dns_checker null pointer when Cloudflare is disabled

[Dunwyn]

ACME order fails with the following log entries and status is still "Pending":

2023-05-20T19:01:24.588Z info    auth/handlers.go:32     login attempt from 10.252.108.1:34541
2023-05-20T19:01:24.954Z info    auth/handlers.go:85     user 'admin' logged in from 10.252.108.1:34541
2023-05-20T19:01:32.566Z debug   app/handler.go:62       GET /api/status: error sent to client
2023-05-20T19:01:43.404Z debug   acme/post_signed.go:63  unencoded acme header: {RS256 %!s(*acme.jsonWebKey=<nil>) https://acme-staging-v02.api.letsencrypt.org/acme/acct/XXXXXXXX XXX https://acme-staging-v02.api.letsencrypt.org/acme/order/XXXXXXXX/YYYYYYYYYY}
2023-05-20T19:01:43.419Z debug   acme/post_signed.go:104 {"payload":"","protected":"XXX","signature":"XXX"}
2023-05-20T19:01:43.586Z debug   acme/post_signed.go:113 acme response status code: 200
2023-05-20T19:01:43.586Z debug   acme/post_signed.go:122 {
  "status": "pending",
  "expires": "2023-05-26T10:14:07Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "test.myserver.org"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/ZZZZZZZZZZ"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/XXXXXXXX/YYYYYYYYYY"
}
2023-05-20T19:01:43.587Z debug   acme/post_signed.go:63  unencoded acme header: {RS256 %!s(*acme.jsonWebKey=<nil>) https://acme-staging-v02.api.letsencrypt.org/acme/acct/XXXXXXXX XXX https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/ZZZZZZZZZZ}
2023-05-20T19:01:43.603Z debug   acme/post_signed.go:104 {"payload":"","protected":"XXX","signature":"XXX"}
2023-05-20T19:01:43.766Z debug   acme/post_signed.go:113 acme response status code: 200
2023-05-20T19:01:43.766Z debug   acme/post_signed.go:122 {
  "identifier": {
    "type": "dns",
    "value": "test.myserver.org"
  },
  "status": "pending",
  "expires": "2023-05-26T12:14:07Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/ZZZZZZZZZZ/abcdef",
      "token": "XXX"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/ZZZZZZZZZZ/ghijkl",
      "token": "XXX"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/ZZZZZZZZZZ/mnopqr",
      "token": "XXX"
    }
  ]
}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x7540a1]

goroutine 124 [running]:
legocerthub-backend/pkg/challenges/dns_checker.(*Service).checkDnsRecordAllServices(0x0, {0xc0000e0a00?, 0xc11ef0?}, {0xc00018f0e0?, 0xc00009cd00?}, 0x10?)
 /src/pkg/challenges/dns_checker/check.go:28 +0x41
legocerthub-backend/pkg/challenges/dns_checker.(*Service).CheckTXTWithRetry(0x0, {0xc0000e0a00, 0x20}, {0xc00018f0e0, 0x2b}, 0xa)
 /src/pkg/challenges/dns_checker/check_types.go:31 +0xae
legocerthub-backend/pkg/challenges.(*Service).Provision(0xc000088730, {{0xc00024a438?, 0xc00014b9d0?}, {0xc00024a440?, 0x0?}}, {{0xb450c4, 0xf}, {0xb43a1f, 0xc}, 0x1, ...}, ...)
 /src/pkg/challenges/provisioning.go:36 +0x2ef
legocerthub-backend/pkg/challenges.(*Service).Solve(0xc000088730, {{0xc00024a438?, 0xc0002d8640?}, {0xc00024a440?, 0xaeb1e0?}}, {0xc000237ce0, 0x3, 0xc000045000?}, {{0xb450c4, 0xf}, ...}, ...)
 /src/pkg/challenges/solver.go:33 +0x29e
legocerthub-backend/pkg/domain/authorizations.(*Service).authWorker(0xc0001524e0, {0xc0002d8640?, 0x4147ad?}, {{0xb450c4, 0xf}, {0xb43a1f, 0xc}, 0x1, {0xb41507, 0x6}}, ...)
 /src/pkg/domain/authorizations/fulfiller.go:130 +0x329
legocerthub-backend/pkg/domain/authorizations.(*Service).fulfillAuth(0xc0001524e0, {0xc0002d8640, 0x45}, {{0xb450c4, 0xf}, {0xb43a1f, 0xc}, 0x1, {0xb41507, 0x6}}, ...)
 /src/pkg/domain/authorizations/fulfiller.go:98 +0x225
legocerthub-backend/pkg/domain/authorizations.(*Service).FulfillAuths.func1({0xc0002d8640?, 0xc0000e8e80?}, {{0xb450c4, 0xf}, {0xb43a1f, 0xc}, 0x1, {0xb41507, 0x6}}, {{0xaeb1e0, ...}, ...}, ...)
 /src/pkg/domain/authorizations/fulfiller.go:29 +0x157
created by legocerthub-backend/pkg/domain/authorizations.(*Service).FulfillAuths
 /src/pkg/domain/authorizations/fulfiller.go:27 +0xfe
legocerthub exited with code 0

dns_checker config is default, but also skip_check_wait_seconds: 10 returns the same errors

challenges:
  dns_checker:
    # specifying skip check wait disables dns record validation and instead
    # sleeps for the specified number of seconds and then assumes the record
    # is fully propagated
    skip_check_wait_seconds: null
    # services to use if checker is not disabled
    dns_services:
      # generally you do NOT want these to be internal dns servers
      # internal dns usually has long cache and doesn't truly check propagation
      # if you don't want external dns checking, use skip_check above
      - primary_ip: 1.1.1.1
        secondary_ip: 1.0.0.1
      - primary_ip: 9.9.9.9
        secondary_ip: 149.112.112.112
      - primary_ip: 8.8.8.8
        secondary_ip: 8.8.4.4

[gregtwallace]

Please post or send me the rest of the log.

[Dunwyn]

I have updated the log in the original post. I masked a few values because I didn't know which ones were sensitive.

Error occurs in Docker and when running the binary directly. DNS Challgenge I use is acme-dns. TXT record is changed correctly by legocerthub (the error must occur afterwards).

[gregtwallace]

I think I figured out the issue. Try enabling Cloudflare DNS (you don't need to actually use it, just enable it in the config). I think I found a bug enabling the DNS checker service when Cloudflare is disabled.

I'm honestly surprised no one else has run into it.

[gregtwallace]

New version was built and pushed. This issue should be fixed. Thanks for bringing it to my attention.