search

mdbraber / acmeproxy

Proxy server for ACME DNS challenges written in Go
MIT License
82 stars 20 forks source link

Provider does not support requested mode mode=default provider=azure #8

Open Keithsc opened 3 years ago

Keithsc commented 3 years ago

Hi, I am getting the following error when I try and request a cert using acme.sh/dns_acmeproxy > acmeproxy

Provider does not support requested mode mode=default provider=azure

I have created two Azure Principal account and have tried both but get the same provider error each time.

Any suggestions ?

docker run --rm -it \

--env ACMEPROXY_ENDPOINT="https://acmecert.mydomain.com:9096" \ --env ACMEPROXY_USERNAME="username" \ --env ACMEPROXY_PASSWORD="password" \ --add-host acmecert.mydomain.com:a.b.c.d \ -v "$(pwd)/out":/acme.sh \ neilpang/acme.sh --issue --dns dns_acmeproxy -d test1.mydomain.com [Wed Oct 14 09:07:58 UTC 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory [Wed Oct 14 09:07:58 UTC 2020] Create account key ok. [Wed Oct 14 09:07:58 UTC 2020] Registering account: https://acme-v02.api.letsencrypt.org/directory [Wed Oct 14 09:08:00 UTC 2020] Registered [Wed Oct 14 09:08:00 UTC 2020] ACCOUNT_THUMBPRINT='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' [Wed Oct 14 09:08:00 UTC 2020] Creating domain key [Wed Oct 14 09:08:00 UTC 2020] The domain key is here: /acme.sh/test1.mydomain.com/test1.mydomain.com.key [Wed Oct 14 09:08:00 UTC 2020] Single domain='test1.mydomain.com' [Wed Oct 14 09:08:00 UTC 2020] Getting domain auth token for each domain [Wed Oct 14 09:08:02 UTC 2020] Getting webroot for domain='test1.mydomain.com' [Wed Oct 14 09:08:02 UTC 2020] Adding txt value: Uxh82oLidn8X4---------------------P9UGBefw1QoU for domain: _acme-challenge.test1.mydomain.com [Wed Oct 14 09:08:02 UTC 2020] Using acmeproxy [Wed Oct 14 09:08:02 UTC 2020] Error encountered during record addition [Wed Oct 14 09:08:02 UTC 2020] Provider does not support requested mode [Wed Oct 14 09:08:02 UTC 2020] Error add txt for domain:_acme-challenge.test1.mydomain.com [Wed Oct 14 09:08:02 UTC 2020] Please add '--debug' or '--log' to check more details. [Wed Oct 14 09:08:02 UTC 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

docker run -it -v $PWD/config:/etc/acmeproxy -v $PWD/logs:/var/log -p 9096:9096 acmeproxy [Oct 14 09:06:08] DEBUG Using environment variable name=AZURE_CLIENT_ID value=xxxxx [Oct 14 09:06:08] DEBUG Using environment variable name=AZURE_CLIENT_SECRET value=yyyyyy [Oct 14 09:06:08] DEBUG Using environment variable name=AZURE_RESOURCE_GROUP value=zzzzzzz [Oct 14 09:06:08] DEBUG Using environment variable name=AZURE_SUBSCRIPTION_ID value=1111222233334444 [Oct 14 09:06:08] DEBUG Using environment variable name=AZURE_TENANT_ID value=555566667778888 [Oct 14 09:06:08] DEBUG Using flag accesslog-file=/var/log/acmeproxy.log [Oct 14 09:06:08] DEBUG Using flag allowed-domains=[mydomain.com] [Oct 14 09:06:08] DEBUG Using flag allowed-ips=[127.0.0.1 172.16.0.0/16 172.17.0.1 1.2.3.4/32] [Oct 14 09:06:08] DEBUG Using flag config-file=/etc/acmeproxy/config.yml [Oct 14 09:06:08] DEBUG Using flag environment=[AZURE_CLIENT_ID=xxxxxx AZURE_CLIENT_SECRET=yyyyyy AZURE_RESOURCE_GROUP=zzzzzz AZURE_SUBSCRIPTION_ID=111222334444 AZURE_TENANT_ID=55566667777888] [Oct 14 09:06:08] DEBUG Using flag htpasswd-file= [Oct 14 09:06:08] DEBUG Using flag interface=acmecert.mydomain.com [Oct 14 09:06:08] DEBUG Using flag log-forcecolors=true [Oct 14 09:06:08] DEBUG Using flag log-forceformatting=true [Oct 14 09:06:08] DEBUG Using flag log-level=debug [Oct 14 09:06:08] DEBUG Using flag log-timestamp=true [Oct 14 09:06:08] DEBUG Using flag port=9096 [Oct 14 09:06:08] DEBUG Using flag provider=azure [Oct 14 09:06:08] DEBUG Using flag ssl=auto [Oct 14 09:06:08] DEBUG Using flag ssl.auto.agreed=true [Oct 14 09:06:08] DEBUG Using flag ssl.auto.ca=https://acme-v02.api.letsencrypt.org/directory [Oct 14 09:06:08] DEBUG Using flag ssl.auto.email=admin@company.com [Oct 14 09:06:08] DEBUG Using flag ssl.auto.key-type=rsa2048 [Oct 14 09:06:08] DEBUG Using flag ssl.auto.path=/etc/acmeproxy/certmagic [Oct 14 09:06:08] DEBUG Using flag ssl.auto.provider=azure [Oct 14 09:06:08] DEBUG Using flag ssl.manual.cert-file= [Oct 14 09:06:08] DEBUG Using flag ssl.manual.key-file= [Oct 14 09:06:08] INFO Setting up server using SSL (certmagic) [Oct 14 09:06:08] INFO Started certificate maintenance routine [Oct 14 09:06:08] INFO Starting acmeproxy addr=:9096 endpoint=https://acmecert.mydomain.com:9096 [Oct 14 09:08:02] DEBUG present: 172.17.0.1: Received JSON payload (default mode) fqdn=_acme-challenge.test1.mydomain.com. value=Uxh82oLidjsfhuifuy4338h7qP9UGBefw1QoU [Oct 14 09:08:02] DEBUG present: 172.17.0.1: Checking allowed domain allowedDomain=mydomain.com checkDomain=test1.mydomain.com [Oct 14 09:08:02] DEBUG present: 172.17.0.1: Provider does not support requested mode mode=default provider=azure

mhite commented 2 years ago

Hitting this with the gcloud provider, too.

andrewcchen commented 1 year ago

From the readme:

to use acmeproxy as backend with providers from the lego package they need to implement a CreateRecord/RemoveRecord method that takes an FQDN + acme value as input. The discussion if this should be practice is on-going, see https://github.com/go-acme/lego/issues/720. As an example take a look at https://github.com/go-acme/lego/pull/883 of how this was implemented for the transip provider (don't worry, it's not difficult).