search

go-acme / lego

Let's Encrypt/ACME client and library written in Go
https://go-acme.github.io/lego/
MIT License
7.91k stars 1.02k forks source link

Propagation Time Limit exceeded #2243

Closed matze19999 closed 1 month ago

matze19999 commented 1 month ago

Welcome

What did you expect to see?

Successfully created certificates. The TXT entry is created sucessfully and I can retrieve it with nslookup or mxtoolbox. But acme/lego isn't able to retrieve the TXT entry. I tried multiple DNS Servers (1.1.1.1, 8.8.8.8, 8.8.4.4) and DODE_PROPAGATION_TIMEOUT up to 50 minutes.

What did you see instead?

2024/08/19 10:54:33 [INFO] [domain.de] acme: Waiting for DNS record propagation.
2024/08/19 10:54:45 [INFO] [domain.de] acme: Waiting for DNS record propagation.
2024/08/19 10:54:47 [INFO] [domain.de] acme: Cleaning DNS-01 challenge
2024/08/19 10:54:48 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/392254984076
2024/08/19 10:54:48 Could not obtain certificates:
        error: one or more domains had a problem:
[domain.de] propagation: time limit exceeded: last error: DNS call error: read udp 172.17.0.2:52428->132.226.204.252:53: i/o timeout [ns=domain.de.:53, question='_acme-challenge.domain.de. IN  TXT']
root@matze19999:~# 2024/08/19 10:54:33 [INFO] [domain.de] acme: Waiting for DNS record propagation.
2024/08/19 10:54:45 [INFO] [domain.de] acme: Waiting for DNS record propagation.
2024/08/19 10:54:47 [INFO] [domain.de] acme: Cleaning DNS-01 challenge
2024/08/19 10:54:48 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/392254984076
2024/08/19 10:54:48 Could not obtain certificates:
        error: one or more domains had a problem:
[domain.de] propagation: time limit exceeded: last error: DNS call error: read udp 172.17.0.2:52428->132.226.204.252:53: i/o timeout [ns=domain.de.:53, question='_acme-challenge.domain.de. IN  TXT']

How do you use lego?

Docker image

Reproduction steps

  1. Start Lego with this command: docker run --env DODE_PROPAGATION_TIMEOUT=300 --env DODE_TOKEN=XXXXXXXXXXXXXXXXXX goacme/lego --dns.resolvers 1.1.1.1 --dns dode --domains domain.de --email email@gmail.com --accept-tos run

Version of lego

v4.17

Logs

```console 2024/08/19 10:53:07 [INFO] [matze19999.de] acme: Waiting for DNS record propagation. 2024/08/19 10:53:19 [INFO] [matze19999.de] acme: Waiting for DNS record propagation. 2024/08/19 10:53:33 [INFO] [matze19999.de] acme: Waiting for DNS record propagation. 2024/08/19 10:53:45 [INFO] [matze19999.de] acme: Waiting for DNS record propagation. 2024/08/19 10:53:57 [INFO] [matze19999.de] acme: Waiting for DNS record propagation. 2024/08/19 10:54:09 [INFO] [matze19999.de] acme: Waiting for DNS record propagation. 2024/08/19 10:54:21 [INFO] [matze19999.de] acme: Waiting for DNS record propagation. 2024/08/19 10:54:33 [INFO] [matze19999.de] acme: Waiting for DNS record propagation. 2024/08/19 10:54:45 [INFO] [matze19999.de] acme: Waiting for DNS record propagation. 2024/08/19 10:54:47 [INFO] [matze19999.de] acme: Cleaning DNS-01 challenge 2024/08/19 10:54:48 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/392254984076 2024/08/19 10:54:48 Could not obtain certificates: error: one or more domains had a problem: [matze19999.de] propagation: time limit exceeded: last error: DNS call error: read udp 172.17.0.2:52428->132.226.204.252:53: i/o timeout [ns=matze19999.de.:53, question='_acme-challenge.matze19999.de. IN TXT'] root@matze19999:~# 2024/08/19 10:54:33 [INFO] [matze19999.de] acme: Waiting for DNS record propagation. 2024/08/19 10:54:45 [INFO] [matze19999.de] acme: Waiting for DNS record propagation. 2024/08/19 10:54:47 [INFO] [matze19999.de] acme: Cleaning DNS-01 challenge 2024/08/19 10:54:48 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/392254984076 2024/08/19 10:54:48 Could not obtain certificates: error: one or more domains had a problem: [matze19999.de] propagation: time limit exceeded: last error: DNS call error: read udp 172.17.0.2:52428->132.226.204.252:53: i/o timeout [ns=matze19999.de.:53, question='_acme-challenge.matze19999.de. IN TXT'] ```

Go environment (if applicable)

No response

ldez commented 1 month ago

Hello,

DNS call error: read udp 172.17.0.2:52428->132.226.204.252:53: i/o timeout [ns=domain.de.:53, question='_acme-challenge.domain.de. IN TXT']

Your problem is not related to a propagation timeout but to a DNS call timeout.

Your problem is probably related to your local network (firewall, local DNS, etc.).

You can try to increase the DNS call timeout with the following option, but I think your problem is not here.

--dns-timeout value Set the DNS timeout value to a specific value in seconds. Used only when performing authoritative name server queries. (default: 10) https://go-acme.github.io/lego/usage/cli/options/index.html