search

cybercinch / certbot-dns-directadmin

certbot plugin to allow acme dns-01 authentication of a name managed in DirectAdmin
Other
9 stars 5 forks source link

TXT record not deleted #5

Closed bobvandevijver closed 3 years ago

bobvandevijver commented 3 years ago

It looks like the TXT record is not removed, even though the plugin does log it as it should be removed.

guisea commented 3 years ago

Cannot reproduce this one. Always leaves my zone clear of those txt records. Please ensure that any txt entries are cleared away before trying again.

bobvandevijver commented 3 years ago

When you say any, do you also means TXT records such as DMARC, or only the acme challenge records?

In any case, it creates two records for my certificate. This is caused as I configured both the root domain as the wildcard domain for the certificate (so and *.). When testing with only the wildcard domain, only one record is created, but it is still not removed even though the log states it does.

From the log:

Successfully added TXT record for _acme-challenge.<domain>
Successfully added TXT record for _acme-challenge.<domain>
Waiting 120 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges
Successfully removed TXT record for _acme-challenge.<domain>
Successfully removed TXT record for _acme-challenge.<domain>
guisea commented 3 years ago

I meant the _acme-challenge records. I have again this evening ran some renewals and new-issue of certificates all of which removed the DNS record which it created. I have absolutely no straggling _acme-challenge records whatsoever.

bobvandevijver commented 2 months ago

@guisea I'd like to reopen this. From the log:

2024-07-07 18:58:27,763:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-07-07 18:58:28,746:DEBUG:certbot_dns_directadmin.dns_directadmin:Domain List returned: {"<domain>.nl": "<domain>.nl", "<domain>.eu": "<domain>.nl"}
2024-07-07 18:58:28,747:DEBUG:certbot_dns_directadmin.dns_directadmin:Record Domain: _acme-challenge.<domain>.nl
2024-07-07 18:58:28,747:DEBUG:certbot_dns_directadmin.dns_directadmin:Subdomain: _acme-challenge
2024-07-07 18:58:28,747:DEBUG:certbot_dns_directadmin.dns_directadmin:Domain: <domain>.nl
2024-07-07 18:58:30,888:DEBUG:certbot_dns_directadmin.dns_directadmin:{'error': '0', 'message': 'Records verwijderd'}
2024-07-07 18:58:30,888:INFO:certbot_dns_directadmin.dns_directadmin:Successfully removed TXT record for _acme-challenge.<domain>.nl

But, it is not removed. Note that there were no acme challenges registered before starting this particular run. Could it have something to do with the domain list returning aliases?

Also, it would help if the full requests and response would be logged, as certbot itself does as well for all its internal requests and responses.

Note that I am using 1.0.4 as newer version are not installable (#30 & #26).