Support for provider: cloud.ru

[mrJDoe]

Welcome

• [X] Yes, I've searched similar issues on GitHub and didn't find any.
• [X] Yes, the DNS provider exposes a public API.
• [X] Yes, I know that the lego maintainers don't have an account in all DNS providers in the world.
• [ ] Yes, I'm able to create a pull request and be able to maintain the implementation.
• [x] Yes, I'm able to test an implementation if someone creates a pull request to add the support of this DNS provider.

How do you use lego?

Binary

Link to the DNS provider

https://cloud.ru/

Link to the API documentation

https://cloud.ru/ru/docs/clouddns/ug/topics/api-ref_resource-record.html

Additional Notes

No response

[ldez]

Hello,

you have not checked the following box:

• [ ] Yes, I'm able to create a pull request and be able to maintain the implementation.
• [ ] Yes, I'm able to test an implementation if someone creates a pull request to add the support of this DNS provider.

But you have also checked this box:

• [X] Yes, I know that the lego maintainers don't have an account with all DNS providers in the world.

Without someone to create a PR or be able to test a PR it's impossible to add a new provider.

Are you sure to not be able to test a PR?

---

Sponsoring is a good way to sustain open source maintainers: sponsor me

[mrJDoe]

ok, i will try to test.

[ldez]

can you give the redacted output of the following command?

export KEY_ID=<your_key_id>
export SECRET=<your_secret>
curl -i --data-urlencode 'grant_type=access_key' --data-urlencode "client_id=$KEY_ID" --data-urlencode "client_secret=$SECRET" "https://auth.iam.sbercloud.ru/auth/system/openid/token"

Reference: https://cloud.ru/ru/docs/clouddns/ug/topics/api-ref_authentication.html

[mrJDoe]

output:

HTTP/1.1 200
content-type: application/json; charset=utf-8
x-request-id: 1f899e0b-d15d-4a22-b1ea-e01f259ca125
date: Sat, 22 Jul 2023 19:24:12 GMT
x-frame-options: DENY
x-xss-protection: 1;mode=block
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000;includeSubDomains;preload
referrer-policy: no-referrer-when-downgrade
transfer-encoding: chunked

{"access_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6ImEyMjM3ZDhhLWQ0ZDQtNDA5Yi04ZTMxLWM3NGJhYTZhM2NjYiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiaWFtIl0sImF1dGhfdGltZSI6MTY5MDA1Mzg1MiwiYXpwIjoiOWE0M2I0OTM1ZDRhMDc5NmRkYjE0Mjk0NjUxYjk2NzciLCJlbWFpbCI6ImxlZ29AOTlmN2I5NzItZmZlYS00OTkyLTgyN2EtY2M4MDYzOTg1MmNhLmlhbS5zYmVyY2xvdWQucnUiLCJleHAiOjE2OTAwNTc0NTIsImlhdCI6MTY5MDA1Mzg1MiwiaXNzIjoiaHR0cHM6Ly9hdXRoLmlhbS5zYmVyY2xvdWQucnUvYXV0aC9zeXN0ZW0iLCJqdGkiOiJlYzk0ZWJhNC03NzU2LTRjNjQtYmNmMC0zMzYxODIwNWM5ODkiLCJuYmYiOjE2OTAwNTM4NTIsIm5vbmNlIjoiIiwicmVhbG1fYWNjZXNzIjpudWxsLCJyZXNvdXJjZV9hY2Nlc3MiOnt9LCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIHJvbGVzIiwic3ViIjoiZmVhMzRmYTUtZmE5ZS00OTdkLTk5MDAtNjdhYWJjOWNkZWJjIiwic3ViX2lkIjoiZmVhMzRmYTUtZmE5ZS00OTdkLTk5MDAtNjdhYWJjOWNkZWJjIiwic3ViX3R5cGUiOiJzZXJ2aWNlX2FjY291bnQiLCJ0eXAiOiJCZWFyZXIifQ.hhPr-Xr_NbyRwrqGoqeepthWfpfmD47RjzHUwo2lVPkeMiL8AMWzDPRxs-8gns9eTSHZCoAH0RjyrBnTaOrztInM72h8_rIIFr0MMPIIqrUkp2id_alya9eoiSWg_69PzNZ2CKWJDylL8o4Vi9_cSBYp-6H1xNcOAvO4a9xkNCoGGiogjHWNFq64qnS_P6fYY-pl9leuprCeq1GAKPODevHwzmc4gkEZIj_15SUh_ofJRJICgyLmkELQ8a0wDGYmZcdNKiGQDpd7rHaGrOvO1k8IJHfgs5aCMyuHXybTg6AMlodpYs8MBdk6K_VFY-cxSRB8ocq_Q7Hgt9qaRADg2Q","id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6ImEyMjM3ZDhhLWQ0ZDQtNDA5Yi04ZTMxLWM3NGJhYTZhM2NjYiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiaWFtIl0sImF1dGhfdGltZSI6MTY5MDA1Mzg1MiwiYXpwIjoiOWE0M2I0OTM1ZDRhMDc5NmRkYjE0Mjk0NjUxYjk2NzciLCJlbWFpbCI6ImxlZ29AOTlmN2I5NzItZmZlYS00OTkyLTgyN2EtY2M4MDYzOTg1MmNhLmlhbS5zYmVyY2xvdWQucnUiLCJleHAiOjE2OTAwNTc0NTIsImlhdCI6MTY5MDA1Mzg1MiwiaXNzIjoiaHR0cHM6Ly9hdXRoLmlhbS5zYmVyY2xvdWQucnUvYXV0aC9zeXN0ZW0iLCJqdGkiOiIxNDRmMDRlNS1jYjZkLTQ2NTktODJhMi0yMmE5MDQwNGZlZjAiLCJuYmYiOjE2OTAwNTM4NTIsIm5vbmNlIjoiIiwicmVhbG1fYWNjZXNzIjpudWxsLCJyZXNvdXJjZV9hY2Nlc3MiOnt9LCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIHJvbGVzIiwic3ViIjoiZmVhMzRmYTUtZmE5ZS00OTdkLTk5MDAtNjdhYWJjOWNkZWJjIiwic3ViX2lkIjoiZmVhMzRmYTUtZmE5ZS00OTdkLTk5MDAtNjdhYWJjOWNkZWJjIiwic3ViX3R5cGUiOiJzZXJ2aWNlX2FjY291bnQiLCJ0eXAiOiJJRCJ9.oW9w9X2EBozdY7JTnL6WBPE114BM52ZOaWLkXamJvUOks_F4fRxw5lJIN-LkTwMZ9jE3PsBV2_SueCL5Ry2ISiEXaZeoQ_FPnSkz-CMFDP6Ph2erOvEWQInTIPA6h-ToIhYMZR8lc_kPOmar2mTT8b043FZ6zFDf28PJCCo8snCgA_tIO7R0fNJYT7Hr-UR7LSrE-Sjz7lsgttyDEPH1P4yPm4ZzRLYLcR240p1iGKG9yxtl8IL6uxseS4pUddimaH6jFPhMFLH44PV4O_-uYs74erjoPiroCHiaWQIdDR5GZDoPCbYXQa0knh9hnK1pX6fO-krHeT3RtfuFf5609A","expires_in":3600,"not-before-policy":0,"scope":"openid profile email roles","token_type":"Bearer"}

[ldez]

The documentation is a bit weak, there is no real example of the returns of the API.

Can you run the following commands and give me the results of the last two?

export KEY_ID=<your_key_id>
export SECRET=<your_secret>
curl -i --data-urlencode 'grant_type=access_key' --data-urlencode "client_id=$KEY_ID" --data-urlencode "client_secret=$SECRET" "https://auth.iam.sbercloud.ru/auth/system/openid/token"

<Service_Instance_ID>: see https://cloud.ru/ru/docs/clouddns/ug/topics/api-ref_zone.html#id2 <access_token>: the value of the access_token field from the first command.

curl -X 'GET' \
'https://console.sbercloud.ru/api/clouddns/v1/zones?parentId=<Service_Instance_ID>' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <access_token>'

<zone_ID>: a zone ID from the previous command. <access_token>: the value of the access_token field from the first command.

curl -X 'GET' \
'https://console.sbercloud.ru/api/clouddns/v1/zones/<zone_ID>/records' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <access_token>'

---

As the documentation doesn't provide a clear explanation about updateMask on the record update, the provider will be sequential.

[mrJDoe]

maybe you mean API call by url https://console.sbercloud.ru/api/clouddns/v1/zones?parentId=$SERVICE_INSTANCE_ID instead https://raw.githubusercontent.com.

i created a ticket to cloud.ru tech support because i get an error in API response. it will take some time and i will come back.

[mrJDoe]

output:

curl -X GET "https://console.sbercloud.ru/api/clouddns/v1/zones?parentId=$SERVICE_INSTANCE_ID" -H "accept: application/json" -H "Authorization: Bearer $CLOUD_TOKEN"

{
 "items": [
  {
   "id": "59556fcd-95ff-451f-b49b-9732f21f944a",
   "parent_id": "2d7b6194-2b83-4f71-86fd-a1e727e347b2",
   "name": "legotest.site",
   "valid": true,
   "validation_text": "sbc-verification: 5c86c962-7ee2-4983-b39b-1d9461959d8b",
   "delegated": true,
   "created_at": "2023-07-23T08:12:41.287031Z",
   "updated_at": "2023-07-24T05:50:28.606078Z"
  }
 ]
}

curl -X GET 'https://console.sbercloud.ru/api/clouddns/v1/zones/59556fcd-95ff-451f-b49b-9732f21f944a/records' -H 'accept: application/json' -H "Authorization: Bearer $CLOUD_TOKEN"

{
 "items": [
  {
   "zone_id": "59556fcd-95ff-451f-b49b-9732f21f944a",
   "name": "legotest.site.",
   "type": "SOA",
   "values": [
    "cdns-ns01.sbercloud.ru. mail.sbercloud.ru 1 120 3600 604800 3600"
   ],
   "ttl": "3600",
   "enables": true,
   "readonly": true
  },
  {
   "zone_id": "59556fcd-95ff-451f-b49b-9732f21f944a",
   "name": "legotest.site.",
   "type": "NS",
   "values": [
    "cdns-ns01.sbercloud.ru.",
    "cdns-ns02.sbercloud.ru."
   ],
   "ttl": "3600",
   "enables": true,
   "readonly": true
  },
  {
   "zone_id": "59556fcd-95ff-451f-b49b-9732f21f944a",
   "name": "www.legotest.site.",
   "type": "A",
   "values": [
    "8.8.8.8"
   ],
   "ttl": "3600",
   "enables": true,
   "readonly": false
  }
 ]
}

[ldez]

Thank you!

So the documentation is wrong about field names...

Can you test PR #1968? Ask me if you need help.

---

Sponsoring is a good way to sustain open source maintainers: sponsor me

[mrJDoe]

ok, I'll try to do that.

[ldez]

A quick tutorial if you need it:

• git and make
• Install Go

• Get the PR code:

  # Clone my repository
  git clone https://github.com/go-acme/lego.git
  cd lego
  git switch feat/cloudru
  
  # Build
  make build

[mrJDoe]

i'm got error

git clone git@github.com:ldez/lego.git

Cloning into 'lego'...
The authenticity of host 'github.com (140.82.121.3)' can't be established.
ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

i'll try this commands, ok?

git clone https://github.com/go-acme/lego.git
gh pr checkout 1968

[ldez]

sorry, yes you can use gh and https://github.com/go-acme/lego.git (instead of git@github.com:ldez/lego.git)

[mrJDoe]

output:

$ git clone https://github.com/go-acme/lego.git
Cloning into 'lego'...
remote: Enumerating objects: 20622, done.
remote: Counting objects: 100% (4373/4373), done.
remote: Compressing objects: 100% (972/972), done.
remote: Total 20622 (delta 3467), reused 3520 (delta 3264), pack-reused 16249
Receiving objects: 100% (20622/20622), 13.05 MiB | 33.00 KiB/s, done.
Resolving deltas: 100% (12066/12066), done.
$ cd lego/
$ gh pr checkout 1968
remote: Enumerating objects: 35, done.
remote: Counting objects: 100% (35/35), done.
remote: Compressing objects: 100% (22/22), done.
remote: Total 35 (delta 12), reused 35 (delta 12), pack-reused 0
Unpacking objects: 100% (35/35), 13.98 KiB | 80.00 KiB/s, done.
From https://github.com/go-acme/lego
 * [new ref]           refs/pull/1968/head -> feat/cloudru
Switched to branch 'feat/cloudru'
$ make build
BIN_OUTPUT: dist/lego
rm -rf dist/ builds/ cover.out
Version: 3806e958bfbf34f912619d0dcdee7db0512cd265
go build -trimpath -ldflags '-X "main.version=3806e958bfbf34f912619d0dcdee7db0512cd265"' -o  dist/lego ./cmd/lego/
$ rm -rf .lego
$ CLOUDRU_SERVICE_INSTANCE_ID=xxx \
CLOUDRU_KEY_ID=xxx \
CLOUDRU_SECRET=xxx \
./dist/lego -m plugmn@gmail.com --dns cloudru -d *.legotest.site -d legotest.site -s https://acme-staging-v02.api.letsencrypt.org/directory run

2023/07/24 21:03:35 No key found for account plugmn@gmail.com. Generating a P256 key.
2023/07/24 21:03:35 Saved key to /root/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/plugmn@gmail.com/keys/plugmn@gmail.com.key
2023/07/24 21:03:36 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
Do you accept the TOS? Y/n
y
2023/07/24 21:03:38 [INFO] acme: Registering account for plugmn@gmail.com
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/root/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2023/07/24 21:03:38 [INFO] [*.legotest.site, legotest.site] acme: Obtaining bundled SAN certificate
2023/07/24 21:03:40 [INFO] [*.legotest.site] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7437645074
2023/07/24 21:03:40 [INFO] [legotest.site] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7437645084
2023/07/24 21:03:40 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7437645074
2023/07/24 21:03:40 [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7437645074
2023/07/24 21:03:40 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7437645084
2023/07/24 21:03:41 [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7437645084
2023/07/24 21:03:41 Could not obtain certificates:
        error: one or more domains had a problem:
[] acme: error: 404 :: POST :: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7437645074 :: urn:ietf:params:acme:error:malformed :: No such authorization

[ldez]

I pushed a fix, can you pull the code and retry?

[mrJDoe]

output:

$ CLOUDRU_SERVICE_INSTANCE_ID=aaa CLOUDRU_KEY_ID=bbb CLOUDRU_SECRET=ccc ./dist/lego -m plugmn@gmail.com --dns cloudru -d *.legotest.site -d legotest.site -s https://acme-staging-v02.api.letsencrypt.org/directory run
2023/07/24 23:07:33 [INFO] [*.legotest.site, legotest.site] acme: Obtaining bundled SAN certificate
2023/07/24 23:07:35 [INFO] [*.legotest.site] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7438735664
2023/07/24 23:07:35 [INFO] [legotest.site] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7438755644
2023/07/24 23:07:35 [INFO] [legotest.site] acme: authorization already valid; skipping challenge
2023/07/24 23:07:35 [INFO] [*.legotest.site] acme: use dns-01 solver
2023/07/24 23:07:35 [INFO] [*.legotest.site] acme: Preparing to solve DNS-01
2023/07/24 23:07:42 [INFO] [*.legotest.site] acme: Trying to solve DNS-01
2023/07/24 23:07:42 [INFO] [*.legotest.site] acme: Checking DNS record propagation using [1.1.1.1:53]
2023/07/24 23:07:44 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2023/07/24 23:07:54 [INFO] [*.legotest.site] acme: Waiting for DNS record propagation.
2023/07/24 23:08:06 [INFO] [*.legotest.site] acme: Waiting for DNS record propagation.
2023/07/24 23:08:18 [INFO] [*.legotest.site] acme: Waiting for DNS record propagation.
2023/07/24 23:08:30 [INFO] [*.legotest.site] acme: Cleaning DNS-01 challenge
2023/07/24 23:08:32 [INFO] Skipping deactivating of valid auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7438735664
2023/07/24 23:08:33 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7438755644
2023/07/24 23:08:33 Could not obtain certificates:
        error: one or more domains had a problem:
[*.legotest.site] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.legotest.site - check that a DNS record exists for this domain

[ldez]

It's a bit complex to debug, are you ok to share one of your credentials (through email) with me? is plugmn@gmail.com your real email? Can I send you an email?

If you can't or don't want, it will be more complex but I can find other solutions.

[mrJDoe]

i'll create for you new credential for tests in cloud.ru. yes, plugmn@gmail.com is my email.

[ldez]

I send you an email

[ldez]

The implementation works but cloud.ru seems to have random propagation issues. I increased the propagation interval and timeout but as it's a problem with the behavior of cloud.ru I cannot fix it. I recommend contacting cloud.ru about this problem.

OK

```console $ CLOUDRU_SERVICE_INSTANCE_ID=xxx CLOUDRU_KEY_ID=xxx CLOUDRU_SECRET=xxx ./dist/lego -m mail@example.com --dns cloudru -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run 2023/07/25 15:06:45 No key found for account mail@example.com. Generating a P256 key. 2023/07/25 15:06:45 Saved key to /home/ldez/sources/go/src/github.com/go-acme/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/mail@example.com/keys/mail@example.com.key 2023/07/25 15:06:45 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf Do you accept the TOS? Y/n y 2023/07/25 15:06:48 [INFO] acme: Registering account for mail@example.com !!!! HEADS UP !!!! Your account credentials have been saved in your Let's Encrypt configuration directory at "/home/ldez/sources/go/src/github.com/go-acme/lego/.lego/accounts". You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained from Let's Encrypt so making regular backups of this folder is ideal. 2023/07/25 15:06:48 [INFO] [*.example.com, example.com] acme: Obtaining bundled SAN certificate 2023/07/25 15:06:49 [INFO] [*.example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7448993094 2023/07/25 15:06:49 [INFO] [example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7448993104 2023/07/25 15:06:49 [INFO] [*.example.com] acme: use dns-01 solver 2023/07/25 15:06:49 [INFO] [example.com] acme: Could not find solver for: tls-alpn-01 2023/07/25 15:06:49 [INFO] [example.com] acme: Could not find solver for: http-01 2023/07/25 15:06:49 [INFO] [example.com] acme: use dns-01 solver 2023/07/25 15:06:49 [INFO] [*.example.com] acme: Preparing to solve DNS-01 2023/07/25 15:06:49 [INFO] [*.example.com] acme: Trying to solve DNS-01 2023/07/25 15:06:50 [INFO] [*.example.com] acme: Checking DNS record propagation using [192.168.1.1:53] 2023/07/25 15:06:55 [INFO] Wait for propagation [timeout: 5m0s, interval: 5s] 2023/07/25 15:07:00 [INFO] [*.example.com] The server validated our request 2023/07/25 15:07:00 [INFO] [*.example.com] acme: Cleaning DNS-01 challenge 2023/07/25 15:07:00 [INFO] sequence: wait for 1m0s 2023/07/25 15:08:00 [INFO] [example.com] acme: Preparing to solve DNS-01 2023/07/25 15:08:01 [INFO] [example.com] acme: Trying to solve DNS-01 2023/07/25 15:08:01 [INFO] [example.com] acme: Checking DNS record propagation using [192.168.1.1:53] 2023/07/25 15:08:06 [INFO] Wait for propagation [timeout: 5m0s, interval: 5s] 2023/07/25 15:08:13 [INFO] [example.com] The server validated our request 2023/07/25 15:08:13 [INFO] [example.com] acme: Cleaning DNS-01 challenge 2023/07/25 15:08:13 [INFO] [*.example.com, example.com] acme: Validations succeeded; requesting certificates 2023/07/25 15:08:14 [INFO] Wait for certificate [timeout: 30s, interval: 500ms] 2023/07/25 15:08:14 [INFO] [*.example.com] Server responded with a certificate. ```

NXDOMAIN

```console $ CLOUDRU_SERVICE_INSTANCE_ID=xxx CLOUDRU_KEY_ID=xxx CLOUDRU_SECRET=xxx ./dist/lego -m mail@example.com --dns cloudru -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run 2023/07/25 14:56:22 No key found for account mail@example.com. Generating a P256 key. 2023/07/25 14:56:22 Saved key to /home/ldez/sources/go/src/github.com/go-acme/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/mail@example.com/keys/mail@example.com.key 2023/07/25 14:56:23 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf Do you accept the TOS? Y/n y 2023/07/25 14:56:25 [INFO] acme: Registering account for mail@example.com !!!! HEADS UP !!!! Your account credentials have been saved in your Let's Encrypt configuration directory at "/home/ldez/sources/go/src/github.com/go-acme/lego/.lego/accounts". You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained from Let's Encrypt so making regular backups of this folder is ideal. 2023/07/25 14:56:25 [INFO] [*.example.com, example.com] acme: Obtaining bundled SAN certificate 2023/07/25 14:56:26 [INFO] [*.example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7448888154 2023/07/25 14:56:26 [INFO] [example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7448888164 2023/07/25 14:56:26 [INFO] [*.example.com] acme: use dns-01 solver 2023/07/25 14:56:26 [INFO] [example.com] acme: Could not find solver for: tls-alpn-01 2023/07/25 14:56:26 [INFO] [example.com] acme: Could not find solver for: http-01 2023/07/25 14:56:26 [INFO] [example.com] acme: use dns-01 solver 2023/07/25 14:56:26 [INFO] [*.example.com] acme: Preparing to solve DNS-01 2023/07/25 14:56:26 [INFO] [*.example.com] acme: Trying to solve DNS-01 2023/07/25 14:56:26 [INFO] [*.example.com] acme: Checking DNS record propagation using [192.168.1.1:53] 2023/07/25 14:56:31 [INFO] Wait for propagation [timeout: 5m0s, interval: 5s] 2023/07/25 14:56:39 [INFO] [*.example.com] The server validated our request 2023/07/25 14:56:39 [INFO] [*.example.com] acme: Cleaning DNS-01 challenge 2023/07/25 14:56:40 [INFO] sequence: wait for 1m0s 2023/07/25 14:57:40 [INFO] [example.com] acme: Preparing to solve DNS-01 2023/07/25 14:57:40 [INFO] [example.com] acme: Trying to solve DNS-01 2023/07/25 14:57:40 [INFO] [example.com] acme: Checking DNS record propagation using [192.168.1.1:53] 2023/07/25 14:57:45 [INFO] Wait for propagation [timeout: 5m0s, interval: 5s] 2023/07/25 14:57:51 [INFO] [example.com] acme: Cleaning DNS-01 challenge 2023/07/25 14:57:52 [INFO] Skipping deactivating of valid auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7448888154 2023/07/25 14:57:52 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7448888164 2023/07/25 14:57:52 Could not obtain certificates: error: one or more domains had a problem: [example.com] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.example.com - check that a DNS record exists for this domain ```

NXDOMAIN

```console $ CLOUDRU_SERVICE_INSTANCE_ID=xxx CLOUDRU_KEY_ID=xxx CLOUDRU_SECRET=xxx ./dist/lego -m mail@example.com --dns cloudru -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run 2023/07/25 14:59:28 No key found for account mail@example.com. Generating a P256 key. 2023/07/25 14:59:28 Saved key to /home/ldez/sources/go/src/github.com/go-acme/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/mail@example.com/keys/mail@example.com.key 2023/07/25 14:59:28 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf Do you accept the TOS? Y/n y 2023/07/25 14:59:30 [INFO] acme: Registering account for mail@example.com !!!! HEADS UP !!!! Your account credentials have been saved in your Let's Encrypt configuration directory at "/home/ldez/sources/go/src/github.com/go-acme/lego/.lego/accounts". You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained from Let's Encrypt so making regular backups of this folder is ideal. 2023/07/25 14:59:30 [INFO] [*.example.com, example.com] acme: Obtaining bundled SAN certificate 2023/07/25 14:59:30 [INFO] [*.example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7448913604 2023/07/25 14:59:30 [INFO] [example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7448913614 2023/07/25 14:59:30 [INFO] [*.example.com] acme: use dns-01 solver 2023/07/25 14:59:30 [INFO] [example.com] acme: Could not find solver for: tls-alpn-01 2023/07/25 14:59:30 [INFO] [example.com] acme: Could not find solver for: http-01 2023/07/25 14:59:30 [INFO] [example.com] acme: use dns-01 solver 2023/07/25 14:59:30 [INFO] [*.example.com] acme: Preparing to solve DNS-01 2023/07/25 14:59:31 [INFO] [*.example.com] acme: Trying to solve DNS-01 2023/07/25 14:59:32 [INFO] [*.example.com] acme: Checking DNS record propagation using [192.168.1.1:53] 2023/07/25 14:59:37 [INFO] Wait for propagation [timeout: 5m0s, interval: 5s] 2023/07/25 14:59:37 [INFO] [*.example.com] acme: Waiting for DNS record propagation. 2023/07/25 14:59:47 [INFO] [*.example.com] acme: Cleaning DNS-01 challenge 2023/07/25 14:59:48 [INFO] [example.com] acme: Preparing to solve DNS-01 2023/07/25 14:59:49 [INFO] [example.com] acme: Trying to solve DNS-01 2023/07/25 14:59:49 [INFO] [example.com] acme: Checking DNS record propagation using [192.168.1.1:53] 2023/07/25 14:59:54 [INFO] Wait for propagation [timeout: 5m0s, interval: 5s] 2023/07/25 14:59:54 [INFO] [example.com] acme: Waiting for DNS record propagation. 2023/07/25 14:59:59 [INFO] [example.com] acme: Waiting for DNS record propagation. 2023/07/25 15:00:04 [INFO] [example.com] acme: Waiting for DNS record propagation. 2023/07/25 15:00:09 [INFO] [example.com] acme: Cleaning DNS-01 challenge 2023/07/25 15:00:10 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7448913604 2023/07/25 15:00:10 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/7448913614 2023/07/25 15:00:11 Could not obtain certificates: error: one or more domains had a problem: [*.example.com] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.example.com - check that a DNS record exists for this domain [example.com] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.example.com - check that a DNS record exists for this domain ```

[mrJDoe]

i'll try contact cloud.ru about that. thank you.

[ldez]

I merge the PR because the problem is not related to lego. I hope that cloud.ru will fix the rest.

---

Sponsoring is a good way to sustain open source maintainers: sponsor me