kchristensen / udm-le

Let's Encrypt support for Ubiquiti UniFi OS
MIT License
604 stars 80 forks source link

acme: Waiting for DNS record propagation. #94

Closed ierdelyi closed 6 months ago

ierdelyi commented 6 months ago

Describe the bug When I try to request the certicate, the script was failing because of the DNS record propagation check failed. Possible reason is the LEGO use IPv6 DNS servers instead of IPv4. If I define the DNS_RESOLVERS variable using ipv4 address, the result is the same. IPv6 is completly disabled on Unifi appliance.

To Reproduce /data/udm-le/udm-le.sh initial

Expected behavior The step: " acme: Waiting for DNS record propagation." failed because the bacground script try to use IPv6 DNS servers instead of default one.

Version Information (please complete the following information):

Additional context Log details:

/data/udm-le/udm-le.sh initial install_lego(): Lego binary is already installed at /data/udm-le/lego, no operation necessary create_services(): Creating udm-le systemd service and timer initial(): Attempting certificate generation initial(): /data/udm-le/lego --path "/data/udm-le/.lego" --dns cloudflare --email it@owncompany.com --key-type rsa2048 -d portal.owncompany.com --accept-tos run 2024/05/02 11:54:10 [INFO] [portal.owncompany.com] acme: Obtaining bundled SAN certificate 2024/05/02 11:54:10 [INFO] [portal.owncompany.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/345720099897 2024/05/02 11:54:10 [INFO] [portal.owncompany.com] acme: Could not find solver for: tls-alpn-01 2024/05/02 11:54:10 [INFO] [portal.owncompany.com] acme: Could not find solver for: http-01 2024/05/02 11:54:10 [INFO] [portal.owncompany.com] acme: use dns-01 solver 2024/05/02 11:54:10 [INFO] [portal.owncompany.com] acme: Preparing to solve DNS-01 2024/05/02 11:54:12 [INFO] cloudflare: new record for portal.owncompany.com, ID 2ecefe54781acaba3775e10a1f1cda18 2024/05/02 11:54:12 [INFO] [portal.owncompany.com] acme: Trying to solve DNS-01 2024/05/02 11:54:12 [INFO] [portal.owncompany.com] acme: Checking DNS record propagation. [nameservers=127.0.0.1:53] 2024/05/02 11:54:14 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s] 2024/05/02 11:54:24 [INFO] [portal.owncompany.com] acme: Waiting for DNS record propagation. acme: Checking DNS record propagation.2024/05/02 11:54:36 [INFO] [portal.owncompany.com] acme: Waiting for DNS record propagation. 2024/05/02 11:54:48 [INFO] [portal.owncompany.com] acme: Waiting for DNS record propagation. 2024/05/02 11:55:00 [INFO] [portal.owncompany.com] acme: Waiting for DNS record propagation. 2024/05/02 11:55:12 [INFO] [portal.owncompany.com] acme: Waiting for DNS record propagation. 2024/05/02 11:55:24 [INFO] [portal.owncompany.com] acme: Waiting for DNS record propagation. 2024/05/02 11:55:36 [INFO] [portal.owncompany.com] acme: Waiting for DNS record propagation. 2024/05/02 11:55:48 [INFO] [portal.owncompany.com] acme: Waiting for DNS record propagation. 2024/05/02 11:56:00 [INFO] [portal.owncompany.com] acme: Waiting for DNS record propagation. 2024/05/02 11:56:12 [INFO] [portal.owncompany.com] acme: Waiting for DNS record propagation. 2024/05/02 11:56:14 [INFO] [portal.owncompany.com] acme: Cleaning DNS-01 challenge 2024/05/02 11:56:16 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/345720099897 2024/05/02 11:56:16 Could not obtain certificates: error: one or more domains had a problem: [portal.owncompany.com] propagation: time limit exceeded: last error: DNS call error: read udp [2001:db8:1000::1]:51859->[2606:4700:50::adf5:3a38]:53: i/o timeout [ns=adi.ns.cloudflare.com.:53, question='_acme-challenge.portal.owncompany.com. IN TXT'] initial(): Starting udm-le systemd timer

kchristensen commented 6 months ago

Seems like this is a similar bug to https://github.com/kchristensen/udm-le/issues/93?

ierdelyi commented 6 months ago

Seems like this is a similar bug to #93?

Yes, the same, just I can't find that article.. I'll use that workaround and close this topic. Thank you,

dr-boss commented 6 months ago

What is workaround ? I resolved for me. I added to hosts file 173.245.59.141 sam.ns.cloudflare.com 108.162.194.136 savanna.ns.cloudflare.com this omit ip6

apearson commented 5 months ago

What is workaround ? I resolved for me. I added to hosts file 173.245.59.141 sam.ns.cloudflare.com 108.162.194.136 savanna.ns.cloudflare.com this omit ip6

This also worked for me

ierdelyi commented 5 months ago

What is workaround ? I resolved for me. I added to hosts file 173.245.59.141 sam.ns.cloudflare.com 108.162.194.136 savanna.ns.cloudflare.com this omit ip6

Hello,

I use this: https://github.com/kchristensen/udm-le/issues/93#issuecomment-2066461527 Did you edit the host file on appliance?