search

telekom-mms / ansible-collection-acme

An Ansible collection for issuing certificates via the ACME protocol.
GNU General Public License v3.0
49 stars 9 forks source link

creation of wildcard certificates with autodns challenge not working with release 0.0.5 #20

Closed beechesII closed 3 years ago

beechesII commented 3 years ago

With version 0.0.5 the creation of wildcard certificates with autodns challenge is not possible.

Please provide a patch.

I add the playbook and the error message anoymized below:

Playbook:

- name: create the certificate for example.com
  hosts: localhost
  collections:
    - t_systems_mms.letsencrypt
  roles:
    - letsencrypt
  vars:
    domain:
      certificate_name: "wildcard.example.com"
      zone: "example.com"
      email_address: "foo@bar.de"
      subject_alt_name:
        - "*.example.com"
        - "example.com"
    letsencrypt_do_http_challenge: false
    letsencrypt_do_dns_challenge: true
    letsencrypt_use_acme_live_directory: true
    account_email: "foo@bar.de"

Error: 

TASK [letsencrypt : add a new TXT record to the SAN domains] *******************
failed: [localhost] (item=*.example.com) => {"ansible_loop_var": "item", "changed": false, "connection": "close", "content": "{\"stid\":\"20201214-app2-96806\",\"messages\":[{\"text\":\"Der Resource-Record enthält ungültige Zeichen.\",\"objects\":[{\"type\":\"rr[30]/name\",\"value\":\"_acme-challenge.*\"}],\"code\":\"EF02063\",\"status\":\"ERROR\"}],\"status\":{\"code\":\"E0202\",\"text\":\"Zone konnte nicht auf dem Nameserver aktualisiert werden.\",\"type\":\"ERROR\"},\"object\":{\"type\":\"Zone\",\"value\":\"example.com\"}}", "content_language": "de", "content_length": "359", "content_type": "application/json", "date": "Mon, 14 Dec 2020 09:47:08 GMT", "elapsed": 0, "item": "*.example.com", "json": {"messages": [{"code": "EF02063", "objects": [{"type": "rr[30]/name", "value": "_acme-challenge.*"}], "status": "ERROR", "text": "Der Resource-Record enthält ungültige Zeichen."}], "object": {"type": "Zone", "value": "example.com"}, "status": {"code": "E0202", "text": "Zone konnte nicht auf dem Nameserver aktualisiert werden.", "type": "ERROR"}, "stid": "20201214-app2-96806"}, "msg": "Status code was 400 and not [200]: HTTP Error 400: Bad Request", "redirected": false, "server": "nginx", "status": 400, "url": "https://api.autodns.com/v1/zone/example.com/a.ns14.net", "x_domainrobot_stid": "20201214-app2-96806"}

Ansible Version:

ansible 2.7.7
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/crgr/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
avalor1 commented 3 years ago

This collection requires Ansible 2.9. Please update to Ansible 2.9 and try again :)

beechesII commented 3 years ago

Hi @avalor1 , The Ansible Version was from the wrong host, sry for that. We use serveral gitlab-runners, but the gitlab-runner for this specific job runs on a host with ansible version 2.9.0.

[root@myhost ~]# ansible --version
ansible 2.9.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Apr  2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
avalor1 commented 3 years ago

Hi @beechesII thanks for raising this issue. I've create a pull request which fixes this.