search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.67k stars 4.91k forks source link

dns_azure support for more than 100 domains #1907

Open pebroz opened 5 years ago

pebroz commented 5 years ago

Line 317 in dns_azure.sh states the script only returns 100 results. Us and other customers have requested and gotten the quota increased. At first request you will get the quota increased to 500. Seems the issue here is JSON paging.

Steps to reproduce

Add more than 100 zones. Try to issue certificate for a zone that is after the cutout.

Error: [Wed Oct 31 10:11:24 CET 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_azure.sh [Wed Oct 31 10:11:25 CET 2018] Invalid domain [Wed Oct 31 10:11:25 CET 2018] invalid domain [Wed Oct 31 10:11:25 CET 2018] Error add txt for domain:_acme-challenge.domain.com

Debug log

ups/xxx-azure-managed-dns-rg/providers/Microsoft.Network/dnszones/kdomain.com","name":"kdomain.com","type":"Microsoft.Network/dnszones","etag":"00000002-0000-0000-xxxx-xxxx8067xxxx","location":"global","tags":{},"properties":{"maxNumberOfRecordSets":5000,"maxNumberOfRecordsPerRecordSet":null,"nameServers":["ns1-07.azure-dns.com.","ns2-07.azure-dns.net.","ns3-07.azure-dns.org.","ns4-07.azure-dns.info."],"numberOfRecordSets":13}}],"nextLink":"https://management.azure.com:443/subscriptions/845f7ee5-19f4-408c-xxxx-xxxx1399xxxx/providers/Microsoft.Network/dnszones?api-version=2017-09-01&$skipToken=xxxxLWF6dXJlLW1hbxxxxWQtxxxxLXJnL3pvbmVzL2tpY2tpbmdhaxxxx3V0Lm5ldA=="}='[hidden](please add '--output-insecure' to see this value)' [Wed Oct 31 10:27:46 CET 2018] http response code 200 [Wed Oct 31 10:27:46 CET 2018] Checking domain: _acme-challenge.domain.com [Wed Oct 31 10:27:46 CET 2018] Checking domain: domain.com [Wed Oct 31 10:27:46 CET 2018] Checking domain: com [Wed Oct 31 10:27:46 CET 2018] Checking domain: [Wed Oct 31 10:27:46 CET 2018] Invalid domain [Wed Oct 31 10:27:46 CET 2018] invalid domain [Wed Oct 31 10:27:46 CET 2018] Error add txt for domain:_acme-challenge.domain.com [Wed Oct 31 10:27:46 CET 2018] pid

joakimlemb commented 5 years ago

The Azure REST api should support specifying the URI parameter $top for this query: https://docs.microsoft.com/en-us/rest/api/dns/zones/list

$top query integer int32 The maximum number of DNS zones to return. If not specified, returns up to 100 zones.

joakimlemb commented 5 years ago

Added a pull request for this: https://github.com/Neilpang/acme.sh/pull/1910/commits/12956679e73e615882fc556518fba00c2d07baf4

pebroz commented 5 years ago

Thanks, $top parameter works for the 2017-09-01 api-version aswell. Solved our issue.

hamdrew commented 1 year ago

This is still an issue. We have over 100 DNS zones in one subscription, and this caused the TXT record to be placed in the wrong one. Had to do manual DNS mode to get around this for now. I don't think there's any way around needing to paginate through the results.

An alternative workaround would be to limit the scope of the service principal being used, so that it can't see all those DNS zones.