Can't get certificates for certain domains

TheGammelgalopper · March 22, 2018, 6:08pm

So guys, after getting my purely internal proxy working with your help, I now ran into a new problem…

I had to wait a week to get all the certificates for all of my subdomains. (Believe it or not, Lets Encrypt has a limit of maximum certificates per week…) So today I tried to run caddy with my complete caddyfile via this command: sudo GODADDY_API_KEY=xxxxxxx GODADDY_API_SECRET=xxxxxxxxx caddy

But I ran into this error:
2018/03/22 18:56:36 [media.halnet.cloud] failed to get certificate: Error presenting token: Could not create record [{"type":"TXT","name": "_acme-challenge.media.halnet", "data":"uYcrqEGjcrf6iRdWdRTvT2coO6R7wB5l3n7Mvb9uSlE", "ttl":600}]; Status: 404; Body: {"code":"UNKNOWN_DOMAIN", "message": "The given domain is not registered, or does not have a zonefile", "name":"_Class"}

It is a new week now, so I should be able to get new certs… Additionally this only occurs with some domains that didn’t have any certs previously…

Also affected was “icarus.halnet.cloud”, when I deleted the entry in the Caddyfile for that redirection the above error showed up.

All in all the following subdomains are affected:
icarus.halnet.cloud
media.halnet.cloud
backup.halnet.cloud

I have no clue what is going… Any help is enormously appreciated!

Whitestrake · March 22, 2018, 11:22pm

That’s an error you’re getting from Godaddy; they’re saying that they don’t have a zone file for the domain you’re trying to validate, so they can’t add a record to it.

It strikes me as slightly odd to see the TXT name from the error as _acme-challenge.media.halnet, I’m used to seeing either just _acme-challenge.media or the full _acme-challenge.media.halnet.cloud.

TheGammelgalopper · March 23, 2018, 1:47pm

So I will rather just contact Godaddy?

This seems really odd…

TheGammelgalopper · March 26, 2018, 6:19pm

So I looked into this error. In the Godaddy admin panel all other zonefiles were created successfully in the following format: “_acme-challenge.host”.
But even if I manually enter a new zonefile for “_acme-challenge.media” I can’t start caddy, as it still gives the same error…

It looks like no other subdomain is possible anymore. From what I could find out there is no real restriction of the number of zonefiles for godaddy.

My idea now is that caddy does not parse to godaddy correctly… Is there a way to see what is going on?

EDIT

running caddy with -log zone.log gives the following log file:

2018/03/26 20:45:51 [INFO][media.halnet.cloud] acme: Obtaining bundled SAN certificate
2018/03/26 20:45:51 [INFO][media.halnet.cloud] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/j9_EDSFAzwccGXrY6fIR_pckpPzlfQ9zspt8utrYBZc
2018/03/26 20:45:51 [INFO][media.halnet.cloud] acme: Trying to solve DNS-01

Whitestrake · March 26, 2018, 11:39pm

Yep, strange. Time to take it upstream.

Here’s the DNS provider for xenolf/lego we import for our tls.dns.godaddy plugin:

github.com

go-acme/lego/blob/master/providers/dns/godaddy/godaddy.go

// Package godaddy implements a DNS provider for solving the DNS-01 challenge using godaddy DNS.
package godaddy

import (
	"errors"
	"fmt"
	"net/http"
	"strings"
	"time"

	"github.com/go-acme/lego/v4/challenge/dns01"
	"github.com/go-acme/lego/v4/platform/config/env"
	"github.com/go-acme/lego/v4/providers/dns/godaddy/internal"
)

const minTTL = 600

// Environment variables names.
const (
	envNamespace = "GODADDY_"

This file has been truncated. show original

You should raise an issue on that repo and try to ping smerschjohann, the author.

TheGammelgalopper · March 28, 2018, 2:14am

Issue opened: DNS Provider: Godaddy - failed to get certificate · Issue #519 · go-acme/lego · GitHub

system · June 26, 2018, 2:14am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.