search

go-acme / lego

Let's Encrypt/ACME client and library written in Go
https://go-acme.github.io/lego/
MIT License
7.44k stars 985 forks source link

google domains Error 400: Precondition check failed., failedPrecondition #2202

Open hiseth opened 3 weeks ago

hiseth commented 3 weeks ago

Welcome

What did you expect to see?

Actually I have been using it for more than a year, and it was working fine before. But now I find it has some problems. I am not sure if there are some changes in the google api?

What did you see instead?

Unable to complete certificate request

How do you use lego?

Docker image

Reproduction steps

docker run -t --name run_certs -e GOOGLE_DOMAINS_ACCESS_TOKEN="xxxxxxx" goacme/lego:latest --dns.disable-cp --email "xxxxx" --accept-tos --dns googledomains --domains ".xxxxx" --domains "xxxxx" --domains ".xxxxx" run

Version of lego

goacme/lego:latest

Logs

```console 2024/06/08 08:38:57 No key found for account xxxxx.com. Generating a P256 key. 2024/06/08 08:38:57 Saved key to /.lego/accounts/acme-v02.api.letsencrypt.org/xxxxx/keys/xxxxxx.key 2024/06/08 08:38:58 [INFO] acme: Registering account for xxxxxxx !!!! HEADS UP !!!! Your account credentials have been saved in your Let's Encrypt configuration directory at "/.lego/accounts". You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained from Let's Encrypt so making regular backups of this folder is ideal. 2024/06/08 08:38:58 [INFO] [*.xxxx, xxxx, *.xxxxx] acme: Obtaining bundled SAN certificate 2024/06/08 08:38:59 [INFO] [*.xxxxx] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/361200360847 2024/06/08 08:38:59 [INFO] [*.xxxx] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/361200360857 2024/06/08 08:38:59 [INFO] [xxxxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/361200360867 2024/06/08 08:38:59 [INFO] [*.xxxx] acme: use dns-01 solver 2024/06/08 08:38:59 [INFO] [*.xxx] acme: use dns-01 solver 2024/06/08 08:38:59 [INFO] [xxxxxxx] acme: Could not find solver for: tls-alpn-01 2024/06/08 08:38:59 [INFO] [xxxxxxx] acme: Could not find solver for: http-01 2024/06/08 08:38:59 [INFO] [xxxxxxx] acme: use dns-01 solver 2024/06/08 08:38:59 [INFO] [*.xxxxxxx.xxxxxxx] acme: Preparing to solve DNS-01 2024/06/08 08:39:05 [INFO] [*.xxxxxxx] acme: Preparing to solve DNS-01 2024/06/08 08:39:05 [INFO] [xxxxxxx] acme: Preparing to solve DNS-01 2024/06/08 08:39:06 [INFO] [*.xxxxxxx.xxxxxxx] acme: Cleaning DNS-01 challenge 2024/06/08 08:39:06 [WARN] [*.xxxxxxx.xxxxxxx] acme: cleaning up failed: googledomains: error cleaning up challenge for domain xxxxxxx.xxxxxxx: googleapi: Error 400: Precondition check failed., failedPrecondition 2024/06/08 08:39:06 [INFO] [*.xxxxxxx] acme: Cleaning DNS-01 challenge 2024/06/08 08:39:07 [WARN] [*.xxxxxxx] acme: cleaning up failed: googledomains: error cleaning up challenge for domain xxxxxxx: googleapi: Error 400: Precondition check failed., failedPrecondition 2024/06/08 08:39:07 [INFO] [xxxxxxx] acme: Cleaning DNS-01 challenge 2024/06/08 08:39:07 [WARN] [xxxxxxx] acme: cleaning up failed: googledomains: error cleaning up challenge for domain xxxxxxx: googleapi: Error 400: Precondition check failed., failedPrecondition 2024/06/08 08:39:07 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/361200360847 2024/06/08 08:39:08 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/361200360857 2024/06/08 08:39:09 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/361200360867 2024/06/08 08:39:09 Could not obtain certificates: error: one or more domains had a problem: [*.xxxxxxx.xxxxxxx] [*.xxxxxxx.xxxxxxx] acme: error presenting token: googledomains: error adding challenge for domain xxxxxxx.xxxxxxx: googleapi: Error 400: Precondition check failed., failedPrecondition [*.xxxxxxx] [*.xxxxxxx] acme: error presenting token: googledomains: error adding challenge for domain xxxxxxx: googleapi: Error 400: Precondition check failed., failedPrecondition [xxxxxxx] [xxxxxxx] acme: error presenting token: googledomains: error adding challenge for domain xxxxxxx: googleapi: Error 400: Precondition check failed., failedPrecondition ```

Go environment (if applicable)

```console $ go version && go env # paste output here ```
ldez commented 3 weeks ago

Hello,

maybe it's related to a change to token scope inside Google Domains. Can you check that?

Or maybe it's related to the fact Google Domains has been replaced: https://domains.google/

hiseth commented 3 weeks ago

@ldez Thanks for your reply, since our domain has been migrated to SquareSpace I guess this is because they don't provide the acme api
https://www.reddit.com/r/homelab/comments/19cvviq/acme_certificate_dns_mode_squarespace/

ldez commented 3 weeks ago

"ACME API" is not a real API: the ACME DNS challenge uses API related to adding and removing DNS records. "ACME API" was a weird concept of the Google domains to add/remove records.

Squarespace may have a "classic" DNS API.