SOLVED: cpanel_uapi.sh, Error in argument 1, char 2: option not found r

Questions and discussion about web design, search engine optimisation and hosting
domgarofalo
Posts: 3
Joined: 2018-6-1 16:05

Unread post by domgarofalo » 2018-6-1 16:08

Santeri,

I love this script. Thanks for doing it. However, I am getting
the following error when it runs from Cron.

Error in argument 1, char 2: option not found r
Error in argument 1, char 2: option not found r
[Fri Jun 1 08:23:07 MST 2018] Error in deploying certificate:
[Fri Jun 1 08:23:07 MST 2018] ---
apiversion: 3
func: install_ssl
module: SSL
result:
data: ~
errors:
- "The system could not parse the certificate because of an error: The certificate text was not valid."
messages: ~
metadata: {}

status: 0
[Fri Jun 1 08:23:07 MST 2018] Error deploy for domain:domgarofalo.com
[Fri Jun 1 08:23:07 MST 2018] Deploy error.

In the command line, it works just fine.

The error is coming from the cpanel_uapi.sh file.

Can you help?

Thanks.



Santeri
Posts: 310
Joined: 2017-7-5 09:58

Unread post by Santeri » 2018-6-1 16:21

domgarofalo wrote:
2018-6-1 16:08
Error in argument 1, char 2: option not found r
Error in argument 1, char 2: option not found r
[Fri Jun 1 08:23:07 MST 2018] Error in deploying certificate:
Thanks for your question. According to this the problem appears to be in acme.sh, not the deployment script I wrote. Have you tried to upgrade acme?

Code: Select all

acme.sh --upgrade
That helped me and a few others earlier

If it does not help with you, please post me the contents of your current acme.sh cron entry. There is currently a known issues in installing cron jobs: https://github.com/Neilpang/acme.sh/issues/1631

If also your cron entry is fine, then I need the full debug info to track the issue further. Take the command from your cron, add there option

Code: Select all

--debug
and post me the full output so I can dig deeper, please.

Happy hacking,

Santeri

domgarofalo
Posts: 3
Joined: 2018-6-1 16:05

Unread post by domgarofalo » 2018-6-2 01:45

I did the update and no joy. Here is the output with the debug switch added.

[Fri Jun 1 18:42:01 MST 2018] Lets find script dir.
[Fri Jun 1 18:42:01 MST 2018] _SCRIPT_='/home/domgarofalo1/.acme.sh/acme.sh'
[Fri Jun 1 18:42:01 MST 2018] _script='/home/domgarofalo1/.acme.sh/acme.sh'
[Fri Jun 1 18:42:01 MST 2018] _script_home='/home/domgarofalo1/.acme.sh'
[Fri Jun 1 18:42:01 MST 2018] Using default home:/home/domgarofalo1/.acme.sh
[Fri Jun 1 18:42:01 MST 2018] Using config home:/home/domgarofalo1/.acme.sh
https://github.com/Neilpang/acme.sh
v2.7.9
[Fri Jun 1 18:42:01 MST 2018] Using config home:/home/domgarofalo1/.acme.sh
[Fri Jun 1 18:42:01 MST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Fri Jun 1 18:42:01 MST 2018] DOMAIN_PATH='/home/domgarofalo1/.acme.sh/domgarofalo.com'
[Fri Jun 1 18:42:01 MST 2018] _deployApi='/home/domgarofalo1/.acme.sh/deploy/cpanel_uapi.sh'
[Fri Jun 1 18:42:01 MST 2018] _cdomain='domgarofalo.com'
[Fri Jun 1 18:42:01 MST 2018] _ckey='/home/domgarofalo1/.acme.sh/domgarofalo.com/domgarofalo.com.key'
[Fri Jun 1 18:42:01 MST 2018] _ccert='/home/domgarofalo1/.acme.sh/domgarofalo.com/domgarofalo.com.cer'
[Fri Jun 1 18:42:01 MST 2018] _cca='/home/domgarofalo1/.acme.sh/domgarofalo.com/ca.cer'
[Fri Jun 1 18:42:01 MST 2018] _cfullchain='/home/domgarofalo1/.acme.sh/domgarofalo.com/fullchain.cer'
Error in argument 1, char 2: option not found r
Error in argument 1, char 2: option not found r
[Fri Jun 1 18:42:01 MST 2018] _cert='Usage: php [-q] [-h] [-s] [-v] [-i] [-f <file>]
php <file> [args...]
-a Run interactively
-b <address:port>|<port> Bind Path for external FASTCGI Server mode
-C Do not chdir to the script's directory
-c <path>|<file> Look for php.ini file in this directory
-n No php.ini file will be used
-d foo[=bar] Define INI entry foo with value 'bar'
-e Generate extended information for debugger/profiler
-f <file> Parse <file>. Implies `-q'
-h This help
-i PHP information
-l Syntax check only (lint)
-m Show compiled in modules
-q Quiet-mode. Suppress HTTP Header output.
-s Display colour syntax highlighted source.
-v Version number
-w Display source with stripped comments and whitespace.
-z <file> Load Zend extension <file>.
-T <count> Measure execution time of script repeated <count> times.'
[Fri Jun 1 18:42:01 MST 2018] _key='Usage: php [-q] [-h] [-s] [-v] [-i] [-f <file>]
php <file> [args...]
-a Run interactively
-b <address:port>|<port> Bind Path for external FASTCGI Server mode
-C Do not chdir to the script's directory
-c <path>|<file> Look for php.ini file in this directory
-n No php.ini file will be used
-d foo[=bar] Define INI entry foo with value 'bar'
-e Generate extended information for debugger/profiler
-f <file> Parse <file>. Implies `-q'
-h This help
-i PHP information
-l Syntax check only (lint)
-m Show compiled in modules
-q Quiet-mode. Suppress HTTP Header output.
-s Display colour syntax highlighted source.
-v Version number
-w Display source with stripped comments and whitespace.
-z <file> Load Zend extension <file>.
-T <count> Measure execution time of script repeated <count> times.'
[Fri Jun 1 18:42:01 MST 2018] Error in deploying certificate:
[Fri Jun 1 18:42:01 MST 2018] ---
apiversion: 3
func: install_ssl
module: SSL
result:
data: ~
errors:
- "The system could not parse the certificate because of an error: The certificate text was not valid."
messages: ~
metadata: {}

status: 0
[Fri Jun 1 18:42:01 MST 2018] Error deploy for domain:domgarofalo.com
[Fri Jun 1 18:42:01 MST 2018] Deploy error.

Santeri
Posts: 310
Joined: 2017-7-5 09:58

Unread post by Santeri » 2018-6-2 03:39

Please post me also the exact command you were executing

Code: Select all

crontab -l
and tell me on which hosting server you were trying to run it (US, Europe or Asia)? You can check that from GoDaddy hosting Settings.

In case I don't have access to that hosting server, please give me also the php version

Code: Select all

php -v
Thanks!

domgarofalo
Posts: 3
Joined: 2018-6-1 16:05

Unread post by domgarofalo » 2018-6-2 05:22

I figured it out. I followed the suggestion from Todd William (williatf) from the
following GitHub post:

https://github.com/Neilpang/acme.sh/issues/1328

He suggested replacing “php” with "/usr/local/bin/php"

on the following lines:

line 31 - if ! _exists /usr/local/bin/php; then
line 38 - _cert=$(/usr/local/bin/php -r "echo urlencode(\"$_certstr\");")
line 39 - _key=$(/usr/local/bin/php -r "echo urlencode(\"$_keystr\");”)

after I did that, I set a Cron job to work and it successfully deployed the
certificate.

Santeri
Posts: 310
Joined: 2017-7-5 09:58

Unread post by Santeri » 2018-6-2 05:36

domgarofalo wrote:
2018-6-2 05:22
line 31 - if ! _exists /usr/local/bin/php; then
line 38 - _cert=$(/usr/local/bin/php -r "echo urlencode(\"$_certstr\");")
line 39 - _key=$(/usr/local/bin/php -r "echo urlencode(\"$_keystr\");”)
Good that you got a workaround. This bug was reported 30 days ago and I am fixing it now. Thanks for pointing it out!

GoDaddy has currently multiple instances of PHP available and cron uses a different version than command line. PHP option -r is not available on the version cron uses and therefore urlencode fails.

Hard coding the php path is not an universal solution as it works only 1) on that particular server and 2) until GoDaddy updates PHP or changes it's location. You can use it as a temporary fix but don't rely on it to work on the long run. I will search for alternative ways to make the coding. Adding hard coded paths to acme.sh code is not an option as people use acme.sh in various environments and not only on GoDaddy.

Santeri
Posts: 310
Joined: 2017-7-5 09:58

Unread post by Santeri » 2018-6-2 06:12

THIS FIX IS OBSOLETE AS IT IS NOT POSIX AND IT WILL NOT BE MERGED TO ACME.SH. IT WAS A TEMPORARY WORKAROUND WHILE I WAS WORKING WITH THE FINAL FIX. PLEASE USE THE POSIX SCRIPT THAT IS AVAILABLE BELOW THIS POST.

I rewrote the deployment script using a bash function for urlencode. Please replace your cpanel_uapi.sh with this one and see if it works for you. This solution is universal and does not depend on the hosting provider.

Code: Select all

REMOVED
Thanks for testing!

Santeri
Posts: 310
Joined: 2017-7-5 09:58

Unread post by Santeri » 2018-6-2 21:47

UPDATE on 2018-06-28: Changed the script to use acme.sh internal url encode function instead of sed. The pull request is now merged to acme.sh. Thanks, Neil!

I managed to remove php dependency by using sed for urlencode. Here is the POSIX code I have just submitted to acme.sh repository. Hopefully Neil will add it and we get this nasty bug squashed. Meanwhile, please test it and let me know how it works for you. I didn't encounter issues when I deployed it those web servers I am maintaining, but that does not prove anything.

Code: Select all

#!/usr/bin/env sh
# Here is the script to deploy the cert to your cpanel using the cpanel API.
# Uses command line uapi.  --user option is needed only if run as root.
# Returns 0 when success.
#
# Please note that I am no longer using Github. If you want to report an issue
# or contact me, visit https://forum.webseodesigners.com/web-design-seo-and-hosting-f16/
#
# Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com>
# Public domain, 2017-2018

#export DEPLOY_CPANEL_USER=myusername

########  Public functions #####################

#domain keyfile certfile cafile fullchain

cpanel_uapi_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"

  _debug _cdomain "$_cdomain"
  _debug _ckey "$_ckey"
  _debug _ccert "$_ccert"
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"

  if ! _exists uapi; then
    _err "The command uapi is not found."
    return 1
  fi
  # read cert and key files and urlencode both
  _cert=$(cat "$_ccert" | _url_encode)
  _key=$(cat "$_ckey" | _url_encode)

  _debug _cert "$_cert"
  _debug _key "$_key"

  if [ "$(id -u)" = 0 ]; then
    if [ -z "$DEPLOY_CPANEL_USER" ]; then
      _err "It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username"
      return 1
    fi
    _savedomainconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
    _response=$(uapi --user="$DEPLOY_CPANEL_USER" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
  else
    _response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
  fi
  error_response="status: 0"
  if test "${_response#*$error_response}" != "$_response"; then
    _err "Error in deploying certificate:"
    _err "$_response"
    return 1
  fi

  _debug response "$_response"
  _info "Certificate successfully deployed"
  return 0
}
Thanks Dominic and happy hacking,

Santeri

GeoffatMM

Unread post by GeoffatMM » 2018-6-13 09:09

Hi

I have exactly the same problem.

I will try your code. I will also have to uncomment the export DEPLOY_CPANEL_USER=xxxxxxx for it to work.

I will get back and let you know if it fixes the problem for me.

Thanks

Geoff

Geoffat MM

Unread post by Geoffat MM » 2018-6-13 09:17

Hi again Santeri,

I assume I can ignore the code below the

######## Private functions below #####################

When I use the code?

Geoff

Santeri
Posts: 310
Joined: 2017-7-5 09:58

Unread post by Santeri » 2018-6-13 21:46

Hi Geoff,

Lines starting with # are comments and you can safely delete them if you want but you don't have to.
I will also have to uncomment the export DEPLOY_CPANEL_USER=xxxxxxx for it to work.
Uncomment that and add your CPANEL username only if you run acme.sh as root. Otherwise leave it as it is: a comment in code.

Santeri

GeoffatMM

Unread post by GeoffatMM » 2018-6-15 07:27

Hi Santeri,

Tried your code and still would not work for me. Cron is forcing the certificate to be issued but it will not deploy it.

Here is the certificate cron:

"/home/xorex/.acme.sh"/acme.sh --force --issue -d mbdnet.net -w ~/www --dns dns_gd

I am only forcing it to ensure it actually generates a new certificate while I am testing it. Here are the results:

[Fri Jun 15 00:00:03 MST 2018] Single domain='mbdnet.net'
[Fri Jun 15 00:00:03 MST 2018] Getting domain auth token for each domain
[Fri Jun 15 00:00:03 MST 2018] Getting webroot for domain='mbdnet.net'
[Fri Jun 15 00:00:03 MST 2018] Getting new-authz for domain='mbdnet.net'
[Fri Jun 15 00:00:05 MST 2018] The new-authz request is ok.
[Fri Jun 15 00:00:05 MST 2018] mbdnet.net is already verified, skip http-01.
[Fri Jun 15 00:00:05 MST 2018] Verify finished, start to sign.
[Fri Jun 15 00:00:09 MST 2018] Cert success.
-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgISBOqR1yM4638Ivj8Bmx6/BhOmMA0GCSqGSIb3DQEBCwUA
................................................................................................
Full cert data not included
................................................................................................
86XnhYY9Dj3pJ/UxnByvR40xUa89zYoZ7V9XMm7R3d0ZtNOOffDgbLC0hD4sUWfu
XEE=
-----END CERTIFICATE-----
[Fri Jun 15 00:00:09 MST 2018] Your cert is in /home/xorex/.acme.sh/mbdnet.net/mbdnet.net.cer
[Fri Jun 15 00:00:09 MST 2018] Your cert key is in /home/xorex/.acme.sh/mbdnet.net/mbdnet.net.key
[Fri Jun 15 00:00:10 MST 2018] The intermediate CA cert is in /home/xorex/.acme.sh/mbdnet.net/ca.cer
[Fri Jun 15 00:00:10 MST 2018] And the full chain certs is there: /home/xorex/.acme.sh/mbdnet.net/fullchain.cer

Here is the deploy cron:

"/home/xorex/.acme.sh"/acme.sh --deploy -d mbdnet.net --deploy-hook cpanel_uapi

And here are the results:

/home/xorex/.acme.sh/deploy/cpanel_uapi.sh: line 34: _cpanel_uapi_urlencode: command not found
/home/xorex/.acme.sh/deploy/cpanel_uapi.sh: line 35: _cpanel_uapi_urlencode: command not found
[Fri Jun 15 00:05:22 MST 2018] Error in deploying certificate:
[Fri Jun 15 00:05:22 MST 2018] ---
apiversion: 3
func: install_ssl
module: SSL
result:
data: ~
errors:
- No 'cert' argument specified.
messages: ~
metadata: {}

status: 0
[Fri Jun 15 00:05:22 MST 2018] Error deploy for domain:mbdnet.net
[Fri Jun 15 00:05:22 MST 2018] Deploy error.

Here is the cpanel_uapi.sh code which sits in the subdirectory of "deploy" beneath the directory ".acme.sh" which holds acme.sh. I have added myself as root and commented out your private function.

#!/bin/bash
# Here is the script to deploy the cert to your cpanel using the cpanel API.
# Uses command line uapi. --user option is needed only if run as root.
# Returns 0 when success.
# Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com>
# Public domain, 2017

export DEPLOY_CPANEL_USER=xorex@mbdnet.net

######## Public functions #####################

#domain keyfile certfile cafile fullchain

cpanel_uapi_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"

_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"

if ! _exists uapi; then
_err "The command uapi is not found."
return 1
fi
# read cert and key files and urlencode both
_certstr=$(cat "$_ccert")
_keystr=$(cat "$_ckey")
_cert=$(_cpanel_uapi_urlencode "$_certstr")
_key=$(_cpanel_uapi_urlencode "$_keystr")

_debug _cert "$_cert"
_debug _key "$_key"

if [ "$(id -u)" = 0 ]; then
if [ -z "$DEPLOY_CPANEL_USER" ]; then
_err "It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username"
return 1
fi
_savedomainconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
_response=$(uapi --user="$DEPLOY_CPANEL_USER" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
else
_response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
fi
error_response="status: 0"
if test "${_response#*$error_response}" != "$_response"; then
_err "Error in deploying certificate:"
_err "$_response"
return 1
fi

_debug response "$_response"
_info "Certificate successfully deployed"
return 0
}

######## Private functions below #####################

#_cpanel_uapi_urlencode() {
# printf "%s" "$1" \
# | tr "\\r\\n" "\\a" \
# | sed -e 's/%/%25/g' -e 's/ /%20/g' -e 's/\!/%21/g' -e 's/"/%22/g' -e 's/#/%23/g' -e 's/\$/%24/g' -e 's/&/%26/g' -e 's/'\''/%27/g' -e 's/(/%28/g' -e 's/)/%29/g' -e 's/\*/%2A/g' -e 's/+/%2B/g' -e #'s/,/%2C/g' -e 's/\./%2E/g' -e 's/\//%2F/g' -e 's/:/%3A/g' -e 's/;/%3B/g' -e 's/</%3C/g' -e 's/=/%3D/g' -e 's/>/%3E/g' -e 's/?/%3F/g' -e 's/@/%40/g' -e 's/\[/%5B/g' -e 's/\\/%5C/g' -e 's/\]/%5D/g' -e #'s/\^/%5E/g' -e 's/_/%5F/g' -e 's/`/%60/g' -e 's/{/%7B/g' -e 's/|/%7C/g' -e 's/}/%7D/g' -e 's/~/%7E/g' -e 's/\a/%0A/g' --posix # convert newlines to audible bell so that that sed can handle the input #without using non-POSIX extensions and then urlencode characters
#}



It looks to me as if it is finding acme.sh but unable to find the cpanel_uapi.sh file for some reason? OR it is finding it but not finding the _cpanel_uapi_urlencode command?

When I ssh in to use the command in cron for deploy, it gives exactly the same result and output so I must have done something wrong!.

Hope you can help.

Geoff

Santeri
Posts: 310
Joined: 2017-7-5 09:58

Unread post by Santeri » 2018-6-15 15:44

GeoffatMM wrote:
2018-6-15 07:27
Tried your code and still would not work for me. Cron is forcing the certificate to be issued but it will not deploy it.
You are messing up with the comments. You commented out the function that takes care of urlencoding and that's why the script fails. Please copy the file fully as it is and don't try to edit it. Comments in the code don't hurt anything.

Santeri

GeoffatMM

Unread post by GeoffatMM » 2018-6-18 08:13

Hi Santeri

My apologies. I removed the comments and just by chance the cron actioned immediately after I had done so. It forced a new certificate and then successfully deployed it. You help and patience are much appreciated.

One last question, when I was doing it manually on sslforfree, I had an account where I could review all my certificates. Now I am raising the certificates direct with lets encrypt so is there a way for me to review the certificates I have raised somehow? Letsencrypt does not appear to let me set up an account?

My thanks again.

Geoff

Santeri
Posts: 310
Joined: 2017-7-5 09:58

Unread post by Santeri » 2018-6-18 15:04

GeoffatMM wrote:
2018-6-18 08:13
One last question, when I was doing it manually on sslforfree, I had an account where I could review all my certificates. Now I am raising the certificates direct with lets encrypt so is there a way for me to review the certificates I have raised somehow? Letsencrypt does not appear to let me set up an account?
You don't need an account for that. You can use your hosting provider's cpanel to review all your certificates.

I am happy you got it working. Hopefully Neil will soon approve my pull request for the fix so that I can finally delete my github account.

Cheers,

Santeri