search

go-acme / lego

Let's Encrypt/ACME client and library written in Go
https://go-acme.github.io/lego/
MIT License
7.84k stars 1.01k forks source link

servercow: regression dns-api after 4.11 #1963

Closed jsievertde closed 1 year ago

jsievertde commented 1 year ago

Welcome

What did you expect to see?

Renewal of certificates with the dns-api of servercow.de

What did you see instead?

Failure to renew the certificate with a generic error message that seems to indicate that the message was wrongly crafted.

How do you use lego?

Binary

Reproduction steps

1) Install any version after 4.11 2) Try to renew or create a certificate with a valid user for servercow 3) Try the same with version 4.11 or earlier and it works.

Version of lego

lego version 4.12.3 linux/amd64

Logs

renewal log 4.12.3

2023/07/21 02:30:02 [INFO] [nextcloud.XXX.XXX] acme: Trying renewal with 455 hours remaining
2023/07/21 02:30:02 [INFO] renewal: random delay of 4m48.303222917s
2023/07/21 02:34:50 [INFO] [nextcloud.XXX.XXX, cloud.XXX.XXX] acme: Obtaining bundled SAN certificate
2023/07/21 02:34:51 [INFO] [cloud.XXX.XXX] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/247470135257
2023/07/21 02:34:51 [INFO] [nextcloud.XXX.XXX] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/247470135267
2023/07/21 02:34:51 [INFO] [cloud.XXX.XXX] acme: Could not find solver for: tls-alpn-01
2023/07/21 02:34:51 [INFO] [cloud.XXX.XXX] acme: Could not find solver for: http-01
2023/07/21 02:34:51 [INFO] [cloud.XXX.XXX] acme: use dns-01 solver
2023/07/21 02:34:51 [INFO] [nextcloud.XXX.XXX] acme: Could not find solver for: tls-alpn-01
2023/07/21 02:34:51 [INFO] [nextcloud.XXX.XXX] acme: Could not find solver for: http-01
2023/07/21 02:34:51 [INFO] [nextcloud.XXX.XXX] acme: use dns-01 solver
2023/07/21 02:34:51 [INFO] [cloud.XXX.XXX] acme: Preparing to solve DNS-01
2023/07/21 02:34:51 [INFO] [nextcloud.XXX.XXX] acme: Preparing to solve DNS-01
2023/07/21 02:34:51 [INFO] [cloud.XXX.XXX] acme: Cleaning DNS-01 challenge
2023/07/21 02:34:51 [WARN] [cloud.XXX.XXX] acme: cleaning up failed: servercow: failed to get TXT records: unmarshaling *[]internal.Record error: invalid character 'E' looking for beginning of value: Examples:

### Add a record
### Requires "type", "name", "content" - "ttl" is optional

curl -X POST "https://api.servercow.de/dns/v1/domains/example.org" \
  -H "X-Auth-Username: servercow_username" \
  -H "X-Auth-Password: servercow_password" \
  -H "Content-Type: application/json" \
  --data '{"type":"TXT","name":"_acme-challenge.www","content":"acbdefghijklmnopqrstuvwxyz","ttl":20}'

### Get all records

curl -X GET "https://api.servercow.de/dns/v1/domains/example.org" \
  -H "X-Auth-Username: servercow_username" \
  -H "X-Auth-Password: servercow_password" \
  -H "Content-Type: application/json"

### Delete a record
### Requires "type" and "name", "content" is optional

curl -X DELETE "https://api.servercow.de/dns/v1/domains/example.org" \
  -H "X-Auth-Username: servercow_username" \
  -H "X-Auth-Password: servercow_password" \
  -H "Content-Type: application/json"
  --data '{"type":"TXT","name":"_acme-challenge.www"}'

2023/07/21 02:34:51 [INFO] [nextcloud.XXX.XXX] acme: Cleaning DNS-01 challenge
2023/07/21 02:34:51 [WARN] [nextcloud.XXX.XXX] acme: cleaning up failed: servercow: failed to get TXT records: unmarshaling *[]internal.Record error: invalid character 'E' looking for beginning of value: Examples:

### Add a record
### Requires "type", "name", "content" - "ttl" is optional

curl -X POST "https://api.servercow.de/dns/v1/domains/example.org" \
  -H "X-Auth-Username: servercow_username" \
  -H "X-Auth-Password: servercow_password" \
  -H "Content-Type: application/json" \
  --data '{"type":"TXT","name":"_acme-challenge.www","content":"acbdefghijklmnopqrstuvwxyz","ttl":20}'

### Get all records

curl -X GET "https://api.servercow.de/dns/v1/domains/example.org" \
  -H "X-Auth-Username: servercow_username" \
  -H "X-Auth-Password: servercow_password" \
  -H "Content-Type: application/json"

### Delete a record
### Requires "type" and "name", "content" is optional

curl -X DELETE "https://api.servercow.de/dns/v1/domains/example.org" \
  -H "X-Auth-Username: servercow_username" \
  -H "X-Auth-Password: servercow_password" \
  -H "Content-Type: application/json"
  --data '{"type":"TXT","name":"_acme-challenge.www"}'

2023/07/21 02:34:51 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/247470135257
2023/07/21 02:34:52 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/247470135267
2023/07/21 02:34:52 error: one or more domains had a problem:
[cloud.XXX.XXX] [cloud.XXX.XXX] acme: error presenting token: servercow: unmarshaling *[]internal.Record error: invalid character 'E' looking for beginning of value: Examples:

### Add a record
### Requires "type", "name", "content" - "ttl" is optional

curl -X POST "https://api.servercow.de/dns/v1/domains/example.org" \
  -H "X-Auth-Username: servercow_username" \
  -H "X-Auth-Password: servercow_password" \
  -H "Content-Type: application/json" \
  --data '{"type":"TXT","name":"_acme-challenge.www","content":"acbdefghijklmnopqrstuvwxyz","ttl":20}'

### Get all records

curl -X GET "https://api.servercow.de/dns/v1/domains/example.org" \
  -H "X-Auth-Username: servercow_username" \
  -H "X-Auth-Password: servercow_password" \
  -H "Content-Type: application/json"

### Delete a record
### Requires "type" and "name", "content" is optional

curl -X DELETE "https://api.servercow.de/dns/v1/domains/example.org" \
  -H "X-Auth-Username: servercow_username" \
  -H "X-Auth-Password: servercow_password" \
  -H "Content-Type: application/json"
  --data '{"type":"TXT","name":"_acme-challenge.www"}'

[nextcloud.XXX.XXX] [nextcloud.XXX.XXX] acme: error presenting token: servercow: unmarshaling *[]internal.Record error: invalid character 'E' looking for beginning of value: Examples:

### Add a record
### Requires "type", "name", "content" - "ttl" is optional

curl -X POST "https://api.servercow.de/dns/v1/domains/example.org" \
  -H "X-Auth-Username: servercow_username" \
  -H "X-Auth-Password: servercow_password" \
  -H "Content-Type: application/json" \
  --data '{"type":"TXT","name":"_acme-challenge.www","content":"acbdefghijklmnopqrstuvwxyz","ttl":20}'

### Get all records

curl -X GET "https://api.servercow.de/dns/v1/domains/example.org" \
  -H "X-Auth-Username: servercow_username" \
  -H "X-Auth-Password: servercow_password" \
  -H "Content-Type: application/json"

### Delete a record
### Requires "type" and "name", "content" is optional

curl -X DELETE "https://api.servercow.de/dns/v1/domains/example.org" \
  -H "X-Auth-Username: servercow_username" \
  -H "X-Auth-Password: servercow_password" \
  -H "Content-Type: application/json"
  --data '{"type":"TXT","name":"_acme-challenge.www"}'

renewal log 4.11.0

2023/07/21 13:29:25 [INFO] [nextcloud.XXX.XXX] acme: Trying renewal with 444 hours remaining
2023/07/21 13:29:25 [INFO] [nextcloud.XXX.XXX, cloud.XXX.XXX] acme: Obtaining bundled SAN certificate
2023/07/21 13:29:26 [INFO] [cloud.XXX.XXX] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/247613631517
2023/07/21 13:29:26 [INFO] [nextcloud.XXX.XXX] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/247613631527
2023/07/21 13:29:26 [INFO] [cloud.XXX.XXX] acme: Could not find solver for: tls-alpn-01
2023/07/21 13:29:26 [INFO] [cloud.XXX.XXX] acme: Could not find solver for: http-01
2023/07/21 13:29:26 [INFO] [cloud.XXX.XXX] acme: use dns-01 solver
2023/07/21 13:29:26 [INFO] [nextcloud.XXX.XXX] acme: Could not find solver for: tls-alpn-01
2023/07/21 13:29:26 [INFO] [nextcloud.XXX.XXX] acme: Could not find solver for: http-01
2023/07/21 13:29:26 [INFO] [nextcloud.XXX.XXX] acme: use dns-01 solver
2023/07/21 13:29:26 [INFO] [cloud.XXX.XXX] acme: Preparing to solve DNS-01
2023/07/21 13:29:31 [INFO] [nextcloud.XXX.XXX] acme: Preparing to solve DNS-01
2023/07/21 13:29:33 [INFO] [cloud.XXX.XXX] acme: Trying to solve DNS-01
2023/07/21 13:29:33 [INFO] [cloud.XXX.XXX] acme: Checking DNS record propagation using [8.8.8.8:53]
2023/07/21 13:29:35 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2023/07/21 13:29:40 [INFO] [cloud.XXX.XXX] The server validated our request
2023/07/21 13:29:40 [INFO] [nextcloud.XXX.XXX] acme: Trying to solve DNS-01
2023/07/21 13:29:40 [INFO] [nextcloud.XXX.XXX] acme: Checking DNS record propagation using [8.8.8.8:53]
2023/07/21 13:29:42 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2023/07/21 13:29:48 [INFO] [nextcloud.XXX.XXX] The server validated our request
2023/07/21 13:29:48 [INFO] [cloud.XXX.XXX] acme: Cleaning DNS-01 challenge
2023/07/21 13:29:49 [INFO] [nextcloud.XXX.XXX] acme: Cleaning DNS-01 challenge
2023/07/21 13:29:51 [INFO] [nextcloud.XXX.XXX, cloud.XXX.XXX] acme: Validations succeeded; requesting certificates
2023/07/21 13:29:52 [INFO] [nextcloud.XXX.XXX] Server responded with a certificate.

Go environment (if applicable)

```console $ go version && go env # paste output here ```
ldez commented 1 year ago

Hello @jsievertde,

I will create a PR to fix it, if I drive you, are you able to test the PR?

jsievertde commented 1 year ago

@ldez I should be able to test it for you.