Gandi LiveDNS API communication stopped working

[risen]

Hi, since a little while I'm getting these errors:

Unable to find or delete the DNS TXT record: <No reason given>
Failed to renew certificate subdomain.example.com with error: An error occurred adding the DNS TXT record: <No reason given>

In the log files I find this:

2022-07-23 18:48:09,169:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): dns.api.gandi.net:443
2022-07-23 18:48:09,299:DEBUG:urllib3.connectionpool:https://dns.api.gandi.net:443 "GET /api/v5/domains/subdomain.example.com HTTP/1.1" 404 108
2022-07-23 18:48:09,301:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): dns.api.gandi.net:443
2022-07-23 18:48:09,534:DEBUG:urllib3.connectionpool:https://dns.api.gandi.net:443 "GET /api/v5/domains/example.com HTTP/1.1" 200 532
2022-07-23 18:48:09,537:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): dns.api.gandi.net:443
2022-07-23 18:48:09,795:DEBUG:urllib3.connectionpool:https://dns.api.gandi.net:443 "GET /api/v5/domains/example.com/records/_acme-challenge.subdomain/TXT HTTP/1.1" 200 209
2022-07-23 18:48:09,797:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): dns.api.gandi.net:443
2022-07-23 18:48:10,210:DEBUG:urllib3.connectionpool:https://dns.api.gandi.net:443 "PUT /api/v5/domains/example.com/records/_acme-challenge.subdomain/TXT HTTP/1.1" 400 151
2022-07-23 18:48:10,212:WARNING:certbot_plugin_gandi.main:Unable to find or delete the DNS TXT record: <No reason given>
2022-07-23 18:48:10,212:ERROR:certbot._internal.renewal:Failed to renew certificate subdomain.example.com with error: An error occurred adding the DNS TXT record: <No reason given>

I tried rotating the key, installing the latest plugin version, etc, but nothing seems to help.

It seems I'm getting a HTTP status code of 200 on GET, but 400 on PUT.

Any ideas?

[obynio]

Hello, linked to #34

[risen]

It seems the patch in #34 doesn't help, still getting a 400 on PUT:

2022-07-25 13:03:33,018:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443
2022-07-25 13:03:34,459:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/subdomain.example.com HTTP/1.1" 404 108
2022-07-25 13:03:34,462:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443
2022-07-25 13:03:34,706:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/example.com HTTP/1.1" 200 270
2022-07-25 13:03:34,708:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443
2022-07-25 13:03:34,934:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/example.com/records/_acme-challenge.subdomain/TXT HTTP/1.1" 200 200
2022-07-25 13:03:34,936:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443
2022-07-25 13:03:35,391:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "PUT /v5/livedns/domains/example.com/records/_acme-challenge.subdomain/TXT HTTP/1.1" 400 151
2022-07-25 13:03:35,392:WARNING:certbot_plugin_gandi.main:Unable to find or delete the DNS TXT record: <No reason given>
2022-07-25 13:03:35,393:ERROR:certbot._internal.renewal:Failed to renew certificate subdomain.example.com with error: An error occurred adding the DNS TXT record: <No reason given>

[risen]

Turns out, Gandi changed their behaviour with "linked zones".

If you have multiple domains using a linked zone, you no longer can use the LiveDNS API to update them. This used to work before.

I contacted Gandi about this, their response:

I'm coming back to your regarding your request about linked zone ; dev team answered that this is the normal expected behavior when a linked zone.

So, I'm sorry but we won't change anything on our side, you'll have to unlink domains

So, not a bug in certbot-plugin-gandi. It might be useful to mention this limitation in the README.md

Thanks!