search

caddy-dns / google-domains

Support for ACME DNS challenge through Google Domains
MIT License
13 stars 3 forks source link

cleaning up solver error: no memory of presenting a DNS record #1

Closed adienakhmad closed 1 year ago

adienakhmad commented 1 year ago

Hi, I'm having issue with getting certificate using ACME DNS challenge. I really don't know what went wrong as I have another .dev domain that I setup exactly the same like this one and it didn't have problem.

Here are the logs from systemd

Apr 26 03:38:12 caddysrv caddy[1509]: {"level":"info","ts":1682480292.7526336,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"hello.adien.dev"}
Apr 26 03:38:13 caddysrv caddy[1509]: {"level":"info","ts":1682480293.6623147,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["hello.adien.dev"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"caddy@zerossl.com"}
Apr 26 03:38:13 caddysrv caddy[1509]: {"level":"info","ts":1682480293.662346,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["hello.adien.dev"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"caddy@zerossl.com"}
Apr 26 03:38:14 caddysrv caddy[1509]: {"level":"info","ts":1682480294.277691,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"hello.adien.dev","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Apr 26 03:38:14 caddysrv caddy[1509]: {"level":"error","ts":1682480294.5384746,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"hello.adien.dev","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.hello.adien.dev\" (usually OK if presenting also failed)"}
Apr 26 03:38:14 caddysrv caddy[1509]: {"level":"error","ts":1682480294.7846029,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"hello.adien.dev","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[hello.adien.dev] solving challenges: presenting for challenge: adding temporary record for zone \"dev.\": HTTP 400: Request contains an invalid argument. (order=https://acme-v02.api.letsencrypt.org/acme/order/1079889167/178439080477) (ca=https://acme-v02.api.letsencrypt.org/directory)"}

Here's the Caddyfile I'm using

hello.adien.dev {
        tls {
                dns google_domains <redacted>
        }
        respond "Hello world"
}
mholt commented 1 year ago

The real error is on the next line:

adding temporary record for zone \"dev.\": HTTP 400: Request contains an invalid argument.

Likely a bug in the DNS provider package (which I wrote), or I wonder if Google Domains changed their API (as I know it was just in beta/testing recently).

mholt commented 1 year ago

Do you have a root NS set up for adien.dev? Like is that an independent DNS zone?

adienakhmad commented 1 year ago

Do you have a root NS set up for adien.dev? Like is that an independent DNS zone?

I'm using the default Google Domain Name server.

I came across this yesterday: https://community.letsencrypt.org/t/receiving-400-error-code/74487

I don't know how relevant this is, but it looks like this issue is coming from my end, since my home server is behind the ISP NAT. So I tried using a VPS, using the same configuration I was able obtain the certificates for adien.dev just fine.

mholt commented 1 year ago

Ah, yeah that'd probably do it. If Caddy's view of DNS is maligned with the "real world" then it won't work, it needs to be able to see things the way the outside does.