Open amino-backup opened 6 years ago
+1
Once more than one sub-zone was created always the first is taken. My root is peterschen.de and I have a zone called a.peterschen.de. Validatation records that do not have their own zone (e.g. www.peterschen.de which is simply a CNAME) are created in the first available zone (a.peterschen.de) and not the root (peterschen.de).
Until the root cause is fixed there is a workaround available. You can use DNS alias mode in acme.sh to write the validation record to a different domain/zone.
I have installed acme.sh on an Ubuntu 18.04 VM in Azure. I have configured the Tenant ID, Subscription ID, App ID and Secret. Our DNS is hosted by Azure. We have a bunch of domains, plus some subdomains, totalling 72 zones.
My aim is to create a certificate for server.example.com What's happening is the TXT record is being created as server.subdomain.example.com so the verification is failing.
My guess is that the code is just getting the first zone it finds that matches example.com and creating the record there rather than checking to see if it's actually the right zone.
Steps to reproduce
/opt/acme.sh/acme.sh --issue --dns dns_azure --dnssleep 10 --force -d server.example.com --staging
Debug log
In the log I see:
The logs have been snipped a bit for brevity, but you can see that it's a bit all over the place when it comes to figuring out where the TXT record should be created