Open pebroz opened 5 years ago
The Azure REST api should support specifying the URI parameter $top for this query: https://docs.microsoft.com/en-us/rest/api/dns/zones/list
$top query integer int32 The maximum number of DNS zones to return. If not specified, returns up to 100 zones.
Added a pull request for this: https://github.com/Neilpang/acme.sh/pull/1910/commits/12956679e73e615882fc556518fba00c2d07baf4
Thanks, $top parameter works for the 2017-09-01 api-version aswell. Solved our issue.
This is still an issue. We have over 100 DNS zones in one subscription, and this caused the TXT record to be placed in the wrong one. Had to do manual DNS mode to get around this for now. I don't think there's any way around needing to paginate through the results.
An alternative workaround would be to limit the scope of the service principal being used, so that it can't see all those DNS zones.
Line 317 in dns_azure.sh states the script only returns 100 results. Us and other customers have requested and gotten the quota increased. At first request you will get the quota increased to 500. Seems the issue here is JSON paging.
Steps to reproduce
Add more than 100 zones. Try to issue certificate for a zone that is after the cutout.
Error: [Wed Oct 31 10:11:24 CET 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_azure.sh [Wed Oct 31 10:11:25 CET 2018] Invalid domain [Wed Oct 31 10:11:25 CET 2018] invalid domain [Wed Oct 31 10:11:25 CET 2018] Error add txt for domain:_acme-challenge.domain.com
Debug log
ups/xxx-azure-managed-dns-rg/providers/Microsoft.Network/dnszones/kdomain.com","name":"kdomain.com","type":"Microsoft.Network/dnszones","etag":"00000002-0000-0000-xxxx-xxxx8067xxxx","location":"global","tags":{},"properties":{"maxNumberOfRecordSets":5000,"maxNumberOfRecordsPerRecordSet":null,"nameServers":["ns1-07.azure-dns.com.","ns2-07.azure-dns.net.","ns3-07.azure-dns.org.","ns4-07.azure-dns.info."],"numberOfRecordSets":13}}],"nextLink":"https://management.azure.com:443/subscriptions/845f7ee5-19f4-408c-xxxx-xxxx1399xxxx/providers/Microsoft.Network/dnszones?api-version=2017-09-01&$skipToken=xxxxLWF6dXJlLW1hbxxxxWQtxxxxLXJnL3pvbmVzL2tpY2tpbmdhaxxxx3V0Lm5ldA=="}='[hidden](please add '--output-insecure' to see this value)' [Wed Oct 31 10:27:46 CET 2018] http response code 200 [Wed Oct 31 10:27:46 CET 2018] Checking domain: _acme-challenge.domain.com [Wed Oct 31 10:27:46 CET 2018] Checking domain: domain.com [Wed Oct 31 10:27:46 CET 2018] Checking domain: com [Wed Oct 31 10:27:46 CET 2018] Checking domain: [Wed Oct 31 10:27:46 CET 2018] Invalid domain [Wed Oct 31 10:27:46 CET 2018] invalid domain [Wed Oct 31 10:27:46 CET 2018] Error add txt for domain:_acme-challenge.domain.com [Wed Oct 31 10:27:46 CET 2018] pid