Subdomains not working - Githubissues

janeczku / rancher-letsencrypt

:cow: Rancher service that obtains and manages free SSL certificates from the Let's Encrypt CA

Apache License 2.0

326 stars 114 forks source link

Subdomains not working #65

Open joshbenner opened 7 years ago

joshbenner commented 7 years ago

I'm trying to use letsencrypt to get certificates for a Route53 hosted zone.

Hosted zone: example.com

Domains given to letsencrypt container: example.com,test.example.com,foo.test.example.com,bar.test.example.com

The container complains about not being able to find the zone for "test.example.com".

This was working in 0.3.0, but broke in 0.4.0. I suspect it may be related to changes for #23?

gregkeys commented 7 years ago

Im having the same problem I have to dance around to get things to work the way I want.

I startup with 0.4.0 with rancher-nfs volume driver then upgrade service to 0.3.0 to get subdomains working,

if I start with 0.3.0 first it wont create the volumes in rancher-nfs, if I only use 0.4.0 it just timesout

ap0phi5 commented 7 years ago

Hello @janeczku, Same issue here. Regressing from v0.4.0 to v0.3.0 worked.

I also have a delegated subdomain, both in R53: Error is:

Error obtaining certificate: Time limit exceeded. Last error: NS ns-0.awsdns-00.com. returned REFUSED for _acme-challenge.mysubdomain.mydomain.com

ampedandwired commented 7 years ago

I'm getting the same problem here after upgrading to 0.4.0. Sticking with 0.3.0 for now.

janeczku commented 7 years ago

@rocketeer125 In your case what is the zone name managed by Route53, mysubdomain or mydomain? @ampedandwired Are you using Route53 as well? Delegated subdomain?

ap0phi5 commented 7 years ago

@janeczku In R53, I have multiple zones in my environment:

mydomain.com [PUBLIC] ... which contains NS records for: mysubdomain.mydomain.com [PUBLIC] <-- This is the zone being used for letsencrypt.

NB, Not sure if relevant as your container references Zone ID, but I also have a private zone: mysubdomain.mydomain.com [PRIVATE]

janeczku commented 7 years ago

v0.4.0 uses the resolvers in /etc/resolv.conf instead of Google's DNS servers. This breaks stuff when there is a private zone with the same name and the host running the service is in a VPC for which the private zone is active. In this case you need to configure the letsencrypt service with a public DNS resolver, which is now supported https://github.com/janeczku/rancher-letsencrypt/commit/e44c644d43d85c0a0d36b5f917d6e8bacba1f52f

ampedandwired commented 7 years ago

Yes I'm using Route53: mydomain.com <--- public zone internal.mydomain.com <--- private zone

Encountered this issue while trying to set up a cert for xxx.internal.mydomain.com.

giovannicandido commented 7 years ago

Using NS1 as a provider and getting the same error. I tested with the root domain and is working, only subdomains not