-
Welcome
What did you expect to see?I want to generate a certificate for a server with the following DNS entry: server.test.example.com. I use the Infomaniak provider and I set the following environment variables: export INFOMANIAK_ENDPOINT=https://api.infomaniak.com They must be correct since a DNS entry, even if wrong, is created. What did you see instead?I get an "could not obtain certifcate" because the TXT record inserted in the DNS is for server.example.com instead of server.test.example.com. I can see in the logs that it doesn't find the test.example.com and continues with example.com. I don't understand the behaviour... As it doesn't find the test.example.com domain it tries with example .com thus explaining why the entry is wrong. Here is the DNS config for this sub domain:
seems correct ... How do you use lego?Binary Reproduction stepslego -m [email protected] --dns infomaniak -d server.test.example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run Version of legolego version 4.4.0 linux/amd64 Logslego command output where one can see the domain not found lines: 2021/09/29 18:35:14 No key found for account [email protected]. Generating a P256 key.
2021/09/29 18:35:15 Saved key to /home/ubuntu/.lego/accounts/acme-staging-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2021/09/29 18:35:15 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you accept the TOS? Y/n Y
2021/09/29 18:35:19 [INFO] acme: Registering account for [email protected]
!!!! HEADS UP !!!!
Your account credentials have been saved in your Let's Encrypt
configuration directory at "/home/ubuntu/.lego/accounts".
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2021/09/29 18:35:19 [INFO] [server.test.example.com] acme: Obtaining bundled SAN certificate
2021/09/29 18:35:20 [INFO] [server.test.example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/594598988
2021/09/29 18:35:20 [INFO] [server.test.example.com] acme: Could not find solver for: tls-alpn-01
2021/09/29 18:35:20 [INFO] [server.test.example.com] acme: Could not find solver for: http-01
2021/09/29 18:35:20 [INFO] [server.test.example.com] acme: use dns-01 solver
2021/09/29 18:35:20 [INFO] [server.test.example.com] acme: Preparing to solve DNS-01
2021/09/29 18:35:20 [INFO] domain "server.test.example.com" not found, trying with "test.example.com"
2021/09/29 18:35:21 [INFO] domain "test.example.com" not found, trying with "example.com"
2021/09/29 18:35:23 [INFO] [server.test.example.com] acme: Trying to solve DNS-01
2021/09/29 18:35:23 [INFO] [server.test.example.com] acme: Checking DNS record propagation using [172.22.224.1:53]
2021/09/29 18:35:33 [INFO] Wait for propagation [timeout: 5m0s, interval: 10s]
...
2021/09/29 18:39:05 [INFO] [server.test.example.com] acme: Waiting for DNS record propagation.
2021/09/29 18:40:35 [INFO] [server.test.example.com] acme: Cleaning DNS-01 challenge
2021/09/29 18:40:37 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/594598988
2021/09/29 18:40:37 Could not obtain certificates:
error: one or more domains had a problem:
[server.test.example.com] time limit exceeded: last error: NS nsany2.infomaniak.com. returned NXDOMAIN for _acme-challenge.server.test.example.com. Go environment (if applicable) |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
Hello, at first, I thought it was a question, but when parsing the code I think I found a bug. I will continue my analysis. |
Beta Was this translation helpful? Give feedback.
Hello,
at first, I thought it was a question, but when parsing the code I think I found a bug.
I will continue my analysis.