Bunny DNS

[cirrusflyer]

Can you add support for Bunny DNS as described here?:

https://go-acme.github.io/lego/dns/bunny/

I tried your script and it appears it doesn't know Bunny.

Thanks

[cirrusflyer]

Disregard - I see your install script grabs the latest version of Lego, so must be different issue.

[JessThrysoee]

Have you configured /usr/local/etc/synology-letsencrypt/env something like this?

DOMAINS=(--domains "example.com" --domains "*.example.com")
EMAIL="user@example.com"

# Specify DNS Provider (this example is from https://go-acme.github.io/lego/dns/bunny/)
DNS_PROVIDER="bunny"
export BUNNY_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
export BUNNY_PROPAGATION_TIMEOUT=1800
export BUNNY_POLLING_INTERVAL=30

[cirrusflyer]

Yes, but I didn't include the propagation or polling. Are those required? Does your script handle subdomain domains? Here are some logs (I changed domain):

2024/02/26 14:02:56 [WARN] [ab1.ad.company.com] acme: cleaning up failed: bunny: could not find DNSZone zone=company.com 2024/02/26 14:02:56 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/319790730097 2024/02/26 14:02:56 Could not obtain certificates: error: one or more domains had a problem: [ab1.ad.company.com] [ab1.ad.company.com] acme: error presenting token: bunny: could not find DNSZone zone=company.com

[cirrusflyer]

In other words - I would think the error should have been that "could not find DNSZone zone=ad.company.com"

[JessThrysoee]

Is the zone managed by bunny? It looks like AWS:

$ dig +short company.com NS
ns-269.awsdns-33.com.
ns-1876.awsdns-42.co.uk.
ns-1069.awsdns-05.org.
ns-583.awsdns-08.net.

[cirrusflyer]

For privacy reasons, I didn't use my real zone. But it's a subdomain domain setup at Bunny, with my main domain at Cloudflare with NS records at Cloudflare for this subdomain domain. And I know this setup works as I've tested it with acme.sh.

[cirrusflyer]

here's the dig results (again, redacting actual domain):

dig +short ad.xxxx.xxx NS coco.bunny.net. kiki.bunny.net.

[JessThrysoee]

Stealthy editing of the console output, got ya :-)

This seems relevant: https://go-acme.github.io/lego/usage/cli/options/#dns-resolvers-and-challenge-verification and this might also be interesting, https://github.com/go-acme/lego/issues/2011

I would try to get this working with standalone lego and then if something is missing or needs changing here in synology-letsencrypt to support what you come up with, then we'll look at including it.

[cirrusflyer]

That doesn't look good from Bunny's side. Let me switch over to DNSMadeEasy and try that. Too bad Bunny isn't responsive to fixing issues.

[JessThrysoee]

Got curious and had a look at the lego bunny provider. I created a possible fix for it, which is available as an amd64 binary named lego_test here https://github.com/JessThrysoee/lego/releases/tag/bunny_honor_soa_1

Run dpkg --print-architecture on your synology if the binary archecture isn't amd64 and I'll compile one that matches.

If your tests are successful I'll submit a pull-request to the lego project.

[cirrusflyer]

I just saw this - see: dpkg --print-architecture: armel

What I've read and used for other things, this should just be arm64.

And my question here: https://github.com/JessThrysoee/synology-letsencrypt/issues/17

[JessThrysoee]

Here is a link to an arm64 version

https://github.com/JessThrysoee/lego/releases/download/bunny_honor_soa_1/lego_test_arm64

[JessThrysoee]

@cirrusflyer lego v4.16.1 has been released with the bunny patch. Upgrade for your armel platform by running:

curl -sSL https://raw.githubusercontent.com/JessThrysoee/synology-letsencrypt/master/install.sh | bash -s -- -a arm64