search

badjware / certbot-dns-cpanel

certbot plugin to allow acme dns-01 authentication of a name managed in cPanel
Other
35 stars 15 forks source link

Error with a subdomain #18

Open sevaa opened 2 years ago

sevaa commented 2 years ago

Trying to use certbot-dns-cpanel against a subdomain hosted with Cpanel 102.0.23.

There an add-on domain, yarxi.ru. There is a subdomain underneath that, test.yarxi.ru. I'm issuing the following command:

certbot run --authenticator certbot-dns-cpanel:cpanel --installer certbot-dns-cpanel:cpanel --certbot-dns-cpanel:cpanel-credentials cred.ini --logs-dir . --config-dir . --work-dir . -d test.yarxi.ru,www.test.yarxi.ru

and getting the following output:

Saving debug log to /home/seva/ssl/yx.ru/letsencrypt.log Plugins selected: Authenticator certbot-dns-cpanel:cpanel, Installer certbot-dns-cpanel:cpanel Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: dns-01 challenge for test.yarxi.ru dns-01 challenge for www.test.yarxi.ru Cleaning up challenges Error adding TXT record: Unable to find SOA record.

The debug log is attached.

letsencrypt.zip

EDIT: it boils down to an error in response to the ZoneEdit/add_zone_record API method: 

2023-01-04 12:19:59,120:DEBUG:certbot_dns_cpanel.dns_cpanel:add_zone_record: url='http://www.example.com:2082/json-api/cpanel', data='{
    "cpanel_jsonapi_user": "johndoe",
    "cpanel_jsonapi_apiversion": "2",
    "cpanel_jsonapi_module": "ZoneEdit",
    "cpanel_jsonapi_func": "add_zone_record",
    "domain": "test.boo.org",
    "name": "_acme-challenge",
    "type": "TXT",
    "txtdata": "s5tJpM0ACh1aGkJs1kFSpIM_rk1Qnholop71hgR_d3I",
    "ttl": 60
}', response data='{
    "postevent": {
        "result": 1
    },
    "apiversion": 2,
    "event": {
        "result": 1
    },
    "data": [
        {
            "result": {
                "status": 0,
                "newserial": null,
                "statusmsg": "Unable to find SOA record."
            }
        }
    ],
    "func": "add_zone_record",
    "module": "ZoneEdit",
    "preevent": {
        "result": 1
    }
}'

That's misconfiguration of the site, not a bug in certbot-dns-cpanel.

sevaa commented 1 year ago

You can work around the issue by supplying the 2nd level domain as the domain arg and moving the subdomain part into the name portion. In other words, the operation succeeds if instead of "domain": "test.boo.org","name": "_acme-challenge" we provide "domain": "boo.org","name": "_acme-challenge.test".

Tbe fix boils down to the cpanel_zone = max(matching_zones, key = len) line in _get_zone_and_name; were it to use the min instead, the workaround would kick in and the whole thing would work. PR #19 does exactly that.