• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Digital Ocean DNS extension gives Server Error 500

Sergio Manzi

Regular Pleskian
Hello everybody (after such a long time...)!

Environment: Plesk Onyx Version 17.8.11 Update #46 under CentOS Linux 7.6.1810 on a DO VPS, DO DNS extension 1.1.1-37

Issue:
Accessing the DO DNS extension I get an error 500 page with:
Type League\OAuth2\Client\Provider\Exception\IdentityProviderException
Message invalid_grant
File DigitalOcean.php
Line 71​

SNAFU:
In my DO panel I don't see anymore the API token I used for the DO DNS extension. I don't have any recollection of having deleted it and I tend to exclude anybody else did (2FA activated on my account...), but hey, if it is no there it is not there...

Extra (probably useless) info:
in my DO "Security History" I see latest DNS sync was 2 months ago (consistent with changes made on my Plesk panel) and I don't see any entry about the API token having been deleted after that

Catch 22:
I generated a new token on DO, but I have no way to enter it into the Plesk extension as it gives me the 500 right away...

Question: Help meeeee!!! Is there a way to set the new token from the command line or by editing some file somewhere?

Many thanks in advance to whomever can give me an hint...

Sergio
 
Last edited:
Try hitting the path directly?

:8443/modules/digitaloceandns/index.php/index/update-auth-parameters
 
Hi Mark! Thanks for taking care of this!

Ehehehheh... great idea, and I swear I was just thinking about the same, but I hadn't the link!

... aaaaand it worked, at first, sending me to the DigitalOcean extension authorization page, but with a kinda expected "Error: Invalid authorization token. Unable to authenticate you." message.

It worked also at the second step, when I clicked on the "Authorize" link on that page and I was sent to a DO page, where I authorized the application (also confirming by clicking on the "Confirm Sending Data" pop-up link), but then.... Error 500, the very same as above, and in the DO API page I still don't have any authorized App...! :(

In the extensions catalog ( :8443/modules/catalog/index.php/catalog/package/digitaloceandns) the changelog for version 1.1.1 (15 Mar 2019) says:
Updated the authorization token necessary for the extension to operate correctly. If you used the extension earlier than version 1.1.1, you may face issues with existing domains activated in DigitalOcean DNS.

How do I know if my domains were affected?
  • On the "Overview" tab of the extension, the domains are now marked as "Disabled" under "DigitalOcean DNS Zone".
  • On the "DigitalOcean Authorization" tab of the extension, you see the "Invalid authorization token. Unable to authenticate you" error.
How can I make my domains and extension operational again?

Please do the following:
  1. Update the DigitalOcean DNS extension to version 1.1.1 (if it is not done yet).
  2. On the "DigitalOcean Authorization" tab of the extension, click Authorize.
This will restore the domains and the extension to operation.

... which seems to imply some change in the authorization method (and some unexpected troubles from the user's POW...). Problem is that (thanks to your advice or it would had been impossible), I just did what they say to do (the update happened automatically), but it didn't work.

My guts says that if we can find where the invalid authorization info is stored in Plesk and get rid of it, I might have some more odds at succeeding...

Anyway, I might be wrong, but I smell a bug here...

Thanks again Mark,

Sergio
 
Should I try to remove the extension and re-install it?
Can this give me troubles with my currently active zones at DO?

:confused:
 
... and is this normal?
# cd /usr/local/psa/admin/sbin/modules
# ll
total 20
drwxr-xr-x. 2 root psaadm 4096 Mar 7 2018 firewall
drwxr-xr-x. 2 root root 4096 Jan 25 03:11 letsencrypt
drwxr-xr-x. 2 root root 4096 Dec 18 03:42 rest-api
drwxr-xr-x. 2 root root 4096 Dec 14 2017 syslog-watch
drwxr-xr-x. 2 root psaadm 4096 Mar 13 01:42 watchdog
#

... no sign of anything related to DO DNS...
 
Hi again, Mark!

I didn't had anything related to DO in my SessionsContext table, but... I successfully hacked around the issue! ;)

  • First I identified my "digitaloceandns" module "id" in the Modules table (it is 21 in my case)
  • Then in the ModulesSetting table I identified 3 rows having module_id=21 (they have very suspicious names: authRefreshToken, authToken and authTokenExpires)
  • I nuked those three rows (actually I didn't: I changed their module_id to 2121, which is not referenced in my Modules table, just to play it safe and be able to quickly revert in case of need...)
  • Then I accessed the DO extension from my panel, I was directly sent to the Authorization page, I did it, and..... success!! Everything is fine now!
A couple of further considerations:
  • The bug smell is stronger and stronger, so I'm not flagging this as resolved as I'd like someone from Plesk have a look at this.
  • The value I had in authTokenExpires was 1549979223 that in Unix Time is "Tue, 12 Feb 2019 13:47:03 GMT", waaaay in the past. Could it be that something bad might happen if one doesn't access the DO extension for a long time? It's probably a long shot, but...
Cheers and thanks again,

Sergio
 
Seems like there should be some automation to keep the auth token fresh....
 
Could it be that something bad might happen if one doesn't access the DO extension for a long time? It's probably a long shot, but...

Yes, because of this, I had problems with the Let's Encrypt certificate renewal. The extension could not add a TXT record to DNS for verification.
After that, I discovered that DigitalOcean DNS Extension gives Server Error 500
 
Hello @OlegT!

So you had the same issue I had? Did you solved it the same way I did?

I think a (semi-)official answer from Plesk to all using this extension would be appropriate:
  • Is this a known issue?
  • Was it a one-off occurrence due to the modification of the way the extension authenticate itself with DO?
  • More important, do we have to periodically tickle the DO DNS Extension in order to renew credentials?
  • If yes, isn't some kind of automation in the plans?
Cheers,

Sergio
 
OK, @OlegT!

In case you're stuck please feel free to get in touch with me with a private message: I can give you or your admin more details about what I did and how it solved my issue...

Cheers,

Sergio
 
Yes, because of this, I had problems with the Let's Encrypt certificate renewal. The extension could not add a TXT record to DNS for verification.
After that, I discovered that DigitalOcean DNS Extension gives Server Error 500

Sounds to me like two completely separate issues. Just my two cents.
 
OK, @OlegT!
In case you're stuck please feel free to get in touch with me with a private message: I can give you or your admin more details about what I did and how it solved my issue...

I appreciate your help. My certificates expire after 28 days, so there is still time to wait for the official patch.
 
Since there is no official response for more than two weeks, I decided to correct the situation myself.
After the second reinstallation of the extension and server reboot, I was able to update the authorization parameters from DO.
 
Back
Top