Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nifcloud: fix bug in case of same auth zone #2125

Merged
merged 2 commits into from
Mar 4, 2024
Merged

Conversation

fuku2014
Copy link
Contributor

@fuku2014 fuku2014 commented Mar 4, 2024

Summay

  • In the following cases fixed a bug of did not consider record names that were the same as the zone name when cname support .
example.com    A    [IP_Address]
*.example.com    CNAME    example.com

Test

lego -a --dns nifcloud --path /etc/letsencrypt --email mail@example.com --domains example.com,*.example.com --server https://acme-staging-v02.api.letsencrypt.org/directory run

2024/03/04 16:46:48 [INFO] [example.com, *.example.com] acme: Obtaining bundled SAN certificate
2024/03/04 16:46:49 [INFO] [*.example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/11497371973
2024/03/04 16:46:49 [INFO] [example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/11497371983
2024/03/04 16:46:49 [INFO] [*.example.com] acme: use dns-01 solver
2024/03/04 16:46:49 [INFO] [example.com] acme: Could not find solver for: tls-alpn-01
2024/03/04 16:46:49 [INFO] [example.com] acme: Could not find solver for: http-01
2024/03/04 16:46:49 [INFO] [example.com] acme: use dns-01 solver
2024/03/04 16:46:49 [INFO] [*.example.com] acme: Preparing to solve DNS-01
2024/03/04 16:46:49 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com."
2024/03/04 16:46:51 [INFO] Wait for nifcloud [timeout: 2m0s, interval: 4s]
2024/03/04 16:46:51 [INFO] [example.com] acme: Preparing to solve DNS-01
2024/03/04 16:46:51 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com."
2024/03/04 16:46:53 [INFO] Wait for nifcloud [timeout: 2m0s, interval: 4s]
2024/03/04 16:46:53 [INFO] [*.example.com] acme: Trying to solve DNS-01
2024/03/04 16:46:53 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com."
2024/03/04 16:46:53 [INFO] [*.example.com] acme: Checking DNS record propagation. [nameservers=8.8.8.8:53,8.8.4.4:53]
2024/03/04 16:46:55 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/03/04 16:47:14 [INFO] [*.example.com] The server validated our request
2024/03/04 16:47:14 [INFO] [example.com] acme: Trying to solve DNS-01
2024/03/04 16:47:14 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com."
2024/03/04 16:47:14 [INFO] [example.com] acme: Checking DNS record propagation. [nameservers=8.8.8.8:53,8.8.4.4:53]
2024/03/04 16:47:16 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/03/04 16:47:32 [INFO] [example.com] The server validated our request
2024/03/04 16:47:32 [INFO] [*.example.com] acme: Cleaning DNS-01 challenge
2024/03/04 16:47:32 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com."
2024/03/04 16:47:35 [INFO] Wait for nifcloud [timeout: 2m0s, interval: 4s]
2024/03/04 16:47:35 [INFO] [example.com] acme: Cleaning DNS-01 challenge
2024/03/04 16:47:35 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com."
2024/03/04 16:47:38 [INFO] Wait for nifcloud [timeout: 2m0s, interval: 4s]
2024/03/04 16:47:39 [INFO] [example.com, *.example.com] acme: Validations succeeded; requesting certificates
2024/03/04 16:47:39 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/03/04 16:47:40 [INFO] [example.com] Server responded with a certificate.

@ldez
Copy link
Member

ldez commented Mar 4, 2024

hello,

is your CNAME configured to handle the ACME challenge or is it just a global CANME not related to ACME challenges?

https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme.html#the-advantages-of-a-cname

If it's not related to ACME challenges, you can disable the CNAME support: LEGO_DISABLE_CNAME_SUPPORT=true

@ldez ldez added this to the v4.16 milestone Mar 4, 2024
Copy link
Member

@ldez ldez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ldez ldez merged commit 82e9a5e into go-acme:master Mar 4, 2024
7 checks passed
@fuku2014 fuku2014 deleted the patch-1 branch March 5, 2024 04:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

2 participants