Closed kengodwin closed 10 months ago
Continuation of https://github.com/go-acme/lego/issues/2008 as requested
Can you provide a bit more detail?
Bunny.net provides a free trial of 14 days if you want to test yourself.
It's a CDN trial, not a free domain trial :wink:
ping @TECHNOFAB11
Can you provide a bit more detail?
Basically, previous DNS provider (while the dns integration worked with lego) was not reliably providing DNS information so it would randomly break Lets Encrypt on wild card cert renewals so I changed providers to Bunny yesterday.
When I ran into the issue, I switched to exec and can confirm with exec (using a different languages API Client for Bunny API) it works fine.
With my monkey patch to bunny.go, it also works fine (linked in the previous issue).
Since when? is it related to an update of Traefik or lego?
Well I'm using the lego docker container, so I'm assuming this is just straight lego binary and the fact my monkey patch only required modification to bunny.go it seems to be a lego issue.
It's a CDN trial, not a free domain trial 😉
It provides free for all its services, including DNS, for 14 days. I'm not sure why you arguing with me on this. I have 0 CDN services and it works just fine.
Are you using a CNAME?
is it related to www.developersunchained.com ?
Are you using a CNAME?
No. Its just an A record subdomain with an ip address.
is it related to www.developersunchained.com ?
No.
I will check if it still works for me (eg. if something broke, maybe Bunny changed something etc.)
@kengodwin can you check that the SOA query works? the SOA query could return the start of the authority for your subdomain, i.e. the apex of the domain.
https://www.nslookup.io/domains/minfra.space/dns-records/soa/
@kengodwin can you check that the SOA query works? the SOA query could return the start of the authority for your subdomain, i.e. the apex of the domain.
can you provide the SOA of your subdomain not of the apex?
@TECHNOFAB11 for me it's not related to the Bunny API.
The problem seems related to the zone detection, so for me it's related to a DNS configuration, a local DNS, or a firewall.
can you provide the SOA of your subdomain not of the apex?
https://www.nslookup.io/domains/test.dev-ops.minfra.space/dns-records/soa/
your getDomain
function is just a way to try to get the apex of a subdomain (the auth zone).
func getDomain(authZone string) (string, error) {
u, err := url.Parse("https://"+authZone)
if err != nil {
return "", err
}
parts := strings.Split(u.Hostname(), ".")
actualDomain := parts[len(parts)-2]+"."+parts[len(parts)-1]
/*fmt.Println("u: ", u)
fmt.Println("Hostname: ", u.Hostname())
fmt.Println("Parts", parts)
fmt.Println("actualDomain", actualDomain)
fmt.Println("record name: ", domain, "?authzone=", actualDomain)*/
return actualDomain, nil
}
That is why I am asking you for the SOA result of your subdomain.
Your previous message confirmed what I think: the SOA answer of the subdomain is not right, it should be minfra.space.
and not test.dev-ops.minfra.space.
.
@TECHNOFAB11 can you try with a subdomain that you own?
Your previous message confirmed what I think: the SOA answer of the subdomain is not right, it should be minfra.space. and not kiki.bunny.net.
That may be the case but I don't have control over the SOA record with bunny.net as far as I'm aware.
That may be the case but I don't have control over the SOA record with bunny.net as far as I'm aware.
It can be related to the way that you have setup your subdomain.
@TECHNOFAB11 can you try with a subdomain that you own?
Yep I'm on it, just have to get everything setup again :D (a nix flake would be awesome btw)
you just need a drill
or a dig
: drill <your_subomain> SOA
Shit, I get the same error. @ldez dig'ing gives me the wrong SOA aswell
test.tecf.de. 900 IN SOA kiki.bunny.net. hostmaster.bunny.net. 2020032201 7200 900 1209600 86400
ok, so I have a fix if you can confirm that the apex is always the effective zone.
ok, so I have a fix if you can confirm that the apex is always the effective zone.
I'm not sure what you mean by that, sorry. If I understand correctly the authZone
in findZone
is wrong? Like, it should not contain any subdomains?
The goal of find zone is to find the zone ("the domain") where the DNS record will be created with the API.
the question is about the zone used by the API, if the zone is always the apex (ex: example.com for foo.example.com or foo.bar.example.com)
The goal of find zone is to find the zone ("the domain") where the DNS record will be created with the API.
the question is about the zone used by the API, if the zone is always the apex (ex: example.com for foo.example.com or foo.bar.example.com)
Ahh gotcha, yeah I think its always the apex. Tried printing the zones before and it printed the apex for every domain I have added to Bunny
Welcome
What did you expect to see?
A working certificate message.
What did you see instead?
How do you use lego?
Binary
Reproduction steps
See What did you see instead as it has reproduction steps.
Bunny.net provides a free trial of 14 days if you want to test yourself.
Version of lego
Logs
Go environment (if applicable)