Error when using LEGO v4.14.2 with OVH API in azukaar/Cosmos-Server project

[InterN0te]

Welcome

• [X] Yes, I'm using a binary release within 2 latest releases.
• [X] Yes, I've searched similar issues on GitHub and didn't find any.
• [X] Yes, I've included all information below (version, config, etc).

What did you expect to see?

I expected to see the certificates generated successfully without any errors. Specifically, I anticipated that the API call to OVH would correctly add a DNS record for the domain and not return a 404 error. The expected behavior is that the LEGO library interacts properly with the OVH API, using the correct API endpoint and successfully creating the necessary DNS records for certificate generation.

What did you see instead?

Instead of the successful generation of certificates, an error occurred indicating “OVHcloud API error (status code 404): “This service does not exist””. It appears that the API URL used to add a DNS record is incorrect, using “/domain/zone/fr/record” instead of “/domain/zone/domain.fr/record”. This resulted in a failure to create the necessary DNS records for certificate generation.

How do you use lego?

Library

Reproduction steps

1. Create a cosmos-server container.
2. Configure the hostname with OVH API credentials.
3. Apply configuration and reboot.

Note: It appears that this issue occurs specifically with this domain name, while it seems to work correctly with most other domain names. This could suggest a specific issue with how this domain is configured or how the LEGO library interacts with it. It’s unclear why this domain would result in an incorrect API URL. The issue persists across different subdomains of domain.fr, with or without the wildcard. Further investigation into this specific behavior may be required to resolve the issue

Version of lego

github.com/go-acme/lego/v4 v4.14.2 (found in azukaar/Cosmos-Server/go.mod)

Logs

2023/10/26 22:13:36 [INFO] acme: Registering account for Comptes@domain.fr
2023/10/26 22:13:36 [INFO] [domain.fr, *.domain.fr] acme: Obtaining bundled SAN certificate
2023/10/26 22:13:37 [INFO] [*.domain.fr] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/277716559486
2023/10/26 22:13:37 [INFO] [domain.fr] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/277716559496
2023/10/26 22:13:37 [INFO] [*.domain.fr] acme: use dns-01 solver
2023/10/26 22:13:37 [INFO] [domain.fr] acme: Could not find solver for: tls-alpn-01
2023/10/26 22:13:37 [INFO] [domain.fr] acme: Could not find solver for: http-01
2023/10/26 22:13:37 [INFO] [domain.fr] acme: use dns-01 solver
2023/10/26 22:13:37 [INFO] [*.domain.fr] acme: Preparing to solve DNS-01
2023/10/26 22:13:37 [INFO] [domain.fr] acme: Preparing to solve DNS-01
2023/10/26 22:13:37 [INFO] [*.domain.fr] acme: Cleaning DNS-01 challenge
2023/10/26 22:13:37 [WARN] [*.domain.fr] acme: cleaning up failed: ovh: unknown record ID for '_acme-challenge.domain.fr.'
2023/10/26 22:13:37 [INFO] [domain.fr] acme: Cleaning DNS-01 challenge
2023/10/26 22:13:37 [WARN] [domain.fr] acme: cleaning up failed: ovh: unknown record ID for '_acme-challenge.domain.fr.'
2023/10/26 22:13:37 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/277716559486
2023/10/26 22:13:37 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/277716559496
2023/10/26 22:13:38 [ERROR] LETSENCRYPT_OBTAIN : error: one or more domains had a problem:
[*.domain.fr] [*.domain.fr] acme: error presenting token: ovh: error when call api to add record (/domain/zone/fr/record): OVHcloud API error (status code 404): "This service does not exist" (X-OVH-Query-Id: EU.ext-1.653ac872.20765.4952f7deb169e646c6b819d7124ac75b)
[domain.fr] [domain.fr] acme: error presenting token: ovh: error when call api to add record (/domain/zone/fr/record): OVHcloud API error (status code 404): "This service does not exist" (X-OVH-Query-Id: EU.ext-1.653ac872.20765.892fd6819b9b7476490861a1039ca193)
2023/10/26 22:13:38 [ERROR] Getting TLS certificate. Fallback to SELFSIGNED certificates 

Go environment (if applicable)

No response

[ldez]

Hello,

The value of {ZONE} in the URL /domain/zone/{ZONE}/record is obtained by SOA calls.

You have fr instead of debauchez.fr because the DNS calls to get the SOA doesn't return the expected answer.

The problem is probably related to your environment: firewall, local DNS, etc. It's not a problem with lego.

[InterN0te]

Thank you for your quick and insightful response.

After removing the DNS entry that was redirecting domain.fr to my NAS, the issue was resolved. Now, the command dig @$dns_server $domaine SOA +short is returning the expected answer with my private DNS.

I’m quite surprised that my NAS, which uses the same DNS and LEGO version, didn’t encounter this issue. However, I’m not going to delve deeper into this as the current configuration works perfectly for me.

I really appreciate your help!