search

go-acme / lego

Let's Encrypt/ACME client and library written in Go
https://go-acme.github.io/lego/
MIT License
7.91k stars 1.02k forks source link

nifcloud: fix bug in case of same auth zone #2125

Closed fuku2014 closed 7 months ago

fuku2014 commented 7 months ago

Summay

example.com    A    [IP_Address]
*.example.com    CNAME    example.com

Test

lego -a --dns nifcloud --path /etc/letsencrypt --email mail@example.com --domains example.com,*.example.com --server https://acme-staging-v02.api.letsencrypt.org/directory run

2024/03/04 16:46:48 [INFO] [example.com, *.example.com] acme: Obtaining bundled SAN certificate
2024/03/04 16:46:49 [INFO] [*.example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/11497371973
2024/03/04 16:46:49 [INFO] [example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/11497371983
2024/03/04 16:46:49 [INFO] [*.example.com] acme: use dns-01 solver
2024/03/04 16:46:49 [INFO] [example.com] acme: Could not find solver for: tls-alpn-01
2024/03/04 16:46:49 [INFO] [example.com] acme: Could not find solver for: http-01
2024/03/04 16:46:49 [INFO] [example.com] acme: use dns-01 solver
2024/03/04 16:46:49 [INFO] [*.example.com] acme: Preparing to solve DNS-01
2024/03/04 16:46:49 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com."
2024/03/04 16:46:51 [INFO] Wait for nifcloud [timeout: 2m0s, interval: 4s]
2024/03/04 16:46:51 [INFO] [example.com] acme: Preparing to solve DNS-01
2024/03/04 16:46:51 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com."
2024/03/04 16:46:53 [INFO] Wait for nifcloud [timeout: 2m0s, interval: 4s]
2024/03/04 16:46:53 [INFO] [*.example.com] acme: Trying to solve DNS-01
2024/03/04 16:46:53 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com."
2024/03/04 16:46:53 [INFO] [*.example.com] acme: Checking DNS record propagation. [nameservers=8.8.8.8:53,8.8.4.4:53]
2024/03/04 16:46:55 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/03/04 16:47:14 [INFO] [*.example.com] The server validated our request
2024/03/04 16:47:14 [INFO] [example.com] acme: Trying to solve DNS-01
2024/03/04 16:47:14 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com."
2024/03/04 16:47:14 [INFO] [example.com] acme: Checking DNS record propagation. [nameservers=8.8.8.8:53,8.8.4.4:53]
2024/03/04 16:47:16 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/03/04 16:47:32 [INFO] [example.com] The server validated our request
2024/03/04 16:47:32 [INFO] [*.example.com] acme: Cleaning DNS-01 challenge
2024/03/04 16:47:32 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com."
2024/03/04 16:47:35 [INFO] Wait for nifcloud [timeout: 2m0s, interval: 4s]
2024/03/04 16:47:35 [INFO] [example.com] acme: Cleaning DNS-01 challenge
2024/03/04 16:47:35 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com."
2024/03/04 16:47:38 [INFO] Wait for nifcloud [timeout: 2m0s, interval: 4s]
2024/03/04 16:47:39 [INFO] [example.com, *.example.com] acme: Validations succeeded; requesting certificates
2024/03/04 16:47:39 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/03/04 16:47:40 [INFO] [example.com] Server responded with a certificate.
ldez commented 7 months ago

hello,

is your CNAME configured to handle the ACME challenge or is it just a global CANME not related to ACME challenges?

https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme.html#the-advantages-of-a-cname

If it's not related to ACME challenges, you can disable the CNAME support: LEGO_DISABLE_CNAME_SUPPORT=true