search

gregtwallace / certwarden

Cert Warden is a centralized ACME Client. It provides an API for certificate consumers to fetch their individual keys and certs with API keys.
https://www.certwarden.com/
Other
176 stars 6 forks source link

Provider fails without clear reason why when specifying wildcard subdomain(s) #43

Closed BastionNtB closed 5 months ago

BastionNtB commented 5 months ago

Nothing shows in the logs, but I can't submit. When I sh into the Docker, I can't seem to use lego at all, not sure if I need to provide lego first, but it's not working and I'm very new to docker in general, so any help would be appreciated!

Thank you!

image

An API error has occurred.
Status Code: 400
Message: error: request validation (param or payload) invalid

Edit; Should probably provide some more info.

Using this. https://go-acme.github.io/lego/dns/linode/

I use linode as the Provider's "CLI flag name" or "Code"

I then use the Environment Variable LINODE_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

I have some.site and *.some.site in Domain 1 and Domain 2 respectively (Though, it doesn't work either with a single domain)

Then I click submit, and I get that 400 error shown above.

In the browser's console, I'm seeing this.

index-2c202c23.js:194  field dataToSubmit.config.dns_provider_name not defined, report bug
jg @ index-2c202c23.js:194
J @ index-2c202c23.js:194
eh @ index-2c202c23.js:38
jf @ index-2c202c23.js:40
_1 @ index-2c202c23.js:40
x1 @ index-2c202c23.js:40
rT @ index-2c202c23.js:40
nu @ index-2c202c23.js:40
Yv @ index-2c202c23.js:40
$o @ index-2c202c23.js:38
(anonymous) @ index-2c202c23.js:40
index-2c202c23.js:192 

        POST https://cert.local.some.site/legocerthub/api/v1/app/challenges/providers/services 401 (Unauthorized)
(anonymous) @ index-2c202c23.js:192
xhr @ index-2c202c23.js:192
r0 @ index-2c202c23.js:194
Promise.then (async)
request @ index-2c202c23.js:194
(anonymous) @ index-2c202c23.js:190
(anonymous) @ index-2c202c23.js:194
l @ index-2c202c23.js:194
ww @ index-2c202c23.js:37
Tw @ index-2c202c23.js:37
Ew @ index-2c202c23.js:37
Sv @ index-2c202c23.js:37
Sb @ index-2c202c23.js:37
(anonymous) @ index-2c202c23.js:37
lh @ index-2c202c23.js:40
V0 @ index-2c202c23.js:37
yp @ index-2c202c23.js:37
Mm @ index-2c202c23.js:37
Ww @ index-2c202c23.js:37
index-2c202c23.js:192 

        POST https://cert.local.some.site/legocerthub/api/v1/app/challenges/providers/services 400 (Bad Request)
(anonymous) @ index-2c202c23.js:192
xhr @ index-2c202c23.js:192
r0 @ index-2c202c23.js:194
Promise.then (async)
request @ index-2c202c23.js:194
(anonymous) @ index-2c202c23.js:190
(anonymous) @ index-2c202c23.js:194
Promise.then (async)
request @ index-2c202c23.js:194
(anonymous) @ index-2c202c23.js:190
(anonymous) @ index-2c202c23.js:194
l @ index-2c202c23.js:194
ww @ index-2c202c23.js:37
Tw @ index-2c202c23.js:37
Ew @ index-2c202c23.js:37
Sv @ index-2c202c23.js:37
Sb @ index-2c202c23.js:37
(anonymous) @ index-2c202c23.js:37
lh @ index-2c202c23.js:40
V0 @ index-2c202c23.js:37
yp @ index-2c202c23.js:37
Mm @ index-2c202c23.js:37
Ww @ index-2c202c23.js:37
index-2c202c23.js:194  field dataToSubmit.config.dns_provider_name not defined, report bug
gregtwallace commented 5 months ago

Try adding with just the domain some.site, not the wildcard. Provider domains expects either '*' or a specific (sub)domain. All subdomains of the specified domain are automatically included, unless a more specfic subdomain is added somewhere else.

If that doesn't work, edit the lego config log level to debug and it should tell you what the problem is in the logs.

BastionNtB commented 5 months ago

Hmm. So I'm currently using a wildcard cert created via nginx proxy manager that works with some.site and *.some.site in one certificate. NPM uses certbot, so it might be a little different.

Is it possible to get both a single domain and a wildcard domain on the same cert? Currently, legocerthub allows me to create a provider for the single domain, but what about getting a cert with both? Or a provider for a wildcard subdomain? If I do just or .some.site it also will give the same error.

gregtwallace commented 5 months ago

The provider section is used to validate certificates based on what domains they include. A provider for domain example.com will be selected for any cert using that domain or any subdomain of it, including wildcards.

When you make the certificate you would specify *.example.com and example.com in the certificate.

BastionNtB commented 5 months ago

On second thought, I think this has just been a huge misunderstanding on my part. I didn't understand how the whole thing works, and expected the provider to be the direct challenge part where I'd need to tell it the domains. Instead, it's a lot smarter and makes more sense! Delete original provider, setup new lego dns challenge provider, request certs.

Thank you for your work, it's awesome!

gregtwallace commented 5 months ago

This is actually a problem with the form validation on the frontend. I'm fixing that and will also clarify the descripting text.

Thanks for finding this.