Open Paul-Reed opened 4 years ago
Hey, thanks for the report. It's exciting to see this in use in node-RED!
As for the errors you're seeing, these are result of DNS propagation not working. The plugin (when verifyPropagation
is set) will verify propagation of both created and deleted records. If the cert renewal is successful but you're still seeing the errors, it's possible that the propagation for the record deletion simply hasn't propagated yet.
However, the [error] [acme-client:Certificate Management] Acme error message = Could not verify challenge for '_acme-challenge.testsub.digitalnut.co.uk'. status =
message is coming directly from acme, which would imply the cert generation really wasn't successful - are you certain the renewal is happening for all certs?
Re: propagation issues, there's not much we can do about this besides some generic DNS suggestions as in https://github.com/nodecraft/acme-dns-01-cloudflare/issues/7. There's also some discussion in https://github.com/nodecraft/acme-dns-01-cloudflare/issues/9 about whether it's even worth waiting for the record deletion, but we haven't come to a conclusion there yet.
If there's any further info you can provide, that'd be really helpful.
Thanks James
I am already using Cloudflare's 1.1.1.1 public DNS
Sure enough, removing verifyPropogation
stops that error from being displayed, but what I don't understand, is that the DNS TXT entry is removed as soon as the certificate has been issued (looking at my Cloudflare dashboard), so acme it is never going to find an entry to verify?
Also yes I can confirm that a fresh working certificate is issued each time, see https://testsub.digitalnut.co.uk:2086/ but the error still persists [error] [acme-client:Certificate Management] Acme error message = Could not verify challenge for '_acme-challenge.testsub.digitalnut.co.uk'. status =
So not sure where to go with that.
Thanks Paul. With the verification step on deletion, the script explicitly checks if the record no longer exists. When creating, it of course checks if the record exists and matches what is expected. This can be seen in https://github.com/nodecraft/acme-dns-01-cloudflare/blob/a59961b5d5f0cc516a739f6ce63f5bc1b7f24072/index.js#L194
The status =
log being blank is very odd, and not something I can replicate on my end strangely. That log is coming from something upstream though, and not directly this module. Let me see if I can get any more information here.
A colleague has kindly written a node-RED node which uses Acme, and acme-dns-01-cloudflare to auto install certificates for the node-RED community. We are having some problems and your help would be very much appreciated.
When the cert application is made, we are getting error messages despite the cert renewal being successful.
The Cloudflare token has the correct permissions (as per your readme), and your plugin is used with the following settings;
Any ideas why we are getting these errors?