search

libdns / digitalocean

MIT License
10 stars 15 forks source link

Error parsing TXT Hostname (for wildcard) #4

Closed ziyadumar closed 2 years ago

ziyadumar commented 3 years ago

Caddy v2.2.0 OS : "Ubuntu 20.04.1 LTS (Focal Fossa)" built from source using xcaddy build --with github.com/caddy-dns/digitalocean

Now with caddy list-modules, I can see dns.providers.digitalocean in the list.

section of my Caddyfile

*.foo.bar {
   tls {
                dns digitalocean DO_AUTH_KEY
        }
   reverse_proxy * localhost:6000
}

Upon 'starting' the caddy or 'reloading' for that matter, (systemctl reload caddy) I noticed that the plugin creates a TXT record in DigitalOcean as expected, but the Hostname is _acme-challenge.foo.bar.foo.bar (Yes foo.bar twice appended to the end.)

I have *.foo.bar directed towards my server IP in addition to the auto-created TXT record. What I aim to achieve : I would like all request to anything.foo.bar be coming to my app running at localhost:6000 of my server.


Sep 29 21:47:55 ip-xxx-xx-x-xxx caddy[107299]: {"level":"info","ts":1601416075.4779391,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.foo.bar","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Sep 29 21:49:59 ip-xxx-xx-x-xxx caddy[107299]: {"level":"error","ts":1601416199.1840057,"logger":"tls.obtain","msg":"will retry","error":"[*.foo.bar] Obtain: [*.foo.bar] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/15856118/158773406) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":9,"retrying_in":1800,"elapsed":6525.578472893,"max_duration":2592000}
Sep 29 22:20:00 ip-xxx-xx-x-xxx caddy[107299]: {"level":"info","ts":1601418000.9284205,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.foo.bar","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Sep 29 22:22:04 ip-xxx-xx-x-xxx caddy[107299]: {"level":"error","ts":1601418124.8804,"logger":"tls.obtain","msg":"will retry","error":"[*.foo.bar] Obtain: [*.foo.bar] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/15856118/158786846) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":10,"retrying_in":3600,"elapsed":8451.274867278,"max_duration":2592000}
Sep 29 23:22:06 ip-xxx-xx-x-xxx caddy[107299]: {"level":"info","ts":1601421726.4575117,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.foo.bar","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Sep 29 23:24:10 ip-xxx-xx-x-xxx caddy[107299]: {"level":"error","ts":1601421850.054532,"logger":"tls.obtain","msg":"will retry","error":"[*.foo.bar] Obtain: [*.foo.bar] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/15856118/158809342) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":11,"retrying_in":10800,"elapsed":12176.448999569,"max_duration":2592000}
Sep 30 02:24:11 ip-xxx-xx-x-xxx caddy[107299]: {"level":"info","ts":1601432651.6319113,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.foo.bar","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Sep 30 02:26:16 ip-xxx-xx-x-xxx caddy[107299]: {"level":"error","ts":1601432776.6587107,"logger":"tls.obtain","msg":"will retry","error":"[*.foo.bar] Obtain: [*.foo.bar] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/15856118/158888193) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":12,"retrying_in":21600,"elapsed":23103.053177846,"max_duration":2592000}
Sep 30 08:26:18 ip-xxx-xx-x-xxx caddy[107299]: {"level":"info","ts":1601454378.4603336,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.foo.bar","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Sep 30 08:28:24 ip-xxx-xx-x-xxx caddy[107299]: {"level":"error","ts":1601454504.1608217,"logger":"tls.obtain","msg":"will retry","error":"[*.foo.bar] Obtain: [*.foo.bar] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/15856118/159049369) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":13,"retrying_in":21600,"elapsed":44830.555289102,"max_duration":2592000}

my tls part of curl localhost:2019/config/

"tls": {
    "automation": {
      "policies": [
        {
          "issuer": {
            "challenges": {
              "dns": {
                "provider": {
                  "auth_token": "xxxx",
                  "name": "digitalocean"
                }
              }
            },
            "email": "address@gmail.com",
            "module": "acme"
          },
          "subjects": [
            "*.foo.bar"
          ]
        },
        {
          "issuer": {
            "email": "address@gmail.com",
            "module": "acme"
          }
        }
      ]
    }
  }

What am I doing wrong? Please help!! Thanks in advance :)

mholt commented 3 years ago

I'm guessing this has something to do with https://github.com/libdns/digitalocean/pull/3

rockingdice commented 3 years ago

Might be related to https://github.com/libdns/dnspod/issues/2

eslym commented 3 years ago

this issue is already fixed, but someone have to modify the go.mod files in both of this repo and caddy-dns/digitalocean for the fix to take effect

odesenfans commented 2 years ago

Any update on this issue? I'm in the same case, I need a wildcard certificate and I get the following errors:

2022/03/01 12:22:14.726 ERROR   tls.obtain  could not get certificate from issuer   {"identifier": "*.mydomain.com", "issuer": "acme.zerossl.com-v2-DV90", "error": "[*.mydomain.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/G6OqXZ5BuGGOM6Czs7Ta3A) (ca=https://acme.zerossl.com/v2/DV90)"}
2022/03/01 12:22:14.726 ERROR   tls.obtain  will retry  {"error": "[*.mydomain.com] Obtain: [*.mydomain.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/G6OqXZ5BuGGOM6Czs7Ta3A) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 257.475346623, "max_duration": 2592000}