ldez
commented
5 years ago Hello,
you can change the timeout by defining the env var NAMESILO_PROPAGATION_TIMEOUT
Open mubiesam opened 5 years ago
ldez
commented
5 years ago Hello,
you can change the timeout by defining the env var NAMESILO_PROPAGATION_TIMEOUT
mubiesam
commented
5 years ago Hi @ldez
Tried with this...
sudo NAMESILO_API_KEY=xxxxxxxxxxxxxxxxxxxxx NAMESILO_PROPAGATION_TIMEOUT=15m /opt/bitnami/letsencrypt/lego --dns="namesilo" --domains="johocen.com" --domains="*.johocen.com" --email="mubiesam@gmail.com" --path="/opt/bitnami/letsencrypt" runBut got
acme: error presenting token: namesilo: failed to add record code: 280, details: could not add resource record to domain since it already exists (duplicate)I checked NAMESILO, there are 5 _acme-challenge in txt record, (4 _acme-challenge + 1 _acme-challenge.www), I had add 2 manually before using Bitnami HTTP configuration tool, so the other 3 should be created by Bitnami tool.
Should I delete all 5 existing and run the lego command again? or how can I identify which should be kept?
Thanks
2019/09/17 09:31:59 [INFO] [johocen.com, *.johocen.com] acme: Obtaining bundled SAN certificate
2019/09/17 09:32:00 [INFO] [*.johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/380243879
2019/09/17 09:32:00 [INFO] [johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/380243881
2019/09/17 09:32:00 [INFO] [*.johocen.com] acme: use dns-01 solver
2019/09/17 09:32:00 [INFO] [johocen.com] acme: Could not find solver for: tls-alpn-01
2019/09/17 09:32:00 [INFO] [johocen.com] acme: Could not find solver for: http-01
2019/09/17 09:32:00 [INFO] [johocen.com] acme: use dns-01 solver
2019/09/17 09:32:00 [INFO] [*.johocen.com] acme: Preparing to solve DNS-01
2019/09/17 09:32:01 [INFO] [johocen.com] acme: Preparing to solve DNS-01
2019/09/17 09:32:02 [INFO] [*.johocen.com] acme: Cleaning DNS-01 challenge
2019/09/17 09:32:03 [INFO] [johocen.com] acme: Cleaning DNS-01 challenge
2019/09/17 09:32:04 Could not obtain certificates:
acme: Error -> One or more domains had a problem:
[*.johocen.com] [*.johocen.com] acme: error presenting token: namesilo: failed to add record code: 280, details: could not add resource record to domain since it already exists (duplicate)
[johocen.com] [johocen.com] acme: error presenting token: namesilo: failed to add record code: 280, details: could not add resource record to domain since it already exists (duplicate)yes you have to clean the previous TXT records.
mubiesam
commented
5 years ago Hi @ldez
Ran again after clean the previous TXT records, a long list "acme: Waiting for DNS record propagation" but still got error "time limit exceeded" which I had set NAMESILO_PROPAGATION_TIMEOUT=15m already.
Meanwhile, NS ns1.dnsowl.com. did not return the expected TXT record, it seems the first value is newly generated and rest 4 are previously deleted.
So I had added all 5 back including the new one starting with uA7zs-xxxxxxxx, but still got the same error "time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record" with 7 values in total.
Any idea where I might be wrong?
2019/09/17 22:52:29 [INFO] [*.johocen.com] acme: Cleaning DNS-01 challenge
2019/09/17 22:52:29 [INFO] [johocen.com] acme: Cleaning DNS-01 challenge
2019/09/17 22:52:31 Could not obtain certificates:
acme: Error -> One or more domains had a problem:
[*.johocen.com] time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record [fqdn: _acme-challenge.johocen.com., value: uA7zs-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]: 13DobYBLHfgdWXBwwyiw4sRlOqktG3kQ-xxxxxxxxx ,Bp1IZfoGqWIzZwFFBOQhXlkCfqTLunxxxxxxxx ,UDKhNvM-xcXjY48V7fvleHrB__xxxxxxxxxxx ,cCuChh687OdJkIV2Yzzhclo9B7GDV2-xxxxxxxxxxx
[johocen.com] time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record [fqdn: _acme-challenge.johocen.com., value: syk4Y8Io90tKPD780T6IO-wueg-xxxxxxxxxx]: 13DobYBLHfgdWXBwwyiw4sRlOqktG3kQ-xxxxxxxxx ,Bp1IZfoGqWIzZwFFBOQhXlkCfqTLunxxxxxxxx ,UDKhNvM-xcXjY48V7fvleHrB__xxxxxxxxxxx ,cCuChh687OdJkIV2Yzzhclo9B7GDV2-xxxxxxxxxxxHi @ldez
Got reply from NAMESILO
this is what we got back from our IT: Can user get us full log? This is not a issue of namesilo. It`s not implemented feature of Letsencrypt via our api. Customer can use http method to get certs.
You had listed them here https://go-acme.github.io/lego/dns/namesilo/ But it's kind of strange that it seems they did not implement dns challenge ? Thanks
ldez
commented
5 years ago for me the provider works, see #916.
ping @sbzlyessit
ldez
commented
5 years ago The challenge only add and remove TXT records, so the Namesilo API support it
You cannot add manually TXT records because they need to be generated by lego.
sbzlyessit
commented
5 years ago As all I usage of namesilo, their dns propogation is quite slow, I usually set the timeout to 30 mins. And when I test the provider, 15 mins timeout is the bottom line to make it work.
You can also access namesilo dns manager to see whether there is dns record inserted when waiting for propagation
mubiesam
commented
5 years ago Hi @sbzlyessit
Every time I run lego, the dns record on my namesilo will be inserted 2 new txt records (johocen.com & *.johocen.com), but got same "time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record"
I had followed the suggestion from @ldez to clean the previous TXT records, but got the same error.
It seems lego is working half way, but got time out. I just tried now NAMESILO_PROPAGATION_TIMEOUT=30m (Does this make sense in the log: Wait for propagation [timeout: 1m0s, interval: 2s]) but still got the same error. (I had removed all txt records for _acme-challenge, but still got all previous plus 2 new in the error message)
Any comment?
2019/09/21 04:08:42 [INFO] [johocen.com, *.johocen.com] acme: Obtaining bundled SAN certificate
2019/09/21 04:08:44 [INFO] [*.johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/435613118
2019/09/21 04:08:44 [INFO] [johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/435613119
2019/09/21 04:08:44 [INFO] [*.johocen.com] acme: use dns-01 solver
2019/09/21 04:08:44 [INFO] [johocen.com] acme: Could not find solver for: tls-alpn-01
2019/09/21 04:08:44 [INFO] [johocen.com] acme: Could not find solver for: http-01
2019/09/21 04:08:44 [INFO] [johocen.com] acme: use dns-01 solver
2019/09/21 04:08:44 [INFO] [*.johocen.com] acme: Preparing to solve DNS-01
2019/09/21 04:08:44 [INFO] [johocen.com] acme: Preparing to solve DNS-01
2019/09/21 04:08:45 [INFO] [*.johocen.com] acme: Trying to solve DNS-01
2019/09/21 04:08:45 [INFO] [*.johocen.com] acme: Checking DNS record propagation using [169.254.169.254:53]
2019/09/21 04:08:45 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2019/09/21 04:08:46 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:08:49 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:08:51 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:08:54 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:08:56 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:08:59 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:01 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:04 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:06 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:09 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:11 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:14 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:16 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:19 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:21 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:24 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:26 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:29 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:31 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:34 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:36 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:39 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:41 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:44 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:46 [INFO] [johocen.com] acme: Trying to solve DNS-01
2019/09/21 04:09:46 [INFO] [johocen.com] acme: Checking DNS record propagation using [169.254.169.254:53]
2019/09/21 04:09:46 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2019/09/21 04:09:46 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:49 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:51 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:53 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:56 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:58 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:01 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:03 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:06 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:08 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:11 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:13 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:16 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:18 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:21 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:23 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:26 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:28 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:31 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:33 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:36 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:38 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:41 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:43 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:46 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:48 [INFO] [*.johocen.com] acme: Cleaning DNS-01 challenge
2019/09/21 04:10:48 [INFO] [johocen.com] acme: Cleaning DNS-01 challenge
2019/09/21 04:10:51 Could not obtain certificates:
acme: Error -> One or more domains had a problem:
[*.johocen.com] time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record [fqdn: _acme-challenge.johocen.com., value: K-FtqWpPd49T0-0uIY8gFNohor-vzzLYu1Z_DTvnpXI]: gigNbtKRqvo7ixD_XDp_cie75UAUxaxZxc0VWrVEFUY ,Yb0yU8fRD6BEtmE2ee_k-_ZGr2Dcsj8Y7LlOwQ8g4Hg ,9X5BmOHlAL9vU1amv7vPqonXiMBMCgNRb6Hu7KsWSP8 ,KSF1GZTjwZi9Q5cYMhcLxnG8wyOJdVuHnvDw_YqgDW4 ,ln8YTLKmUcxbe17_T9l4BfN4ICKBkWyAhOgLTVlMAao ,bGILIvAsVnxTATYLPVdVWK9IxpgFNu1LSEaZ3r8ZHLE ,RCJWxMKat4y2JWZRZHBtyHjckOlkD0xQ1voPjretg_4 ,u1Vo9zaVC05HVBlOQrAcNtWj93_xOneqTjNrgmGzLr8 ,DHjMo0p2_C2MQwPbnV4VWZnPtU5ccXaTBpuRyYy25bQ ,JK-6q0kzie7kHANYGM7Nlt9zguF9I2ryvr1cm87EB2I
[johocen.com] time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record [fqdn: _acme-challenge.johocen.com., value: Y4QexIZcOmfLzz8kachRqh0jmAlx2yhUzWOwu3ITm-Y]: gigNbtKRqvo7ixD_XDp_cie75UAUxaxZxc0VWrVEFUY ,Yb0yU8fRD6BEtmE2ee_k-_ZGr2Dcsj8Y7LlOwQ8g4Hg ,9X5BmOHlAL9vU1amv7vPqonXiMBMCgNRb6Hu7KsWSP8 ,KSF1GZTjwZi9Q5cYMhcLxnG8wyOJdVuHnvDw_YqgDW4 ,ln8YTLKmUcxbe17_T9l4BfN4ICKBkWyAhOgLTVlMAao ,bGILIvAsVnxTATYLPVdVWK9IxpgFNu1LSEaZ3r8ZHLE ,RCJWxMKat4y2JWZRZHBtyHjckOlkD0xQ1voPjretg_4 ,u1Vo9zaVC05HVBlOQrAcNtWj93_xOneqTjNrgmGzLr8 ,DHjMo0p2_C2MQwPbnV4VWZnPtU5ccXaTBpuRyYy25bQ ,JK-6q0kzie7kHANYGM7Nlt9zguF9I2ryvr1cm87EB2IFirstly, following are correct behaviors:
Then, the log looks wrong, "[timeout: 1m0s, interval: 2s]" means the timeout is still 1 min.
I think 30m somehow has problem to recognize, now, not sure why. You can try following env, this is what I used to test namesilo:
NAMESILO_PROPAGATION_TIMEOUT=3600 NAMESILO_POLLING_INTERVAL=120 NAMESILO_TTL=3600
After it works, then make it shorter.
mubiesam
commented
5 years ago with the Additional Configuration...
NAMESILO_PROPAGATION_TIMEOUT=3600 NAMESILO_POLLING_INTERVAL=120 NAMESILO_TTL=3600It seems working, although with a nonce error retry: acme: error: 400
2019/09/21 08:10:18 [INFO] [johocen.com, *.johocen.com] acme: Obtaining bundled SAN certificate
2019/09/21 08:10:20 [INFO] [*.johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/438120057
2019/09/21 08:10:20 [INFO] [johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/438120059
2019/09/21 08:10:20 [INFO] [*.johocen.com] acme: use dns-01 solver
2019/09/21 08:10:20 [INFO] [johocen.com] acme: Could not find solver for: tls-alpn-01
2019/09/21 08:10:20 [INFO] [johocen.com] acme: Could not find solver for: http-01
2019/09/21 08:10:20 [INFO] [johocen.com] acme: use dns-01 solver
2019/09/21 08:10:20 [INFO] [*.johocen.com] acme: Preparing to solve DNS-01
2019/09/21 08:10:21 [INFO] [johocen.com] acme: Preparing to solve DNS-01
2019/09/21 08:10:22 [INFO] [*.johocen.com] acme: Trying to solve DNS-01
2019/09/21 08:10:22 [INFO] [*.johocen.com] acme: Checking DNS record propagation using [169.254.169.254:53]
2019/09/21 08:10:22 [INFO] Wait for propagation [timeout: 1h0m0s, interval: 2m0s]
2019/09/21 08:10:22 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:12:22 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:14:22 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:16:22 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:18:23 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:20:23 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:22:23 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:24:23 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:26:23 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:28:23 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:30:24 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:32:24 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:34:25 [INFO] nonce error retry: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/chall-v3/438120057/w03NJQ :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: "0002SIwP-QRLt85ROo1tKvIfIJWvHeOoGKYv94bPeml0QI0", url:
2019/09/21 08:34:26 [INFO] [*.johocen.com] The server validated our request
2019/09/21 08:34:26 [INFO] [johocen.com] acme: Trying to solve DNS-01
2019/09/21 08:34:26 [INFO] [johocen.com] acme: Checking DNS record propagation using [169.254.169.254:53]
2019/09/21 08:34:26 [INFO] Wait for propagation [timeout: 1h0m0s, interval: 2m0s]
2019/09/21 08:34:27 [INFO] [johocen.com] The server validated our request
2019/09/21 08:34:27 [INFO] [*.johocen.com] acme: Cleaning DNS-01 challenge
2019/09/21 08:34:28 [INFO] [johocen.com] acme: Cleaning DNS-01 challenge
2019/09/21 08:34:29 [INFO] [johocen.com, *.johocen.com] acme: Validations succeeded; requesting certificates
2019/09/21 08:34:31 [INFO] [johocen.com] Server responded with a certificate.It is a retryable error, Lego cmd succeeded. As you may see, namesilo is slow on propagation, then causes some unpredictable error. One I met previously is NAMESILO_POLLING_INTERVAL cannot be too short. Otherwise, the server may fail to respond.
Got "time limit exceeded" while running lego, any suggestion where I should look into...