search

infinityofspace / certbot_dns_porkbun

Plugin for certbot to obtain certificates using a DNS TXT record for Porkbun domains
MIT License
56 stars 8 forks source link

Delete DNS Api Failed #68

Open Wolf1098 opened 5 months ago

Wolf1098 commented 5 months ago

Describe the bug The acme_challenge records do not get removed once validated.

To Reproduce Unknown... I have both wildcard and root domains on 1 line with extra -d options????

Expected behavior The porkbun api doesn't seem to be cleanly handling the delete dns records... unsure why

Certbot command Docker Compose File

services:
  porkbun-root:
   image: infinityofspace/certbot_dns_porkbun
   platform: linux/arm64/v8
   hostname: cerbot-porkbun-root
   restart: unless-stopped
   volumes:
     - "/storage/docker/certbot/etc/letsencrypt:/etc/letsencrypt"
     - "/storage/docker/certbot/var/lib/letsencrypt:/var/lib/letsencrypt"
     - "/storage/docker/temp-root:/var/log"
     - "/storage/docker/certbot/porkbun/credentials.json:/tmp/credentials.json"
   command: certonly -v --non-interactive --agree-tos --email sysops@root.xyz --preferred-challenges dns --authenticator dns-porkbun  --dns-porkbun-credentials /tmp/credentials.json --dns-porkbun-propagation-seconds 600 -d root.xyz -d root.ca -d root.dev -d root.download -d "*.root.xyz"  -d "*.root.ca" -d "*.root.dev" -d "*.root.download"

Versions (please complete the following version information):

Error message

2024-03-30 21:59:56,369:DEBUG:certbot._internal.error_handler:Encountered signals: [15]
2024-03-30 21:59:56,370:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-03-30 21:59:56,370:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-03-30 21:59:56,976:ERROR:certbot._internal.error_handler:Encountered exception during recovery: certbot.errors.PluginError: ERROR: DNS delete api call was not successfully
2024-03-30 21:59:56,977:DEBUG:certbot._internal.error_handler:Calling signal 15
2024-03-30 21:59:56,977:DEBUG:certbot._internal.log:Exiting abnormally:
2024-03-30 21:59:56,981:ERROR:certbot._internal.log:An unexpected error occurred while handling the authorizations.

Additional context I have 8 domains using the san feature, 4 of which are the root domains, and 4 are wildcards for the subdomains

blotree commented 3 months ago

I've encountered the same error using the plugin on different machines, similarly with multiple domains and wildcards. I've installed this plugin from source in one case, through the Arch User Repository build script in another and none of the components are containerized.

This isn't a critical error if it happens a couple of times but the renewal process can fail if there are too many TXT records that haven't been cleaned up as no more can be created after a point.

Nor sure where the problem is exactly as making API deletion calls using curl directly or pkb-client directly works as expected.

bentemple commented 1 month ago

The issue is that it's using the object variable _self._root_domain except that's a variable that changes for every validation. And in our case, we're using 2 different domain names, and so it's attempting to delete the record off of the wrong domain name.

i.e. domain1.com, *.domain1.com, domain2.com, *.domain2.com 1,2,3,4 recordIDs respectively It's attempting to delete the recordID 1 from domain2.com

The fix is pretty simple. I'll open a PR