search

caddy-dns / route53

Caddy module: dns.providers.route53
MIT License
38 stars 31 forks source link

wildcard SSL certificate not working aws dynamic subdomain #28

Closed manuelfrans closed 1 year ago

manuelfrans commented 1 year ago

here is my caddy file on ubuntu OS Im trying to get subdomain to work with my domain but subdomain doesn't generate ssl certificate all my certificates are hosted on s3 so i have both s3 storage plugin and dns route 53 plugin


*.mysite, mysite {
tls {
         dns route53 {
    max_retries 10 
    aws_profile "my profile" 
    access_key_id "my-profile-access-key" 
    secret_access_key "my-profile-secret-key" 
    token "my-profile-secret-key" 
    region "eu-west-3" 
  }
    }
        root * /var/www/mysite/public
        encode zstd gzip
        file_server
         php_fastcgi unix//var/run/php/php8.2-fpm.sock

}

here is my caddy log


Jan 21 22:05:17 ip-172-31-39-194 caddy[249127]: {"level":"info","ts":1674338717.9979832,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"*.testlave.live"}
Jan 21 22:05:18 ip-172-31-39-194 caddy[249127]: {"level":"info","ts":1674338718.422322,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"*.testlave.live","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jan 21 22:05:18 ip-172-31-39-194 caddy[249127]: {"level":"error","ts":1674338718.7669091,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.testlave.live","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.testlave.live\" (usually OK if presenting also failed)"}
Jan 21 22:05:18 ip-172-31-39-194 caddy[249127]: {"level":"error","ts":1674338718.9066675,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.testlave.live","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.testlave.live] solving challenges: presenting for challenge: adding temporary record for zone \"testlave.live.\": operation error Route 53: ListHostedZonesByName, https response error StatusCode: 403, RequestID: 6563e61e-134a-4fd2-bf70-7607d883a16e, api error SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/84131713/6694827993) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Jan 21 22:05:20 ip-172-31-39-194 caddy[249127]: {"level":"info","ts":1674338720.8710263,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"*.testlave.live","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jan 21 22:05:21 ip-172-31-39-194 caddy[249127]: {"level":"error","ts":1674338721.2110147,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.testlave.live","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.testlave.live\" (usually OK if presenting also failed)"}
Jan 21 22:05:21 ip-172-31-39-194 caddy[249127]: {"level":"error","ts":1674338721.700836,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.testlave.live","issuer":"acme.zerossl.com-v2-DV90","error":"[*.testlave.live] solving challenges: presenting for challenge: adding temporary record for zone \"testlave.live.\": operation error Route 53: ListHostedZonesByName, https response error StatusCode: 403, RequestID: 46ad2d23-adcd-40f0-830e-8da7edda790f, api error SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. (order=https://acme.zerossl.com/v2/DV90/order/cM01XC8kmxAyX93orxXaxQ) (ca=https://acme.zerossl.com/v2/DV90)"}
Jan 21 22:05:21 ip-172-31-39-194 caddy[249127]: {"level":"error","ts":1674338721.7011356,"logger":"tls.obtain","msg":"will retry","error":"[*.testlave.live] Obtain: [*.testlave.live] solving challenges: presenting for challenge: adding temporary record for zone \"testlave.live.\": operation error Route 53: ListHostedZonesByName, https response error StatusCode: 403, RequestID: 46ad2d23-adcd-40f0-830e-8da7edda790f, api error SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. (order=https://acme.zerossl.com/v2/DV90/order/cM01XC8kmxAyX93orxXaxQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":319.633461226,"max_duration":2592000}

end of log

Please help me . Im assuming the error has to do with token Id value cause i tried using both access & secret key but to no avail’ when i create my iam user,AWS gives me only access key & secret key so dont know what to put at token

If my assumptions are wrong, please correct me in the right direction

manuelfrans commented 1 year ago

i have been able to get it to work. thanks