search

fabmade / cert-manager-webhook-ionos

Cert manager acme dns01 webhook provider for ionos
Apache License 2.0
18 stars 7 forks source link

400 Bad Request #1

Closed Threnklyn closed 2 years ago

Threnklyn commented 2 years ago

Hi there,

I stumbled upon following error:

[{"name":"_acme-challenge.cloud","type":"TXT","content":"4rDTIlJpsOBptsNBe8ZnoRRRTOGP78ythyz6M2iipY0","ttl":120,"prio":0,"disabled":false}]
--
I0419 07:49:17.482897 1 ionos.go:151] Found ID with ZoneName: example.com
E0419 07:49:17.581415 1 client.go:102] Error calling API status: 400 Bad Request url: https://api.hosting.ionos.com/dns/v1/zones/[Zone-ID]/records method: POST

This happens if I want to create a wildcard certificate for *.cloud.example.com I manually tried to do the POST call with curl and getting this response:

[
  {
    "code": "INVALID_RECORD",
    "message": "Record is invalid.",
    "parameters": {
      "invalidFields": [
        "name"
      ],
      "errorRecord": {
        "name": "_acme-challenge.cloud",
        "rootName": "example.com",
        "type": "TXT",
        "content": "4rDTIlJpsOBptsNBe8ZnoRRRTOGP78ythyz6M2iipY0",
        "ttl": 120,
        "disabled": false
      }
    }
  }
]

Maybe Ionos changed their API because changing the name to _acme-challenge.cloud.example.com worked for me. Same 400 Error happens in ionosClient.GetRecordIdByName(). The API does not like the query recordName=_acme.challenge.cloud

fwmarcel commented 2 years ago

hello @Threnklyn have you been successful in getting a wildcard certificate u issued in the meantime? If so what did you do differently?

I am currently not sure in which places I have to enter what. thanks in advance

fabmade commented 2 years ago

@Threnklyn sorry for the late reply, yes i think something is wrong with the ionos api. I have contacted ionos support and I am waiting for a response

Threnklyn commented 2 years ago

Fixed it by removing the recordName function and replacing its calls with util.UnFqdn #2

fabmade commented 2 years ago

@Threnklyn ok thank you, for the fix!

kaiehrhardt commented 2 years ago

@fabmade Could you provide a new image tag with the fix?

If you want, i could contribute some github actions automation. (image build + upload)

fabmade commented 2 years ago

sure, i created a new tag

kaiehrhardt commented 2 years ago

not a git tag... a container image tag https://hub.docker.com/r/fabmade/cert-manager-webhook-ionos/tags

ty

derfabianpeter commented 1 year ago

We seem to experience the same issue with a .io domain. cert-manager logs the following error: "unable to init clientcert-manager; unable to find ionos dns zone with: io." while the full domain we try to register a cert for is example.io or sub.example.io.

We've updated to the latest Docker image which I assume should contain the new code that resulted from this issue - but the error seems to persist.