search

go-acme / lego

Let's Encrypt/ACME client and library written in Go
https://go-acme.github.io/lego/
MIT License
8.07k stars 1.03k forks source link

DNSChallenge for TransIP fails, not a valid domain name #899

Open romanpeters opened 5 years ago

romanpeters commented 5 years ago

I'm using traefik, which uses lego for LetsEncrypt certificates. The DNS provider I'm using is TransIP. When trying to generate certificates for mydomain.nl and *.mydomain.nl I get the following error:

time="2019-05-29T12:59:17Z" level=error 
msg="Unable to obtain ACME certificate for domains \"*.mydomain.nl,mydomain.nl\" : 
unable to generate a certificate for the domains [*.mydomain.nl mydomain.nl]: 
acme: Error -> One or more domains had a problem:\n[*.mydomain.nl] [*.mydomain.nl] acme: 
error presenting token: transip: error for mydomain.nl in Present: SOAP Fault 301: 
This is not a valid domain name: 'nl'\n[mydomain.nl] [mydomain.nl] acme: 
error presenting token: transip: error for mydomain.nl in Present: 
SOAP Fault 301: This is not a valid domain name: 'nl'\n"

This same setup used to work 90+ days ago. I noticed it because the certificate that should auto-renew expired.

I tried a new TransIP API key, which resulted in the same problem.

lassieee commented 4 years ago

I tried to get a wildcard cert for my domain today, using TransIP as provider (with API key), and I have the same error:

time="2020-01-18T09:41:10Z" level=debug msg="Using DNS Challenge provider: transip"
time="2020-01-18T09:41:10Z" level=info msg="legolog: [INFO] [*.mydomain.nl] acme: Obtaining bundled SAN certificate"
time="2020-01-18T09:41:11Z" level=info msg="legolog: [INFO] [*.mydomain.nl] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/33523008"
time="2020-01-18T09:41:11Z" level=info msg="legolog: [INFO] [*.mydomain.nl] acme: use dns-01 solver"
time="2020-01-18T09:41:11Z" level=info msg="legolog: [INFO] [*.mydomain.nl] acme: Preparing to solve DNS-01"
time="2020-01-18T09:41:12Z" level=info msg="legolog: [INFO] [*.mydomain.nl] acme: Cleaning DNS-01 challenge"
time="2020-01-18T09:41:12Z" level=info msg="legolog: [WARN] [*.mydomain.nl] acme: error cleaning up: transip: error for _acme-challenge.mydomain.nl. in CleanUp: SOAP Fault 301: This is not a valid domain name: 'nl' "
time="2020-01-18T09:41:13Z" level=error msg="Unable to obtain ACME certificate for domains \"*.mydomain.nl\" : unable to generate a certificate for the domains [*.mydomain.nl]: acme: Error -> One or more domains had a problem:\n[*.mydomain.nl] [*.mydomain.nl] acme: error presenting token: transip: error for mydomain.nl in Present: SOAP Fault 301: This is not a valid domain name: 'nl'\n"
ldez commented 4 years ago

Hello,

SOAP Fault 301: This is not a valid domain name: 'nl'

It's a DNS error, so check your /etc/resolv.conf configuration.

lassieee commented 4 years ago

Hello,

SOAP Fault 301: This is not a valid domain name: 'nl'

It's a DNS error, so check your /etc/resolv.conf configuration.

Thanks, but I'm running Traefik in a docker container (traefik:v1.7.20-alpine) and I have 7 certs generated without issue, it's only the wildcard cert that's giving this error.

rhtenhove commented 4 years ago

I came across this issue as well. Turns out I was just using it wrong. Adding the following entry to my Docker Traefik labels (which has the api as a service) made all the other containers work as well:

labels:
  - traefik.http.routers.traefik-router.tls.domains[0].main=*.wildcard.domain

I assume one container needs to retrieve the wildcard certificate, the rest will re-use it. But, again, that's just an assumption.