search

vancluever / terraform-provider-acme

Terraform ACME provider
https://registry.terraform.io/providers/vancluever/acme/latest
Mozilla Public License 2.0
223 stars 73 forks source link

azuredns: could not find zone (from discovery) #428

Closed cschipper1 closed 1 month ago

cschipper1 commented 1 month ago

Cert renew is not working anymore in the latest version 2.25, we got the error below:

│ Error: error: one or more domains had a problem: │ [.] [.] acme: error presenting token: 2 errors occurred: │ rpc error: code = Unknown desc = azuredns: could not find zone (from discovery): error encountered while presenting token for DNS challenge: rpc error: code = Unknown desc = azuredns: could not find zone (from discovery):

We tested with lego with the same credentials and dns zone and then a new certificate request is working.

vancluever commented 1 month ago

@cschipper1 I'll need more information to proceed here - can you send along your config? Are you running lego and Terraform on the same machine? etc.

cschipper1 commented 1 month ago

We are running the code below in a pipeline on a build agent and it was working, now with a renewal due it gives the error below. Credentials etc are not changed.

I tested the manual request with lego only on a different machine.

Terraform provider: acme = { source = "vancluever/acme" version = "2.25.0" }

Terraform code: resource "tls_private_key" "private_key" { algorithm = "RSA" }

resource "acme_registration" "reg" { account_key_pem = tls_private_key.private_key.private_key_pem email_address = x }

resource "acme_certificate" "certificate" { account_key_pem = acme_registration.reg.account_key_pem common_name = "*.${local.dns_zone_name}" subject_alternative_names = [local.dns_zone_name] certificate_p12_password = random_password.certpassword.result min_days_remaining = 30

dns_challenge { provider = "azuredns" config = { AZURE_CLIENT_ID = x AZURE_CLIENT_SECRET = x AZURE_TENANT_ID = x AZURE_ENVIRONMENT = "public" AZURE_PROPAGATION_TIMEOUT = 120 AZURE_POLLING_INTERVAL = 10 AZURE_SUBSCRIPTION_ID = x AZURE_RESOURCE_GROUP = x AZURE_ZONE_NAME = local.dns_zone_name } } }

vancluever commented 1 month ago

@cschipper1 please try running Terraform at the same place you're running lego and see what you get. There could be differences in configuration between your build pipeline system and your local machine.

Nothing looks out of place with your config, but also I don't use Azure so it will be difficult for me to reproduce.

cschipper1 commented 1 month ago

Found the problem had to use the ARM env variables zero out, like in https://github.com/vancluever/terraform-provider-acme/issues/187

Thanks for the quick replies!

vancluever commented 1 month ago

@cschipper1 glad you got it worked out!