Closed PackeTsar closed 3 years ago
helgeerbe
commented
3 years ago Hi @PackeTsar, Thanks for providing this pull request. I wasn't aware IONOS is used outside of Europe. I don't use multiple domains, but I will check it and merge it to master.
PackeTsar
commented
3 years ago Yea no problem at all. IONOS used to be "1&1" in the US. And API access requires a special request (which is a pain to do). I didn't run the test suite against this new code, but when I ran it before the tests seemed to be broken, so I didn't bother after the modifications.
helgeerbe
commented
3 years ago Hi @PackeTsar,
I pulled your code and tried to understand what exactly it does. It's been a while I wrote this plug in.
In my understanding you are going to retrieve one certificate for server.example1.com which has an alternative domain like server.example2.com?
For that you create the txt_record and patch this in appending the second domain?
PackeTsar
commented
3 years ago Yes the new code allows the creation of a certificate with multiple domains in it. In my case, I needed *.example.com as well as example.com to be in the cert. In order to authenticate for this type of cert, the certbot makes multiple calls to the plugin with different validation values.
The old code would end up overwriting the same TXT record with the multiple values, resulting in a failed authentication attempt once Let's Encrypt attempts to check the DNS records.
The new code adds TXT records as they are passed in by certbot, and then removes them all at the end to clean up. This results in successful authentication for the multiple-domain certificate.
helgeerbe
commented
3 years ago I'm not sure, if I understand it right. Using your example *.example.com and example.com works. But add_additional_record()was never called.
I can't find adding additional record in the logs, only insert new txt record.
I was referring to 2 domains example1.com and example2.com. Which I can't test, because I don't own 2 domains.
But you was referring to the same domain example.com. The domain itself example.comand a wildcard *.example.com
If I remember right. I used update txt record to reuse the record, if for any reason the proper deletion didn't work (e. g. my plugin crashed).
PackeTsar
commented
3 years ago Yea I'm not sure I follow what you are seeing in the logs, can you post your sanitized log here?
Regarding your "update txt record" function reusing the record, you are correct there. The reuse of that record is what would break authentication. Below is a step by step of the process for the two versions of code.
_perform() function with the first auth token to have the DNS record created
a. perform() calls add_txt_record() to add the record
b. add_txt_record() uses get_existing_txt() to check for the pre-existence of the record
c. The record does not exist, so add_txt_record() calls _insert_txt_record() to add the record
d. The plugin returns control back to Certbot_perform() function with the second auth token to have the DNS record created
a. perform() calls add_txt_record() to add the record
b. add_txt_record() uses get_existing_txt() to check for the pre-existence of the record
c. The record does exist, so add_txt_record() calls _update_txt_record() to update its values
d. _update_txt_record() overwrites the first record (with the first token's data) with the second token's data
e. The plugin returns control back to Certbot_perform() function with the first auth token to have the DNS record created
a. perform() calls add_txt_record() to add the record
b. add_txt_record() uses get_existing_txt() to check for the pre-existence of the record
c. The record does not exist, so add_txt_record() calls _insert_txt_record() to add the record
d. The plugin returns control back to Certbot_perform() function with the second auth token to have the DNS record created
a. perform() calls add_txt_record() to add the record
b. add_txt_record() uses get_existing_txt() to check for the pre-existence of the record
c. The record does exist, so add_txt_record() uses get_existing_records() and clean_entries() to gather and clean the existing records
d. It then calls add_additional_record() to append a new record with the new token data alongside the existing ones
e. The plugin returns control back to Certbothelgeerbe
commented
3 years ago 2021-10-07 12:02:58,879:DEBUG:certbot._internal.main:certbot version: 1.20.0
2021-10-07 12:02:58,879:DEBUG:certbot._internal.main:Location of certbot entry point: .venv/bin/certbot
2021-10-07 12:02:58,879:DEBUG:certbot._internal.main:Arguments: ['-a', 'dns-ionos', '-d', '*.erbehome.de', '-d', 'erbehome.de', '--dns-ionos-credentials', 'my_debug/secrets/credentials.ini', '--config-dir', 'my_debug/config', '--work-dir', 'my_debug/work', '--logs-dir', 'my_debug/logs']
2021-10-07 12:02:58,880:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-dns-ionos:dns-ionos,PluginEntryPoint#dns-ionos,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-10-07 12:02:58,922:DEBUG:certbot._internal.log:Root logging level set at 30
2021-10-07 12:02:58,924:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-ionos and installer None
2021-10-07 12:02:58,929:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-ionos
Description: Obtain certificates using a DNS TXT record (if you are using IONOS for DNS).
Interfaces: Authenticator, Plugin
Entry point: dns-ionos = certbot_dns_ionos.dns_ionos:Authenticator
Initialized: <certbot_dns_ionos.dns_ionos.Authenticator object at 0x102e520a0>
Prep: True
2021-10-07 12:02:58,929:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_ionos.dns_ionos.Authenticator object at 0x102e520a0> and installer None
2021-10-07 12:02:58,929:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-ionos, Installer None
2021-10-07 12:02:58,943:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/228757090', new_authzr_uri=None, terms_of_service=None), 1ceeab0c89dacee315c25be4416965a2, Meta(creation_dt=datetime.datetime(2021, 10, 6, 14, 25, 33, tzinfo=<UTC>), creation_host='macbook.fritz.box', register_to_eff=None))>
2021-10-07 12:02:58,964:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-10-07 12:02:58,979:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-10-07 12:02:59,611:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-10-07 12:02:59,616:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 07 Oct 2021 10:02:59 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"0clJ85Xyvg0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-10-07 12:02:59,640:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for *.erbehome.de and erbehome.de
2021-10-07 12:02:59,683:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /Users/herbe/Development/certbot-dns-ionos/my_debug/config/keys/0017_key-certbot.pem
2021-10-07 12:02:59,689:DEBUG:certbot.crypto_util:Creating CSR: /Users/herbe/Development/certbot-dns-ionos/my_debug/config/csr/0017_csr-certbot.pem
2021-10-07 12:02:59,690:DEBUG:acme.client:Requesting fresh nonce
2021-10-07 12:02:59,690:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-10-07 12:02:59,850:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-10-07 12:02:59,851:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 07 Oct 2021 10:02:59 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01012Z-XO6l9Uu-_3ezqlnPbI1Z2dxXmd4Lbei3KJAHrupE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-10-07 12:02:59,852:DEBUG:acme.client:Storing nonce: 01012Z-XO6l9Uu-_3ezqlnPbI1Z2dxXmd4Lbei3KJAHrupE
2021-10-07 12:02:59,854:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "*.erbehome.de"\n },\n {\n "type": "dns",\n "value": "erbehome.de"\n }\n ]\n}'
2021-10-07 12:02:59,861:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "xxx",
"signature": "xxx",
"payload": "xxx"
}
2021-10-07 12:03:00,457:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 469
2021-10-07 12:03:00,460:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 07 Oct 2021 10:03:00 GMT
Content-Type: application/json
Content-Length: 469
Connection: keep-alive
Boulder-Requester: 228757090
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/228757090/30098885590
Replay-Nonce: 0102IpG4ZPQbhRO_t325NPVWWaOd25P_QMcuv-SvDwIr4Yw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2021-10-14T10:03:00Z",
"identifiers": [
{
"type": "dns",
"value": "*.erbehome.de"
},
{
"type": "dns",
"value": "erbehome.de"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/37766765030",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/37800377010"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/228757090/30098885590"
}
2021-10-07 12:03:00,461:DEBUG:acme.client:Storing nonce: xxx
2021-10-07 12:03:00,462:DEBUG:acme.client:JWS payload:
b''
2021-10-07 12:03:00,468:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/37766765030:
{
"protected": "xxx",
"signature": "xxx",
"payload": ""
}
2021-10-07 12:03:00,667:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/37766765030 HTTP/1.1" 200 496
2021-10-07 12:03:00,670:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 07 Oct 2021 10:03:00 GMT
Content-Type: application/json
Content-Length: 496
Connection: keep-alive
Boulder-Requester: 228757090
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102NEQItpOLnLfxcbSAbaUVZdebt9w9z0m-SWNVuryORBY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "erbehome.de"
},
"status": "valid",
"expires": "2021-11-06T07:21:22Z",
"challenges": [
{
"type": "dns-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/37766765030/LGUSGg",
"token": "xxx",
"validationRecord": [
{
"hostname": "erbehome.de"
}
],
"validated": "2021-10-07T07:21:21Z"
}
]
}
2021-10-07 12:03:00,671:DEBUG:acme.client:Storing nonce: 0102NEQItpOLnLfxcbSAbaUVZdebt9w9z0m-SWNVuryORBY
2021-10-07 12:03:00,672:DEBUG:acme.client:JWS payload:
b''
2021-10-07 12:03:00,678:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/37800377010:
{
"protected": "xxx",
"signature": "xxx",
"payload": ""
}
2021-10-07 12:03:00,889:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/37800377010 HTTP/1.1" 200 384
2021-10-07 12:03:00,890:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 07 Oct 2021 10:03:00 GMT
Content-Type: application/json
Content-Length: 384
Connection: keep-alive
Boulder-Requester: 228757090
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101WgC6OR2_78zJ0U1oJdTEaRYQu_xnOeYka0iYVtSdv1g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "erbehome.de"
},
"status": "pending",
"expires": "2021-10-14T10:03:00Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/37800377010/bqEF0A",
"token": "xxx"
}
],
"wildcard": true
}
2021-10-07 12:03:00,890:DEBUG:acme.client:Storing nonce: xxx
2021-10-07 12:03:00,891:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-10-07 12:03:00,891:INFO:certbot._internal.auth_handler:dns-01 challenge for erbehome.de
2021-10-07 12:03:00,892:WARNING:certbot.plugins.dns_common:Unsafe permissions on credentials configuration file: my_debug/secrets/credentials.ini
2021-10-07 12:03:00,903:DEBUG:certbot_dns_ionos.dns_ionos:_perform called with: domain: erbehome.de, validation_name: _acme-challenge.erbehome.de, validation: xxx
2021-10-07 12:03:00,904:DEBUG:certbot_dns_ionos.dns_ionos:creating ionosclient
2021-10-07 12:03:07,227:DEBUG:certbot_dns_ionos.dns_ionos:get zones
2021-10-07 12:03:07,262:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-07 12:03:07,934:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones HTTP/1.1" 200 84
2021-10-07 12:03:07,944:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones
2021-10-07 12:03:07,944:DEBUG:certbot_dns_ionos.dns_ionos:zones found [{'name': 'erbehome.de', 'id': 'xxx', 'type': 'NATIVE'}]
2021-10-07 12:03:10,196:DEBUG:certbot_dns_ionos.dns_ionos:domain found: erbehome.de with id: xxx
2021-10-07 12:03:18,177:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-07 12:03:18,764:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones/xxx HTTP/1.1" 200 2876
2021-10-07 12:03:18,773:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/63ba4c0b-4129-11eb-857e-xxx
2021-10-07 12:03:27,138:INFO:certbot_dns_ionos.dns_ionos:insert new txt record
2021-10-07 12:03:33,049:DEBUG:certbot_dns_ionos.dns_ionos:insert with data: {'disabled': False, 'type': 'TXT', 'name': '_acme-challenge.erbehome.de', 'content': 'xxx', 'ttl': 60, 'prio': 0}
2021-10-07 12:03:33,671:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-07 12:03:34,237:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "PATCH /dns/v1/zones/63ba4c0b-4129-11eb-857e-0a58644464b1 HTTP/1.1" 200 0
2021-10-07 12:03:34,245:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/63ba4c0b-4129-11eb-857e-0a58644464b1
2021-10-07 12:03:35,723:DEBUG:certbot._internal.display.obj:Notifying user: Waiting 120 seconds for DNS changes to propagate
2021-10-07 12:05:35,731:DEBUG:acme.client:JWS payload:
b'{}'
2021-10-07 12:05:35,739:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/37800377010/bqEF0A:
{
"protected": "xxx",
"signature": "xxx----",
"payload": "xxx"
}
2021-10-07 12:05:35,943:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/37800377010/bqEF0A HTTP/1.1" 400 173
2021-10-07 12:05:35,947:DEBUG:acme.client:Received response:
HTTP 400
Server: nginx
Date: Thu, 07 Oct 2021 10:05:35 GMT
Content-Type: application/problem+json
Content-Length: 173
Connection: keep-alive
Boulder-Requester: 228757090
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101Ce0hDTqISj69ITy4GQv3cGZ9TLt-CTZgbAGD9MM_EWM
{
"type": "urn:ietf:params:acme:error:badNonce",
"detail": "JWS has an invalid anti-replay nonce: \"xxx\"",
"status": 400
}
2021-10-07 12:05:35,948:DEBUG:acme.client:Retrying request after error:
urn:ietf:params:acme:error:badNonce :: The client sent an unacceptable anti-replay nonce :: JWS has an invalid anti-replay nonce: "xxxx"
2021-10-07 12:05:35,949:DEBUG:acme.client:Requesting fresh nonce
2021-10-07 12:05:35,949:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-10-07 12:05:36,120:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-10-07 12:05:36,123:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 07 Oct 2021 10:05:36 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: xxx
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-10-07 12:05:36,124:DEBUG:acme.client:Storing nonce: xxx
2021-10-07 12:05:36,125:DEBUG:acme.client:JWS payload:
b'{}'
2021-10-07 12:05:36,132:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/37800377010/bqEF0A:
{
"protected": "xxx",
"signature": "xxx",
"payload": "xxx"
}
2021-10-07 12:05:36,346:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/37800377010/bqEF0A HTTP/1.1" 200 185
2021-10-07 12:05:36,349:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 07 Oct 2021 10:05:36 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 228757090
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/37800377010>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/37800377010/bqEF0A
Replay-Nonce: 0102Nt-EIeLtexvTVIUZvdiodm9QfiivGJ7Qg2JWNSdVUsY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/37800377010/bqEF0A",
"token": "ObujAVsMBKp6l2cA6XpFYHyh6sTuj2AVE021JbvSh14"
}
2021-10-07 12:05:36,349:DEBUG:acme.client:Storing nonce: 0102Nt-xxx
2021-10-07 12:05:36,351:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-10-07 12:05:37,356:DEBUG:acme.client:JWS payload:
b''
2021-10-07 12:05:37,365:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/37766765030:
{
"protected": "xxx",
"signature": "xxx",
"payload": ""
}
2021-10-07 12:05:37,575:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/37766765030 HTTP/1.1" 200 496
2021-10-07 12:05:37,577:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 07 Oct 2021 10:05:37 GMT
Content-Type: application/json
Content-Length: 496
Connection: keep-alive
Boulder-Requester: 228757090
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01028udSclkKWou9J9IcLt71a_sdVVZWyJhC7p0PcgClAjA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "erbehome.de"
},
"status": "valid",
"expires": "2021-11-06T07:21:22Z",
"challenges": [
{
"type": "dns-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/37766765030/LGUSGg",
"token": "xxx",
"validationRecord": [
{
"hostname": "erbehome.de"
}
],
"validated": "2021-10-07T07:21:21Z"
}
]
}
2021-10-07 12:05:37,577:DEBUG:acme.client:Storing nonce: xxx
2021-10-07 12:05:37,579:DEBUG:acme.client:JWS payload:
b''
2021-10-07 12:05:37,584:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/37800377010:
{
"protected": "xxx",
"signature": "-",
"payload": ""
}
2021-10-07 12:05:37,788:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/37800377010 HTTP/1.1" 200 516
2021-10-07 12:05:37,792:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 07 Oct 2021 10:05:37 GMT
Content-Type: application/json
Content-Length: 516
Connection: keep-alive
Boulder-Requester: 228757090
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: -xxx
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "erbehome.de"
},
"status": "valid",
"expires": "2021-11-06T10:05:37Z",
"challenges": [
{
"type": "dns-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/37800377010/bqEF0A",
"token": "",
"validationRecord": [
{
"hostname": "erbehome.de"
}
],
"validated": "2021-10-07T10:05:36Z"
}
],
"wildcard": true
}
2021-10-07 12:05:37,792:DEBUG:acme.client:Storing nonce: xxx
2021-10-07 12:05:37,794:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-10-07 12:05:37,795:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-10-07 12:05:44,003:DEBUG:certbot_dns_ionos.dns_ionos:creating ionosclient
2021-10-07 12:05:48,602:DEBUG:certbot_dns_ionos.dns_ionos:get zones
2021-10-07 12:05:48,615:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-07 12:05:49,214:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones HTTP/1.1" 200 84
2021-10-07 12:05:49,222:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones
2021-10-07 12:05:49,222:DEBUG:certbot_dns_ionos.dns_ionos:zones found [{'name': 'erbehome.de', 'id': 'xxx', 'type': 'NATIVE'}]
2021-10-07 12:05:50,661:DEBUG:certbot_dns_ionos.dns_ionos:domain found: erbehome.de with id: xxx
2021-10-07 12:05:55,189:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-07 12:05:55,871:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones/xxx HTTP/1.1" 200 3123
2021-10-07 12:05:55,876:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/xxx
2021-10-07 12:06:21,606:DEBUG:certbot_dns_ionos.dns_ionos:delete id: xxx
2021-10-07 12:06:23,033:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-07 12:06:23,623:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "DELETE /dns/v1/zones/xxxx/records/xxx HTTP/1.1" 200 0
2021-10-07 12:06:23,632:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/xxx/records/xxx
2021-10-07 12:06:25,814:DEBUG:certbot._internal.client:CSR: CSR(file='/Users/herbe/Development/certbot-dns-ionos/my_debug/config/csr/0017_csr-certbot.pem', data=b'-----BEGIN CERTIFICATE REQUEST---------END CERTIFICATE REQUEST-----\n', form='pem')
2021-10-07 12:06:25,816:DEBUG:acme.client:JWS payload:
b'{\n "csr": "x-x-x-x-x-djrZbRyZ0t-x-x-x-x-x-x-x"\n}'
2021-10-07 12:06:25,822:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/228757090/30098885590:
{
"protected": "",
"signature": "",
"payload": ""
}
2021-10-07 12:06:27,047:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/finalize/228757090/30098885590 HTTP/1.1" 200 571
2021-10-07 12:06:27,050:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 07 Oct 2021 10:06:27 GMT
Content-Type: application/json
Content-Length: 571
Connection: keep-alive
Boulder-Requester: 228757090
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/228757090/30098885590
Replay-Nonce: 01027xaXOqV5PvO4EqAVTalmkQD_xzg8mZr-FOFV45Ttv-o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "valid",
"expires": "2021-10-14T10:03:00Z",
"identifiers": [
{
"type": "dns",
"value": "*.erbehome.de"
},
{
"type": "dns",
"value": "erbehome.de"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/37766765030",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/37800377010"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/228757090/30098885590",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/04f2e2518d4eeac1427cc4b611e328a16a90"
}
2021-10-07 12:06:27,051:DEBUG:acme.client:Storing nonce: 01027xaXOqV5PvO4EqAVTalmkQD_xzg8mZr-FOFV45Ttv-o
2021-10-07 12:06:28,057:DEBUG:acme.client:JWS payload:
b''
2021-10-07 12:06:28,067:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/order/228757090/30098885590:
{
"protected": "",
"signature": "",
"payload": ""
}
2021-10-07 12:06:28,572:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/order/228757090/30098885590 HTTP/1.1" 200 571
2021-10-07 12:06:28,576:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 07 Oct 2021 10:06:28 GMT
Content-Type: application/json
Content-Length: 571
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102NlzWDT3i-GVO-V0mAzkFeo2CRWbxOBkKqyVDdB0XkrY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "valid",
"expires": "2021-10-14T10:03:00Z",
"identifiers": [
{
"type": "dns",
"value": "*.erbehome.de"
},
{
"type": "dns",
"value": "erbehome.de"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/37766765030",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/37800377010"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/228757090/30098885590",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/04f2e2518d4eeac1427cc4b611e328a16a90"
}
2021-10-07 12:06:28,576:DEBUG:acme.client:Storing nonce: 0xxx
2021-10-07 12:06:28,578:DEBUG:acme.client:JWS payload:
b''
2021-10-07 12:06:28,584:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/cert/04f2e2518d4eeac1427cc4b611e328a16a90:
{
"protected": "",
"signature": "",
"payload": ""
}
2021-10-07 12:06:28,790:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/cert/04f2e2518d4eeac1427cc4b611e328a16a90 HTTP/1.1" 200 5609
2021-10-07 12:06:28,793:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 07 Oct 2021 10:06:28 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 5609
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/cert/04f2e2518d4eeac1427cc4b611e328a16a90/1>;rel="alternate"
Replay-Nonce: xxx
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
2021-10-07 12:06:28,794:DEBUG:acme.client:Storing nonce: xxx
2021-10-07 12:06:28,797:INFO:certbot._internal.client:Non-standard path(s), might not work with crontab installed by your operating system package manager
2021-10-07 12:06:28,800:DEBUG:certbot._internal.storage:Creating directory /Users/herbe/Development/certbot-dns-ionos/my_debug/config/archive/erbehome.de.
2021-10-07 12:06:28,800:DEBUG:certbot._internal.storage:Creating directory /Users/herbe/Development/certbot-dns-ionos/my_debug/config/live/erbehome.de.
2021-10-07 12:06:28,802:DEBUG:certbot._internal.storage:Writing certificate to /Users/herbe/Development/certbot-dns-ionos/my_debug/config/live/erbehome.de/cert.pem.
2021-10-07 12:06:28,803:DEBUG:certbot._internal.storage:Writing private key to /Users/herbe/Development/certbot-dns-ionos/my_debug/config/live/erbehome.de/privkey.pem.
2021-10-07 12:06:28,803:DEBUG:certbot._internal.storage:Writing chain to /Users/herbe/Development/certbot-dns-ionos/my_debug/config/live/erbehome.de/chain.pem.
2021-10-07 12:06:28,804:DEBUG:certbot._internal.storage:Writing full chain to /Users/herbe/Development/certbot-dns-ionos/my_debug/config/live/erbehome.de/fullchain.pem.
2021-10-07 12:06:28,804:DEBUG:certbot._internal.storage:Writing README to /Users/herbe/Development/certbot-dns-ionos/my_debug/config/live/erbehome.de/README.
2021-10-07 12:06:35,640:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-ionos and installer <certbot._internal.cli.cli_utils._Default object at 0x10715aca0>
2021-10-07 12:06:35,642:DEBUG:certbot._internal.cli:Var config_dir=my_debug/config (set by user).
2021-10-07 12:06:35,642:DEBUG:certbot._internal.cli:Var work_dir=my_debug/work (set by user).
2021-10-07 12:06:35,643:DEBUG:certbot._internal.cli:Var logs_dir=my_debug/logs (set by user).
2021-10-07 12:06:35,643:DEBUG:certbot._internal.cli:Var authenticator=dns-ionos (set by user).
2021-10-07 12:06:35,644:DEBUG:certbot._internal.cli:Var dns_ionos_credentials=my_debug/secrets/credentials.ini (set by user).
2021-10-07 12:06:35,646:DEBUG:certbot._internal.storage:Writing new config /Users/herbe/Development/certbot-dns-ionos/my_debug/config/renewal/erbehome.de.conf.
2021-10-07 12:06:35,657:DEBUG:certbot._internal.display.obj:Notifying user:
Successfully received certificate.
Certificate is saved at: /Users/herbe/Development/certbot-dns-ionos/my_debug/config/live/erbehome.de/fullchain.pem
Key is saved at: /Users/herbe/Development/certbot-dns-ionos/my_debug/config/live/erbehome.de/privkey.pem
This certificate expires on 2022-01-05.
These files will be updated when the certificate renews.
2021-10-07 12:06:35,657:DEBUG:certbot._internal.display.obj:Notifying user: NEXT STEPS:
2021-10-07 12:06:35,657:DEBUG:certbot._internal.display.obj:Notifying user: - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
2021-10-07 12:06:41,923:DEBUG:certbot._internal.display.obj:Notifying user: If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-leIf I run openssl x509 -in fullchain.pem -text, I've got this:
X509v3 Subject Alternative Name:
DNS:*.erbehome.de, DNS:erbehome.deOh how strange. It looks like you are only getting one challenge token from LE. I'll go pull my logs in a bit so you can see what I am getting.
helgeerbe
commented
3 years ago Which version of certbot do you use. I did a fresh installation. certbot version: 1.20.0
PackeTsar
commented
3 years ago I'm using 1.19.0. Here are my logs
...removed...
2021-10-09 18:29:55,414:DEBUG:acme.client:Storing nonce: <private>
2021-10-09 18:29:55,414:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-10-09 18:29:55,415:INFO:certbot._internal.auth_handler:dns-01 challenge for example.com
2021-10-09 18:29:55,415:INFO:certbot._internal.auth_handler:dns-01 challenge for example.com
2021-10-09 18:29:55,415:WARNING:certbot.plugins.dns_common:Unsafe permissions on credentials configuration file: /opt/ionos_api_key.ini
2021-10-09 18:29:55,417:DEBUG:certbot_dns_ionos.dns_ionos:_perform called with: domain: example.com, validation_name: _acme-challenge.example.com, validation: <private>
2021-10-09 18:29:55,417:DEBUG:certbot_dns_ionos.dns_ionos:creating ionosclient
2021-10-09 18:29:55,417:DEBUG:certbot_dns_ionos.dns_ionos:get zones
2021-10-09 18:29:55,418:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:30:28,848:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones HTTP/1.1" 200 3668
2021-10-09 18:30:28,849:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones
2021-10-09 18:30:28,850:DEBUG:certbot_dns_ionos.dns_ionos:zones found [{'name': 'example.com', 'id': '<private-id>', 'type': 'NATIVE'}, ...truncated]
2021-10-09 18:30:28,850:DEBUG:certbot_dns_ionos.dns_ionos:domain found: example.com with id: <private-id>
2021-10-09 18:30:28,851:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:31:01,611:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones/<private-id> HTTP/1.1" 200 54311
2021-10-09 18:31:01,801:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/<private-id>
2021-10-09 18:31:01,802:INFO:certbot_dns_ionos.dns_ionos:insert new txt record
2021-10-09 18:31:01,802:DEBUG:certbot_dns_ionos.dns_ionos:insert with data: {'disabled': False, 'type': 'TXT', 'name': '_acme-challenge.example.com', 'content': '<private>', 'ttl': 60, 'prio': 0}
2021-10-09 18:31:01,803:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:31:34,543:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "PATCH /dns/v1/zones/<private-id> HTTP/1.1" 200 0
2021-10-09 18:31:34,545:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/<private-id>
2021-10-09 18:31:34,547:DEBUG:certbot_dns_ionos.dns_ionos:_perform called with: domain: example.com, validation_name: _acme-challenge.example.com, validation: <private-id>
2021-10-09 18:31:34,548:DEBUG:certbot_dns_ionos.dns_ionos:creating ionosclient
2021-10-09 18:31:34,548:DEBUG:certbot_dns_ionos.dns_ionos:get zones
2021-10-09 18:31:34,548:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:32:07,546:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones HTTP/1.1" 200 3668
2021-10-09 18:32:07,547:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones
2021-10-09 18:32:07,547:DEBUG:certbot_dns_ionos.dns_ionos:zones found [{'name': 'example.com', 'id': '<private>', 'type': 'NATIVE'}, ...truncated]
2021-10-09 18:32:07,547:DEBUG:certbot_dns_ionos.dns_ionos:domain found: example.com with id: <private-id>
2021-10-09 18:32:07,548:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:32:40,325:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones/<private-id> HTTP/1.1" 200 54578
2021-10-09 18:32:40,517:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/<private-id>
2021-10-09 18:32:40,517:INFO:certbot_dns_ionos.dns_ionos:adding additional record
2021-10-09 18:32:40,518:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:33:13,047:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones/<private-id> HTTP/1.1" 200 54578
2021-10-09 18:33:13,240:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/<private-id>
2021-10-09 18:33:13,240:DEBUG:certbot_dns_ionos.dns_ionos:insert with data: [{'name': '_acme-challenge.example.com', 'type': 'TXT', 'content': '<private>', 'ttl': 60, 'disabled': False}, {'disabled': False, 'type
': 'TXT', 'name': '_acme-challenge.example.com', 'content': '<private-id>', 'ttl': 60, 'prio': 0}]
2021-10-09 18:33:13,241:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:33:45,859:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "PATCH /dns/v1/zones/<private-id> HTTP/1.1" 200 0
2021-10-09 18:33:45,860:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/<private-id>
2021-10-09 18:33:45,861:DEBUG:certbot._internal.display.obj:Notifying user: Waiting 120 seconds for DNS changes to propagate
2021-10-09 18:35:45,893:DEBUG:acme.client:JWS payload:
b'{}'
2021-10-09 18:35:45,895:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/xxxxxxxx/xxxxxxx:
...removed...
2021-10-09 18:36:18,528:DEBUG:acme.client:Storing nonce: <private>
2021-10-09 18:36:18,528:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-10-09 18:36:18,528:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-10-09 18:36:18,529:DEBUG:certbot_dns_ionos.dns_ionos:creating ionosclient
2021-10-09 18:36:18,529:DEBUG:certbot_dns_ionos.dns_ionos:get zones
2021-10-09 18:36:18,530:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:36:51,083:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones HTTP/1.1" 200 3668
2021-10-09 18:36:51,085:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones
2021-10-09 18:36:51,086:DEBUG:certbot_dns_ionos.dns_ionos:zones found [{'name': 'example.com', 'id': '<private>', 'type': 'NATIVE'}, ...truncated]
2021-10-09 18:36:51,086:DEBUG:certbot_dns_ionos.dns_ionos:domain found: example.com with id: <private-id>
2021-10-09 18:36:51,087:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:37:23,639:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones/<private-id> HTTP/1.1" 200 54845
2021-10-09 18:37:23,836:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/<private-id>
2021-10-09 18:37:23,837:DEBUG:certbot_dns_ionos.dns_ionos:delete id: <private-id>
2021-10-09 18:37:23,838:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:37:56,401:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "DELETE /dns/v1/zones/<private-id>/records/<private-id> HTTP/1.1" 200 0
2021-10-09 18:37:56,402:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/<private-id>/records/<private-id>
2021-10-09 18:37:56,402:DEBUG:certbot_dns_ionos.dns_ionos:delete id: <private-id>
2021-10-09 18:37:56,403:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:38:28,978:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "DELETE /dns/v1/zones/<private-id>/records/<private-id> HTTP/1.1" 200 0
2021-10-09 18:38:28,980:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/<private-id>/records/<private-id>
2021-10-09 18:38:28,981:DEBUG:certbot_dns_ionos.dns_ionos:creating ionosclient
2021-10-09 18:38:28,981:DEBUG:certbot_dns_ionos.dns_ionos:get zones
2021-10-09 18:38:28,982:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:39:01,410:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones HTTP/1.1" 200 3668
2021-10-09 18:39:01,411:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones
2021-10-09 18:39:01,411:DEBUG:certbot_dns_ionos.dns_ionos:zones found [{'name': 'example.com', 'id': '<private>', 'type': 'NATIVE'}, ...truncated]
2021-10-09 18:39:01,411:DEBUG:certbot_dns_ionos.dns_ionos:domain found: example.com with id: <private-id>
2021-10-09 18:39:01,412:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.hosting.ionos.com:443
2021-10-09 18:39:34,051:DEBUG:urllib3.connectionpool:https://api.hosting.ionos.com:443 "GET /dns/v1/zones/<private-id> HTTP/1.1" 200 54311
2021-10-09 18:39:34,244:DEBUG:certbot_dns_ionos.dns_ionos:API REquest to URL: https://api.hosting.ionos.com/dns/v1/zones/<private-id>
...removed...
Hi @PackeTsar, Thanks for sharing the log. What I can see, is that you are requesting two times example.com. So updating/add additional txt record would be OK, since you are requesting the the same domain?!
Did you overwrite one one domain, when you clean your log?
helgeerbe
commented
3 years ago Which parameters are you using to call certbot?
I do:
'-a', 'dns-ionos', '-d', '*.erbehome.de', '-d', 'erbehome.de', '--dns-ionos-credentials', 'my_debug/secrets/credentials.ini', '--config-dir', 'my_debug/config', '--work-dir', 'my_debug/work', '--logs-dir', 'my_debug/logs'
Issue
The current plugin does not allow multiple domains to be authenticated.
This is because when multiple domains are specified in the invocation of certbot, certbot will make multiple independent calls to
_perform(). Each time_perform()is called, it callsadd_txt_record()which checks for an existing record and updates/changes that record if it does indeed exist.These updates to the existing TXT record result in a single _acme-challenge.example.com TXT record with a changed value. In order for Let's Encrypt to authenticate multiple domains, it requires multiple TXT records to exist all with the same (_acme-challenge.example.com) name.
New Code
The new code does not overwrite existing TXT records with the _acme-challenge.example.com name. Instead the new code pulls a list of the existing records with that name, and inserts the new record in addition to them. It does this by combining all the records into a list of records and issuing a PATCH against the API with all the records passed in the payload.
The new code also performs an iterative delete of all the records with the _acme-challenge.example.com name once certbot calls the
_cleanup()method.