence that my credentials works with Simply. Any insights into why the Submit-Renewal command fails? |
@kaspersmjohansen Did your API key or account ID change at any point? It almost seems like the renewal command is using an old set of credentials on one or more of the existing orders. Give this a shot to view the associated credentials with each order: Get-PAOrder -list | ?{ 'Simply' -in $_.Plugin } | %{ Write-Verbose $_.Name -Verbose; $_ | Get-PAPluginArgs } Alternatively (or in addition), you could take your known good Get-PAOrder -List | ?{ 'Simply' -in $_.Plugin } | Set-PAOrder -PluginArgs $Params -Verbose |
@rmbolger I did rotate my API key recently. I'll update the API key and report back. |
@rmbolger it was the API key that caused the 401 error. With the workaround I am now able to get a new certificate, thank you for your help. |
Hooray, both problems now solved. Whatever Simply.com did to screw up their API results seems to have been reverted and I no longer get any results from the And @kaspersmjohansen also fixed the old credentials on saved orders causing 401 errors. |
The workaround is now live in 4.19.0 in case this issue ever pops up again. |
With Posh-ACME 4.18 it get this error when publishing a challenge for my domain:
The text was updated successfully, but these errors were encountered: