search

go-acme / lego

Let's Encrypt/ACME client and library written in Go
https://go-acme.github.io/lego/
MIT License
7.46k stars 986 forks source link

desec: increase default `DESEC_PROPAGATION_TIMEOUT` by 60s #2072

Closed Atemu closed 5 months ago

Atemu commented 6 months ago

Welcome

How do you use lego?

Binary

Detailed Description

Due to an upstream PowerDNS bug, deSEC appears to be polling propagations once a minute which results in the default configuration hitting the timeout almost every time which is a bad default experience.

See https://talk.desec.io/t/global-record-propagation-issues/332/ for context.

Would it be possible to increase the default timeout as a workaround? 120s would probably be a good value.

I'm not at all familiar with Go or else I would have opened a PR but perhaps something like

 // Propagation can currently take upwards of a minute: https://talk.desec.io/t/global-record-propagation-issues/332/
 PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout + 60 * time.second)

in here

https://github.com/go-acme/lego/blob/7186ebb6f194c55781432162a47ff62a0bb21023/providers/dns/desec/desec.go#L46-L46

would do it.

ldez commented 6 months ago

Hello,

Would it be possible to increase the default timeout as a workaround?

Yes

I'm not at all familiar with Go or else I would have opened a PR but perhaps something like

I will help you, so feel free to open a PR.

You just need to replace dns01.DefaultPropagationTimeout by 120 * time.second.

Atemu commented 6 months ago

I'll see what I can do.

I'd prefer to increase the default timeout by the delay inherent to the service rather than hard-coding a new timeout.

ldez commented 5 months ago

@Atemu do you need help?

Atemu commented 5 months ago

Sorry, simply haven't found the time to get into this yet.