search

go-acme / lego

Let's Encrypt/ACME client and library written in Go
https://go-acme.github.io/lego/
MIT License
7.91k stars 1.02k forks source link

acme: error presenting token: alicloud: zone com. not found in AliDNS for ... #2150

Closed AlpsMonaco closed 5 months ago

AlpsMonaco commented 5 months ago

Welcome

What did you expect to see?

a new certificate is issued successfully.

What did you see instead?

[www.txxxxxxxxx.com] [www.txxxxxxxxx.com] acme: error presenting token: alicloud: zone com. not found in AliDNS for domain _acme-challenge.www.txxxxxxxxx.com.

How do you use lego?

Library

Reproduction steps

Hi there , I am managed to locate where the problem is and it is reproducible. from github.com/go-acme/lego/v4@v4.16.1/providers/dns/alidns/alidns.go:199

authZone, err := dns01.FindZoneByFqdn(domain)
if err != nil {
    return "", fmt.Errorf("could not find zone: %w", err)
}

dns01.FindZoneByFqdn(domain) sometimes returns only the top-level domain. maybe it is a DNS provider error?

I write a small program and run it on the server which I came across the problem.

![image](https://github.com/go-acme/lego/assets/55621471/fe4695c6-5eb5-4c4c-b581-84645c935fb4)

I have two domains start with '7' and 't', results i run it on my server:

![image](https://github.com/go-acme/lego/assets/55621471/4bd21959-72fe-49de-b03c-1ff3ee68cc03)

the results are so random,sometimes it is ok but sometimes it is bad. Is changing the dns server of my linux server the only option?

Version of lego

github.com/go-acme/lego/v4 v4.16.1

Logs

```console # paste output here INFO ts=2024-04-07T10:00:02Z msg=[INFO] acme: Registering account for myemail@xxx.com INFO ts=2024-04-07T10:00:02Z msg=[INFO] [www.txxxxxxx.com] acme: Obtaining bundled SAN certificate INFO ts=2024-04-07T10:00:03Z msg=[INFO] [www.txxxxxxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxxxxxx INFO ts=2024-04-07T10:00:03Z msg=[INFO] [www.txxxxxxx.com] acme: Could not find solver for: tls-alpn-01 INFO ts=2024-04-07T10:00:03Z msg=[INFO] [www.txxxxxxx.com] acme: Could not find solver for: http-01 INFO ts=2024-04-07T10:00:03Z msg=[INFO] [www.txxxxxxx.com] acme: use dns-01 solver INFO ts=2024-04-07T10:00:03Z msg=[INFO] [www.txxxxxxx.com] acme: Preparing to solve DNS-01 INFO ts=2024-04-07T10:00:05Z msg=[INFO] [www.txxxxxxx.com] acme: Cleaning DNS-01 challenge INFO ts=2024-04-07T10:00:07Z msg=[WARN] [www.txxxxxxx.com] acme: cleaning up failed: alicloud: zone com. not found in AliDNS for domain _acme-challenge.www.txxxxxxx.com. INFO ts=2024-04-07T10:00:07Z msg=[INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/335609586167 ERROR ts=2024-04-07T10:00:07Z msg=error: one or more domains had a problem: [www.txxxxxxx.com] [www.txxxxxxx.com] acme: error presenting token: alicloud: zone com. not found in AliDNS for domain _acme-challenge.www.txxxxxxx.com. ```

Go environment (if applicable)

```console $ go version && go env # paste output here docker -go FROM golang:1.21 AS builder ```
ldez commented 5 months ago

maybe it is a DNS provider error?

It's not a DNS provider error, but a problem with your network (local DNS, firewall, etc.).

You can provide resolvers/nameservers: dns01.AddRecursiveNameservers()

AlpsMonaco commented 5 months ago

alibaba cloud support confirmed that their default dns has some problem and they suggested that I modify /etc/resolv.conf. using dns01.AddRecursiveNameservers() is a good choice,thank you so much. @ldez