Closed cirrusflyer closed 5 months ago
Disregard - I see your install script grabs the latest version of Lego, so must be different issue.
Have you configured /usr/local/etc/synology-letsencrypt/env
something like this?
DOMAINS=(--domains "example.com" --domains "*.example.com")
EMAIL="user@example.com"
# Specify DNS Provider (this example is from https://go-acme.github.io/lego/dns/bunny/)
DNS_PROVIDER="bunny"
export BUNNY_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
export BUNNY_PROPAGATION_TIMEOUT=1800
export BUNNY_POLLING_INTERVAL=30
Yes, but I didn't include the propagation or polling. Are those required? Does your script handle subdomain domains? Here are some logs (I changed domain):
2024/02/26 14:02:56 [WARN] [ab1.ad.company.com] acme: cleaning up failed: bunny: could not find DNSZone zone=company.com 2024/02/26 14:02:56 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/319790730097 2024/02/26 14:02:56 Could not obtain certificates: error: one or more domains had a problem: [ab1.ad.company.com] [ab1.ad.company.com] acme: error presenting token: bunny: could not find DNSZone zone=company.com
In other words - I would think the error should have been that "could not find DNSZone zone=ad.company.com"
Is the zone managed by bunny? It looks like AWS:
$ dig +short company.com NS
ns-269.awsdns-33.com.
ns-1876.awsdns-42.co.uk.
ns-1069.awsdns-05.org.
ns-583.awsdns-08.net.
For privacy reasons, I didn't use my real zone. But it's a subdomain domain setup at Bunny, with my main domain at Cloudflare with NS records at Cloudflare for this subdomain domain. And I know this setup works as I've tested it with acme.sh.
here's the dig results (again, redacting actual domain):
dig +short ad.xxxx.xxx NS coco.bunny.net. kiki.bunny.net.
Stealthy editing of the console output, got ya :-)
This seems relevant: https://go-acme.github.io/lego/usage/cli/options/#dns-resolvers-and-challenge-verification and this might also be interesting, https://github.com/go-acme/lego/issues/2011
I would try to get this working with standalone lego
and then if something is missing or needs changing here in synology-letsencrypt
to support what you come up with, then we'll look at including it.
That doesn't look good from Bunny's side. Let me switch over to DNSMadeEasy and try that. Too bad Bunny isn't responsive to fixing issues.
Got curious and had a look at the lego bunny provider. I created a possible fix for it, which is available as an amd64 binary named lego_test
here https://github.com/JessThrysoee/lego/releases/tag/bunny_honor_soa_1
Run dpkg --print-architecture
on your synology if the binary archecture isn't amd64
and I'll compile one that matches.
If your tests are successful I'll submit a pull-request to the lego project.
I just saw this - see: dpkg --print-architecture: armel
What I've read and used for other things, this should just be arm64.
And my question here: https://github.com/JessThrysoee/synology-letsencrypt/issues/17
Here is a link to an arm64 version
https://github.com/JessThrysoee/lego/releases/download/bunny_honor_soa_1/lego_test_arm64
@cirrusflyer lego v4.16.1 has been released with the bunny patch. Upgrade for your armel
platform by running:
curl -sSL https://raw.githubusercontent.com/JessThrysoee/synology-letsencrypt/master/install.sh | bash -s -- -a arm64
Can you add support for Bunny DNS as described here?:
https://go-acme.github.io/lego/dns/bunny/
I tried your script and it appears it doesn't know Bunny.
Thanks