search

caddy-dns / route53

Caddy module: dns.providers.route53
MIT License
43 stars 32 forks source link

certificate issuing fails because records already exists #15

Closed masterkain closed 2 years ago

masterkain commented 3 years ago

hello, we are trying to make this module work on caddy 2.3.4, and we hit an issue with the DNS entries creation.

starting clean (no dns records, no caddy data volume) during startup caddy creates (and deletes, and creates, etc.) records on route 53 until it fails saying that the records (that the plugin just created) already exists and cannot proceed.

we tried this procedure starting from a clean slate on 4 machines (not at the same time) and it worked on 2 but failed on the other two.

we are trying to make this setup useable by more than one machine, we had this setup with caddy-gen (v1) and everything worked; here we are hitting the fact that the plugin says the records already exists and stops.

I tried looking at the source of this and libdns/route53 and I see there are methods to update the records instead of creating them, but I'm unsure where/how they are called.

any clue what might be wrong?

lorenzorapetti commented 3 years ago

Here are the logs of our Caddy service trying to generate a certificate

caddy_1           | {"level":"info","ts":1630421791.3573334,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www-dev.bsmart.it","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
caddy_1           | {"level":"error","ts":1630421792.2646983,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"www-dev.bsmart.it","challenge_type":"dns-01","error":"no memory of presenting a DNS record for www-dev.bsmart.it (probably OK if presenting failed)"}
caddy_1           | {"level":"error","ts":1630421792.6663103,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"www-dev.bsmart.it","issuer":"acme.zerossl.com-v2-DV90","error":"[www-dev.bsmart.it] solving challenges: presenting for challenge: adding temporary record for zone bsmart.it.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.www-dev.bsmart.it.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: baf7bac4-aa8a-46f3-82b4-802f89058d67 (order=https://acme.zerossl.com/v2/DV90/order/6vh4c9bOo1GhEZYdx-H51Q) (ca=https://acme.zerossl.com/v2/DV90)"}
caddy_1           | {"level":"error","ts":1630421792.6665938,"logger":"tls.obtain","msg":"will retry","error":"[www-dev.bsmart.it] Obtain: [www-dev.bsmart.it] solving challenges: presenting for challenge: adding temporary record for zone bsmart.it.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.www-dev.bsmart.it.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: baf7bac4-aa8a-46f3-82b4-802f89058d67 (order=https://acme.zerossl.com/v2/DV90/order/6vh4c9bOo1GhEZYdx-H51Q) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":72.9680597,"max_duration":2592000}
masterkain commented 3 years ago

maybe a matter of caddyserver/certmagic

gangster commented 2 years ago

Yeah, I'm seeing the same thing

2022/01/01 18:00:42.340 ERROR   tls.issuance.acme.acme_client   cleaning up solver  {"identifier": "dev.redacted.com", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for dev.redacted.com (probably OK if presenting failed)"}
2022/01/01 18:00:43.265 ERROR   tls.obtain  could not get certificate from issuer   {"identifier": "dev.redacted.com", "issuer": "acme.zerossl.com-v2-DV90", "error": "[dev.redacted.com] solving challenges: presenting for challenge: adding temporary record for zone redacted.com.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.dev.redacted.com.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: 4c5fca86-7c22-4c5d-8c55-1c491bdd08a4 (order=https://acme.zerossl.com/v2/DV90/order/ENTiKLE1WwM-hZ-3FcF0AA) (ca=https://acme.zerossl.com/v2/DV90)"}
seansaleh commented 2 years ago

I ran into this with caddy and I believe it was due to me shutting down Caddy as it was acquiring a cert the first time around.

Time will tell, but I think I permanently fixed it by not restarting caddy until the SSL cert was acquired. And I made Caddy work this time by manually deleting the DNS record

Full logs: ``` {"level":"info","ts":1644319131.834762,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]} {"level":"info","ts":1644319131.8351793,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00047ed90"} {"level":"info","ts":1644319131.8363774,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443} {"level":"info","ts":1644319131.8364224,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"} {"level":"info","ts":1644319131.8372214,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"} {"level":"info","ts":1644319131.837429,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["redacted.example.org"]} {"level":"info","ts":1644319131.8376389,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"} {"level":"info","ts":1644319131.8376486,"msg":"serving initial configuration"} {"level":"info","ts":1644319131.8390758,"logger":"tls.obtain","msg":"acquiring lock","identifier":"redacted.example.org"} {"level":"info","ts":1644319131.8397255,"logger":"tls","msg":"finished cleaning storage units"} {"level":"info","ts":1644319131.8413498,"logger":"tls.obtain","msg":"lock acquired","identifier":"redacted.example.org"} {"level":"info","ts":1644319132.30588,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["redacted.example.org"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"redacted@redacted.example.org"} {"level":"info","ts":1644319132.3059146,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["redacted.example.org"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"redacted@redacted.example.org"} {"level":"info","ts":1644319132.3991704,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"redacted.example.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"} {"level":"info","ts":1644319137.0967011,"msg":"shutting down apps, then terminating","signal":"SIGTERM"} {"level":"warn","ts":1644319137.0967453,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"} {"level":"info","ts":1644319137.0992148,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc00047ed90"} {"level":"error","ts":1644319137.0992959,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"redacted.example.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for redacted.example.org (probably OK if presenting failed)"} {"level":"warn","ts":1644319137.099853,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1631302408","error":"performing request: Post \"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1631302408\": context canceled"} {"level":"error","ts":1644319137.099875,"logger":"tls.issuance.acme.acme_client","msg":"deactivating authorization","identifier":"redacted.example.org","authz":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1631302408","error":"attempt 1: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1631302408: context canceled"} {"level":"error","ts":1644319137.0999005,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"redacted.example.org","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[redacted.example.org] solving challenges: presenting for challenge: adding temporary record for zone redacted.example.org.: RequestCanceled: waiter context canceled\ncaused by: context canceled (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/redacted/redacted) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"} {"level":"info","ts":1644319137.1001453,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["redacted.example.org"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"redacted@redacted.example.org"} {"level":"info","ts":1644319137.1001596,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["redacted.example.org"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"redacted@redacted.example.org"} {"level":"warn","ts":1644319137.1001954,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": context canceled"} {"level":"error","ts":1644319137.1002128,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"redacted.example.org","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[redacted.example.org] creating new order: fetching new nonce from server: context canceled (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"} {"level":"info","ts":1644319137.1002207,"logger":"tls.obtain","msg":"releasing lock","identifier":"redacted.example.org"} {"level":"error","ts":1644319137.1002958,"logger":"tls.obtain","msg":"unable to unlock","identifier":"redacted.example.org","lock_key":"issue_cert_redacted.example.org","error":"remove /data/caddy/locks/issue_cert_redacted.example.org.lock: no such file or directory"} {"level":"error","ts":1644319137.100308,"logger":"tls","msg":"job failed","error":"redacted.example.org: obtaining certificate: [redacted.example.org] Obtain: [redacted.example.org] creating new order: fetching new nonce from server: context canceled (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"} {"level":"info","ts":1644319137.1014547,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"} {"level":"info","ts":1644319137.1014705,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0} {"level":"info","ts":1644319138.1005778,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"} {"level":"info","ts":1644319138.1092126,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]} {"level":"info","ts":1644319138.1095665,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0003628c0"} {"level":"info","ts":1644319138.1098425,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443} {"level":"info","ts":1644319138.109881,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"} {"level":"info","ts":1644319138.122919,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"} {"level":"info","ts":1644319138.1229174,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["redacted.example.org"]} {"level":"info","ts":1644319138.1232307,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"} {"level":"info","ts":1644319138.1232421,"msg":"serving initial configuration"} {"level":"info","ts":1644319138.1235335,"logger":"tls","msg":"finished cleaning storage units"} {"level":"info","ts":1644319138.123904,"logger":"tls.obtain","msg":"acquiring lock","identifier":"redacted.example.org"} {"level":"info","ts":1644319138.125748,"logger":"tls.obtain","msg":"lock acquired","identifier":"redacted.example.org"} {"level":"info","ts":1644319138.1269062,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["redacted.example.org"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"redacted@redacted.example.org"} {"level":"info","ts":1644319138.1269538,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["redacted.example.org"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"redacted@redacted.example.org"} {"level":"info","ts":1644319138.4419377,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"redacted.example.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"} {"level":"error","ts":1644319142.4946544,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"redacted.example.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for redacted.example.org (probably OK if presenting failed)"} {"level":"error","ts":1644319142.5344791,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"redacted.example.org","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[redacted.example.org] solving challenges: presenting for challenge: adding temporary record for zone redacted.example.org.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.redacted.example.org.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: a7d4ca1d-82a9-4950-b368-bb882278ddab (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/redacted/redacted) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"} {"level":"info","ts":1644319142.5349178,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["redacted.example.org"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"redacted@redacted.example.org"} {"level":"info","ts":1644319142.5349581,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["redacted.example.org"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"redacted@redacted.example.org"} {"level":"info","ts":1644319142.7536075,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"redacted.example.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"} {"level":"error","ts":1644319146.5747523,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"redacted.example.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for redacted.example.org (probably OK if presenting failed)"} {"level":"error","ts":1644319146.6166618,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"redacted.example.org","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[redacted.example.org] solving challenges: presenting for challenge: adding temporary record for zone redacted.example.org.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.redacted.example.org.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: a45c65ff-710f-49ad-8ef9-695e5ebb66cc (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/redacted/redacted) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"} {"level":"error","ts":1644319146.6166956,"logger":"tls.obtain","msg":"will retry","error":"[redacted.example.org] Obtain: [redacted.example.org] solving challenges: presenting for challenge: adding temporary record for zone redacted.example.org.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.redacted.example.org.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: a45c65ff-710f-49ad-8ef9-695e5ebb66cc (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/redacted/redacted) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":8.490910396,"max_duration":2592000} {"level":"info","ts":1644319206.836103,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"redacted.example.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"} {"level":"error","ts":1644319207.5973046,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"redacted.example.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for redacted.example.org (probably OK if presenting failed)"} {"level":"error","ts":1644319207.6371956,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"redacted.example.org","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[redacted.example.org] solving challenges: presenting for challenge: adding temporary record for zone redacted.example.org.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.redacted.example.org.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: a58060f7-4f61-4d52-a955-643968d601a0 (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/redacted/redacted) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"} {"level":"info","ts":1644319207.8551724,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"redacted.example.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"} {"level":"error","ts":1644319208.695537,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"redacted.example.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for redacted.example.org (probably OK if presenting failed)"} {"level":"error","ts":1644319208.7367048,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"redacted.example.org","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[redacted.example.org] solving challenges: presenting for challenge: adding temporary record for zone redacted.example.org.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.redacted.example.org.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: 1def1d03-b7e7-4ae3-8352-01f4faa2c90d (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/redacted/redacted) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"} {"level":"error","ts":1644319208.7369027,"logger":"tls.obtain","msg":"will retry","error":"[redacted.example.org] Obtain: [redacted.example.org] solving challenges: presenting for challenge: adding temporary record for zone redacted.example.org.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.redacted.example.org.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: 1def1d03-b7e7-4ae3-8352-01f4faa2c90d (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/redacted/redacted) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":70.611116941,"max_duration":2592000} {"level":"info","ts":1644319328.955006,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"redacted.example.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"} {"level":"error","ts":1644319329.742083,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"redacted.example.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for redacted.example.org (probably OK if presenting failed)"} {"level":"error","ts":1644319329.7819388,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"redacted.example.org","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[redacted.example.org] solving challenges: presenting for challenge: adding temporary record for zone redacted.example.org.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.redacted.example.org.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: 4288c351-6b61-4961-948d-e3b29b8d4ed0 (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/redacted/redacted) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"} {"level":"info","ts":1644319329.996387,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"redacted.example.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"} {"level":"error","ts":1644319330.6398587,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"redacted.example.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for redacted.example.org (probably OK if presenting failed)"} {"level":"error","ts":1644319330.6781278,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"redacted.example.org","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[redacted.example.org] solving challenges: presenting for challenge: adding temporary record for zone redacted.example.org.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.redacted.example.org.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: af89b583-d38e-494f-9cb0-43a95f5a1bb7 (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/redacted/redacted) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"} {"level":"error","ts":1644319330.6781793,"logger":"tls.obtain","msg":"will retry","error":"[redacted.example.org] Obtain: [redacted.example.org] solving challenges: presenting for challenge: adding temporary record for zone redacted.example.org.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.redacted.example.org.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: af89b583-d38e-494f-9cb0-43a95f5a1bb7 (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/redacted/redacted) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":192.552393348,"max_duration":2592000} {"level":"info","ts":1644319450.9516852,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"redacted.example.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"} {"level":"error","ts":1644319451.5077846,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"redacted.example.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for redacted.example.org (probably OK if presenting failed)"} {"level":"error","ts":1644319451.547986,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"redacted.example.org","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[redacted.example.org] solving challenges: presenting for challenge: adding temporary record for zone redacted.example.org.: InvalidChangeBatch: InvalidChangeBatch: [Tried to create resource record set [name='_acme-challenge.redacted.example.org.', type='TXT'] but it already exists]\n\tstatus code: 400, request id: 7ede79c4-213b-4dbb-9c61-31e3071340be (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/redacted/redacted) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"} ```
dtchanpura commented 2 years ago

Hi, I have been debugging this issue as I faced this couple of times in last 4 months, and found the following error which can be the issue.

{"level":"error","ts":1648715185.0685196,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"*.redacted.com","challenge_type":"dns-01","error":"deleting temporary record for zone redacted.com.: InvalidInput: InvalidInput: 1 validation error detected: Value '4659767778' at 'changeBatch.changes.1.member.resourceRecordSet.tTL' failed to satisfy constraint: Member must have value less than or equal to 2147483647\n\tstatus code: 400, request id: a8a513f1-5911-48a9-8dda-ab10e9c2daa2"}

Note: The caddy binary I used was built using a patch in my PR referenced above.

Edit: This PR https://github.com/libdns/route53/pull/12 should fix the issue.

eth-limo commented 2 years ago

@mholt It looks like @PhoenixPeca is no longer active on this repo. Can we appoint a new maintainer here as well?

mholt commented 2 years ago

@eth-limo Yep, thanks for the reminder. Added.