search

oGGy990 / certbot-dns-inwx

INWX DNS authenticator plugin for certbot
Apache License 2.0
105 stars 16 forks source link

Plugin does not work with wildcard domains #6

Closed wowcut closed 6 years ago

wowcut commented 6 years ago

Unfortunately this plugin does not work with wildcard domains, with -d *.example.com I get some long error traceback, with probably these lines as most important part: 

File "/home/user/tmp/repos/certbot-dns-inwx/certbot_dns_inwx/dns_inwx.py", line 158, in _find_domain
    raise errors.PluginError('Unable to determine base domain for {0} using names: {1}.'.format(domain_name, domain_name_guesses))
certbot.errors.PluginError: Unable to determine base domain for example.com using names: ['example.com', 'com'].

This is a real pitty, as the dns authenticator would be the most important one to use with wildcard certs, actually I only installed this plugin to use it for wildcard certs. It would be nice to fix that! Thanks!

oGGy990 commented 6 years ago

Hey,

this error basically says, you do not manage the requested domain on INWX - so no DNS records can be created.

Just did a test run on one of the domains I own:

sudo certbot certonly --test-cert -d "*.XXXXXX.de"                                                                                                                                                     
[sudo] password for oggy: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Obtain certificates using a DNS TXT record (if you are using INWX for your
domains). (certbot-dns-inwx:dns-inwx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator certbot-dns-inwx:dns-inwx, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for XXXXXX.de
Waiting 60 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/XXXXXXX.de/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/XXXXXXX.de/privkey.pem
   Your cert will expire on 2018-10-08. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"

Does your domain (which obviously is not "example.com") contain any special characters?

wowcut commented 6 years ago

Ah, ok, then this is a different problem - looks like the plugin does not support following CNAMES, basically the same like https://github.com/kegato/letsencrypt-inwx/issues/9 - I will open another issue, as this is a completely different thing.

wowcut commented 6 years ago

I am closing this, as #8 seems to be the real issue.