Closed ldez closed 4 months ago
Perfect. Will try it out tomorrow and provide feedback. Much appreciated.
@thadius83 any news?
@thadius83 any news?
No go unfortunately. Same results.
Fresh build using - git clone git@github.com:ldez/lego.git
when I use the the incorrect key I'm able to get error logs from easydns control panel which shows that it's not breaking the domain up correctly
O:8:"stdClass":6:{s:6:"domain";s:5:"id.au";s:4:"host";s:23:"_acme-challenge.test.XX";s:3:"ttl";s:3:"120";s:4:"prio";s:1:"0";s:4:"type";s:3:"TXT";s:5:"rdata";s:43:"randomkeydataforverification";}
Note my domain is 2 letters.
When using the correct credentials, there is nothing recorded in the log file on the easydns side
I suspect due to a parsing error, it's attempting to modify "id.au" rather than "XX.id.au"
A successful log from them using acme.sh looks like this.
03:05 attempt is lego
03:33 is acme.sh
In the put command at 03:33:16, the content is
O:8:"stdClass":2:{s:4:"host";s:20:"_acme-challenge.test";s:5:"rdata";s:43:"jgqKt2KhgjeykQTEpVM1j4p5P2ZkEMusOfX7mh2fask";}
But it's submitting that put against zones/records/add/XX.id.au/TXT
Rather than "zones/records/add/id.au/TXT
which Lego is doing.
Fresh build using - git clone git@github.com:ldez/lego.git
Do you have checkout the branch (fix/easydns
) of my PR?
I suspect due to a parsing error, it's attempting to modify "id.au" rather than "XX.id.au"
My PR doesn't contain parsing: I replace the previous algorithm (based on split) by DNS calls.
Can you try this call:
https://sandbox.rest.easydns.net:3001/#/read/listZone
with domain:
_acme-challenge.test.XX.id.au
test.XX.id.au
and give me JSON answers?
Fresh build using - git clone git@github.com:ldez/lego.git
Do you have checkout the branch (
fix/easydns
) of my PR?
# git branch -l
* fix/easydns
lego version b7f0ca141a0443bd8745dc1bd241daa6384e721c linux/amd64
I believe it's the correct version?
OK, I just wanted to be sure because your message was ambiguous.
Can you answer to this comment? https://github.com/go-acme/lego/pull/2121#issuecomment-1970398881
Can you try this call:
https://sandbox.rest.easydns.net:3001/#/read/listZone
with domain:
_acme-challenge.test.XX.id.au
test.XX.id.au
and give me JSON answers?
I suspect I'm doing something wrong, the API under read doesn't have listZone
Have tested the sandbox credentials and able to pull data via other commands?
it's /zones/records/all/{domain}
https://sandbox.rest.easydns.net/zones/records/all/test.xx.id.au
{
"error": {
"code": 403,
"message": "Access to resource denied due to permissions"
}
}
If I execute it on the parent domain it works, and dumps out the entire zone file. I've removed the other sub domains and parent domain info,
curl -X 'GET' \
'https://sandbox.rest.easydns.net/zones/records/all/XX.id.au' \
-H 'accept: application/json' \
-H 'Authorization: Basic dxxxxxxxxxxxxxxxxxxxxxxxmFwaTY1ZTAxZTEwODljNTA3Ljg0MzU5MTI2'
{
"tm": 1709190001,
"data": [
{
"id": "134249771",
"domain": "xx.id.au",
"host": "test",
"ttl": "300",
"prio": "0",
"type": "A",
"rdata": "10.0.1.100",
"geozone_id": "0",
"last_mod": "2024-02-28 06:36:41"
},
],
"count": 43,
"total": 43,
"start": 0,
"max": 1000,
"status": 200
}
Have tried the last two commits you've made with no luck.. varying errors
most recent
2024/02/29 07:08:17 [INFO] [test.xx.id.au] acme: Preparing to solve DNS-01
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0xf699c7]
goroutine 1 [running]:
github.com/go-acme/lego/v4/providers/dns/easydns.(*DNSProvider).Present(0xc0013921a0, {0xc001322cb0, 0xd}, {0xedd7b5ee1?, 0x0?}, {0xc0011cb320?, 0x3?})
github.com/go-acme/lego/v4/providers/dns/easydns/easydns.go:127 +0x1a7
github.com/go-acme/lego/v4/challenge/dns01.(*Challenge).PreSolve(0xc00138e0c0, {{0xc001322cc0, 0x7}, {0x0, 0xedd7b5ee1, 0x0}, {{0xc001322ca8, 0x3}, {0xc001322cb0, 0xd}}, ...})
github.com/go-acme/lego/v4/challenge/dns01/dns_challenge.go:95 +0x27a
github.com/go-acme/lego/v4/challenge/resolver.sequentialSolve({0xc00011b550, 0x1, 0x0?}, 0xc0013198f0)
github.com/go-acme/lego/v4/challenge/resolver/prober.go:102 +0x1d8
github.com/go-acme/lego/v4/challenge/resolver.(*Prober).Solve(0xc000de2370, {0xc000afe460, 0x1, 0x14?})
github.com/go-acme/lego/v4/challenge/resolver/prober.go:86 +0x535
github.com/go-acme/lego/v4/certificate.(*Certifier).Obtain(0xc001388390, {{0xc000bbe030, 0x1, 0x1}, {0x0, 0x0}, 0x0, {0x0, 0x0, 0x0}, ...})
github.com/go-acme/lego/v4/certificate/certificates.go:143 +0x3e2
github.com/go-acme/lego/v4/cmd.obtainCertificate(0xc000c4e440, 0xc001392060)
github.com/go-acme/lego/v4/cmd/cmd_run.go:202 +0x23c
github.com/go-acme/lego/v4/cmd.run(0xc000c4e440)
github.com/go-acme/lego/v4/cmd/cmd_run.go:105 +0x257
github.com/urfave/cli/v2.(*Command).Run(0xc000b1d340, 0xc000c4e440, {0xc000aa8d10, 0x1, 0x1})
github.com/urfave/cli/v2@v2.27.1/command.go:279 +0x97d
github.com/urfave/cli/v2.(*Command).Run(0xc000b1db80, 0xc000b91880, {0xc00013a000, 0x8, 0x8})
github.com/urfave/cli/v2@v2.27.1/command.go:272 +0xbb7
github.com/urfave/cli/v2.(*App).RunContext(0xc000e8c400, {0x3563b08, 0x54b5900}, {0xc00013a000, 0x8, 0x8})
github.com/urfave/cli/v2@v2.27.1/app.go:337 +0x58b
github.com/urfave/cli/v2.(*App).Run(...)
github.com/urfave/cli/v2@v2.27.1/app.go:311
main.main()
github.com/go-acme/lego/v4/cmd/lego/main.go:42 +0x1c7
lego version f5edd675dbd259f45c529df83adb8145c0243119 linux/amd64
@thadius83 can you try with my new fix?
@thadius83 can you try with my new fix?
Worked first time! Output in the easydns logs match the achme.sh shell script.
Mind if I ask what the issue was, and are there any other tests or logs you want?
I did test initially with the wrong credentials, and it returned the following - rather than the usual unauthorised message
2024/03/03 12:46:17 [INFO] [test.XX.id.au] acme: Obtaining bundled SAN certificate
2024/03/03 12:46:17 [INFO] [test.XX.id.au] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/321xxxxxx
2024/03/03 12:46:17 [INFO] [test.XX.id.au] acme: Could not find solver for: tls-alpn-01
2024/03/03 12:46:17 [INFO] [test.XX.id.au] acme: Could not find solver for: http-01
2024/03/03 12:46:17 [INFO] [test.XX.id.au] acme: use dns-01 solver
2024/03/03 12:46:17 [INFO] [test.XX.id.au] acme: Preparing to solve DNS-01
2024/03/03 12:46:19 [INFO] [test.XX.id.au] acme: Cleaning DNS-01 challenge
2024/03/03 12:46:19 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/32196xxxxxxxxx
2024/03/03 12:46:20 Could not obtain certificates:
error: one or more domains had a problem:
[test.XX.id.au] [test.XX.id.au] acme: error presenting token: easydns: no subdomain because the domain and the zone are identical: _acme-challenge.test.XX.id.au.
With my latest commit, when using an invalid token you will have the API response:
easydns: code 420: Enhance Your Calm. Rate limit exceeded (too many requests) OR you did NOT provide any credentials with your request!
Their messages are not clear, but it's not my fault :smile:
With my latest commit, when using an invalid token you will have the API response:
easydns: code 420: Enhance Your Calm. Rate limit exceeded (too many requests) OR you did NOT provide any credentials with your request!
Their messages are not clear, but it's not my fault 😄
haha no worries. I figured you might want to fix that just to be pedantic and avoid people like me questioning it! Thanks for the great work!
Hi sorry to be the party pooper not sure how all this works inside out but I did
# snap install lego (on my Ubuntu server)
lego v4.16.1 from El Dez (ldez) installed
and still getting:
CERTIFICATE: *.juliamiles.co.uk; STATUS: Generating a new certificate ...
2024/03/25 18:21:45 [INFO] [*.juliamiles.co.uk, juliamiles.co.uk] acme: Obtaining SAN certificate
2024/03/25 18:21:46 [INFO] [*.juliamiles.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/330668204327
2024/03/25 18:21:46 [INFO] [juliamiles.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/330668204337
2024/03/25 18:21:46 [INFO] [*.juliamiles.co.uk] acme: use dns-01 solver
2024/03/25 18:21:46 [INFO] [juliamiles.co.uk] acme: Could not find solver for: tls-alpn-01
2024/03/25 18:21:46 [INFO] [juliamiles.co.uk] acme: Could not find solver for: http-01
2024/03/25 18:21:46 [INFO] [juliamiles.co.uk] acme: use dns-01 solver
2024/03/25 18:21:46 [INFO] [*.juliamiles.co.uk] acme: Preparing to solve DNS-01
2024/03/25 18:21:48 [INFO] [*.juliamiles.co.uk] acme: Cleaning DNS-01 challenge
2024/03/25 18:21:48 [INFO] [juliamiles.co.uk] acme: Preparing to solve DNS-01
2024/03/25 18:21:49 [INFO] [juliamiles.co.uk] acme: Cleaning DNS-01 challenge
2024/03/25 18:21:49 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/330668204327
2024/03/25 18:21:49 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/330668204337
2024/03/25 18:21:49 Could not obtain certificates:
error: one or more domains had a problem:
[*.juliamiles.co.uk] [*.juliamiles.co.uk] acme: error presenting token: easydns: error adding zone record: 403: request failed: {"error":{"code":403,"message":"Access to resource denied due to permissions"}}
[juliamiles.co.uk] [juliamiles.co.uk] acme: error presenting token: easydns: error adding zone record: 403: request failed: {"error":{"code":403,"message":"Access to resource denied due to permissions"}}
What am I doing wrong?
Cheers! -AL
403: request failed: {"error":{"code":403,"message":"Access to resource denied due to permissions"}}
The new implementation does a new call to get the zone, based on your log I think it's because your token doesn't have enough rights.
@tsg1992 Can you open a new dedicated issue if the problem is not related to rights/permissions?
In this new issue, can you provide the output of your lego with the env var LEGO_DEBUG_CLIENT_VERBOSE_ERROR
to true
?
Sure thanks for the quick reply @ldez . I'll open a new dedicated thread. It's not permission related, as I can create/renew other certificates wihtout issues.
Fixes #1466