Sufficient to use external domain with inwx nameservers?

[crieke]

I am struggling to get a certificate for one of my domains. It is the only .ke TLD and it is also an external domain, which is using inwx nameservers. (Should this work with external domains?)

When trying to request a certificate, I'll get the following error:

Saving debug log to /home/chris/certbottest/letsencrypt-log/letsencrypt.log
Plugins selected: Authenticator dns-inwx, Installer None
Simulating a certificate request for *.example.ke and example.ke
Performing the following challenges:
dns-01 challenge for example.ke
dns-01 challenge for example.ke
Cleaning up challenges
Encountered exception during recovery: certbot.errors.PluginError: Unable to determine base domain for _acme-challenge.example.ke using names: ['_acme-challenge.example.ke', 'example.ke', 'ke'].
Unable to determine base domain for _acme-challenge.example.ke using names: ['_acme-challenge.example.ke', 'example.ke', 'ke'].
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /home/chris/certbottest/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

The end of the logfile contains:

2023-08-01 13:23:46,292:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-08-01 13:23:46,292:INFO:certbot._internal.auth_handler:dns-01 challenge for example.ke
2023-08-01 13:23:46,931:DEBUG:root:Testing _acme-challenge.example.ke for domain _acme-challenge.example.ke...
2023-08-01 13:23:47,166:DEBUG:root:Testing example.ke for domain _acme-challenge.example.ke...
2023-08-01 13:23:47,404:DEBUG:root:Testing ke for domain _acme-challenge.example.ke...
2023-08-01 13:23:47,627:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/plugins/dns_common.py", line 76, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/opt/certbot/lib/python3.7/site-packages/certbot_dns_inwx/dns_inwx.py", line 114, in _perform
    self._get_inwx_client().add_txt_record(domain, resolved, validation, self.ttl)
  File "/opt/certbot/lib/python3.7/site-packages/certbot_dns_inwx/dns_inwx.py", line 162, in add_txt_record
    domain = self._find_domain(record_name)
  File "/opt/certbot/lib/python3.7/site-packages/certbot_dns_inwx/dns_inwx.py", line 216, in _find_domain
    raise errors.PluginError('Unable to determine base domain for {0} using names: {1}.'.format(domain_name, domain_name_guesses))
certbot.errors.PluginError: Unable to determine base domain for _acme-challenge.example.ke using names: ['_acme-challenge.example.ke', 'example.ke', 'ke'].

The nameserver and SOA record should be correct:

chris@MBP ~ % dig NS +short example.ke
ns2.inwx.de.
ns3.inwx.eu.
ns.inwx.de.
chris@MBP ~ % dig SOA +short example.ke
ns.inwx.de. hostmaster.inwx.de. 2023080104 10800 3600 604800 3600

[oGGy990]

Hi Christopher,

I'm not entirely sure what you mean by "external domain". But from the logs it pretty much looks like you are trying to use a domain which is being served by the INWX nameservers but not registered with them.

This is most likely a duplicate of #22. This plugin currently searches for the domains within the domain API and not the nameserver API and fails to find your domain there because you're not paying INWX for it.

As I stated in the aforementioned issue, this is violating INWX' terms of service even if their interface allows you to do so.

You are of course welcome to try out the changes of #21.

Please correct me, if I'm wrong. :-)

[crieke]

Thanks for your prompt reply, Oliver. yes, you are correct: the .ke domain only uses the inwx nameservers but is registered with a different registrar. Will take a look at your provided link. thanks again, Chris.