search

go-acme / lego

Let's Encrypt/ACME client and library written in Go
https://go-acme.github.io/lego/
MIT License
7.92k stars 1.01k forks source link

rimuhosting: error with dns challenge #1880

Closed jasonblewis closed 1 year ago

jasonblewis commented 1 year ago

Welcome

What did you expect to see?

when trying to create an LE cert using dns challenge and rimuhosting, it fails

What did you see instead?

i see the following error:

root@snow:~# RIMUHOSTING_API_KEY="redacted" lego --accept-tos --email='jason@examplexyz.com.au' --domains='snow.examplexyz.net.au' --dns rimuhosting run
2023/03/30 16:07:40 [INFO] [snow.examplexyz.net.au] acme: Obtaining bundled SAN certificate
2023/03/30 16:07:41 [INFO] [snow.examplexyz.net.au] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/215163879877
2023/03/30 16:07:41 [INFO] [snow.examplexyz.net.au] acme: Could not find solver for: tls-alpn-01
2023/03/30 16:07:41 [INFO] [snow.examplexyz.net.au] acme: Could not find solver for: http-01
2023/03/30 16:07:41 [INFO] [snow.examplexyz.net.au] acme: use dns-01 solver
2023/03/30 16:07:41 [INFO] [snow.examplexyz.net.au] acme: Preparing to solve DNS-01
2023/03/30 16:07:42 [INFO] [snow.examplexyz.net.au] acme: Cleaning DNS-01 challenge
2023/03/30 16:07:42 [WARN] [snow.examplexyz.net.au] acme: cleaning up failed: rimuhosting: failed to delete record for snow.examplexyz.net.au: expected element type <error> but have <html> 
2023/03/30 16:07:43 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/215163879877
2023/03/30 16:07:43 Could not obtain certificates:
    error: one or more domains had a problem:
[snow.examplexyz.net.au] [snow.examplexyz.net.au] acme: error presenting token: rimuhosting: failed to find record(s) for snow.examplexyz.net.au: expected element type <error> but have <html>

How do you use lego?

Binary

Reproduction steps

build latest lego execute the following command: RIMUHOSTING_API_KEY="redacted" lego --accept-tos --email='jason@examplexyz.com.au' --domains='snow.examplexyz.net.au' --dns rimuhosting run

Version of lego

root@snow:~/go/bin# ./lego --version
lego version dev linux/amd64

Logs

``` 2023/03/30 16:07:40 [INFO] [snow.examplexyz.net.au] acme: Obtaining bundled SAN certificate 2023/03/30 16:07:41 [INFO] [snow.examplexyz.net.au] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/215163879877 2023/03/30 16:07:41 [INFO] [snow.examplexyz.net.au] acme: Could not find solver for: tls-alpn-01 2023/03/30 16:07:41 [INFO] [snow.examplexyz.net.au] acme: Could not find solver for: http-01 2023/03/30 16:07:41 [INFO] [snow.examplexyz.net.au] acme: use dns-01 solver 2023/03/30 16:07:41 [INFO] [snow.examplexyz.net.au] acme: Preparing to solve DNS-01 2023/03/30 16:07:42 [INFO] [snow.examplexyz.net.au] acme: Cleaning DNS-01 challenge 2023/03/30 16:07:42 [WARN] [snow.examplexyz.net.au] acme: cleaning up failed: rimuhosting: failed to delete record for snow.examplexyz.net.au: expected element type but have 2023/03/30 16:07:43 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/215163879877 2023/03/30 16:07:43 Could not obtain certificates: error: one or more domains had a problem: [snow.examplexyz.net.au] [snow.examplexyz.net.au] acme: error presenting token: rimuhosting: failed to find record(s) for snow.examplexyz.net.au: expected element type but have ```

Go environment (if applicable)

```console $ go version && go env root@snow:~/go/bin# go version && go env go version go1.19.6 linux/amd64 GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/root/.cache/go-build" GOENV="/root/.config/go/env" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOINSECURE="" GOMODCACHE="/root/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="linux" GOPATH="/root/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/lib/go-1.19" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/lib/go-1.19/pkg/tool/linux_amd64" GOVCS="" GOVERSION="go1.19.6" GCCGO="gccgo" GOAMD64="v1" AR="ar" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="/dev/null" GOWORK="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build224019726=/tmp/go-build -gno-record-gcc-switches" ```
ldez commented 1 year ago

lego version dev linux/amd64

This means that you are building the binary by yourself.

can you provide the real version? and if you have some customization, can you share them?

jasonblewis commented 1 year ago

I tested with the version distributed with debian testing version and a version I built using the build instructions. I'm not familiar with go so I'm unsure how to get go to show proper version. I got the same error whether built from source or from the package.

Debian package reports 4.9.1-1 - but lego installed that way also reports lego version dev linux/amd64

I then tested by installing using the suggested go install github.com/go-acme/lego/v4/cmd/lego@latest but that is what led to the version also reporting as 

root:~/go/bin# ./lego -v
lego version dev linux/amd64

I tried to build from git as per the instructions on https://go-acme.github.io/lego/installation/ but I ran into errors also:

$ make
BIN_OUTPUT: dist/lego
rm -rf dist/ builds/ cover.out
go generate ./...
Documentation for 116 DNS providers has been generated.
cli_help.toml updated
golangci-lint run
providers/dns/cloudxns/cloudxns.go:89:39: unused-parameter: parameter 'token' seems to be unused, consider removing or renaming it as _ (revive)
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
                                      ^
providers/dns/cloudxns/cloudxns.go:101:39: unused-parameter: parameter 'token' seems to be unused, consider removing or renaming it as _ (revive)
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
                                      ^
.....
ldez commented 1 year ago

The go install way is enough to indicate the version for me.

The problem here is the limited information inside the error and the way that rimuhosting handled some errors by providing an HTML page instead of a real API error.

I improve that in a PR but it will not available quickly.

Maybe your problem is related to a change inside the v4.9 around CNAME. You can try to set the env var LEGO_DISABLE_CNAME_SUPPORT to true.

jasonblewis commented 1 year ago

I tested again with your suggestion:

LEGO_DISABLE_CNAME_SUPPORT=1 RIMUHOSTING_API_KEY='redacted' lego --email="jason@examplexyz.com.au" --domains="snow.examplexyz.net.au" --dns rimuhosting run

but I get the same error:

2023/04/13 08:55:43 [INFO] [snow.examplexyz.net.au] acme: Obtaining bundled SAN certificate
2023/04/13 08:55:44 [INFO] [snow.examplexyz.net.au] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/218934178277
2023/04/13 08:55:44 [INFO] [snow.examplexyz.net.au] acme: Could not find solver for: tls-alpn-01
2023/04/13 08:55:44 [INFO] [snow.examplexyz.net.au] acme: Could not find solver for: http-01
2023/04/13 08:55:44 [INFO] [snow.examplexyz.net.au] acme: use dns-01 solver
2023/04/13 08:55:44 [INFO] [snow.examplexyz.net.au] acme: Preparing to solve DNS-01
2023/04/13 08:55:45 [INFO] [snow.examplexyz.net.au] acme: Cleaning DNS-01 challenge
2023/04/13 08:55:45 [WARN] [snow.examplexyz.net.au] acme: cleaning up failed: rimuhosting: failed to delete record for snow.examplexyz.net.au: expected element type <error> but have <html> 
2023/04/13 08:55:45 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/218934178277
2023/04/13 08:55:45 Could not obtain certificates:
    error: one or more domains had a problem:
[snow.examplexyz.net.au] [snow.examplexyz.net.au] acme: error presenting token: rimuhosting: failed to find record(s) for snow.examplexyz.net.au: expected element type <error> but have <html>
ldez commented 1 year ago

As you have an HTML page, there is a high probability that the value of your token RIMUHOSTING_API_KEY have a problem.

I tried (with Zonomi because Rimu Hosting and Zonomi are owned by the same company (Rimu Hosting Ltd) and it's the exact same API) and the only way I find to reproduce your error is to use an invalid token.

https://rimuhosting.com/dns/dyndns.jsp https://zonomi.com/app/dns/dyndns.jsp

ldez commented 1 year ago

I found the problem (and it's not related to the token), it's just a change or just an typo in the API endpoint of RimuHosting

I will fix that.