-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EasyDNS dns provider doesn't properly handle domains with multi-part TLDs #1466
Comments
Hello, could you provide the log from the start of lego? |
@ldez Sure, I updated the log section in the description to include the full output. This looks suspect to me, seems like it assumes that the domain part of a host is only ever two parts: lego/providers/dns/easydns/easydns.go Lines 168 to 175 in bc8ff4a
|
Hello @Confuzed, |
Yes, be happy to 👍🏻 |
The main problem with the EasyDNS API is to find a way to get the domain/zone from an FQDN. The API documentation is a bit weak on examples, then I will need you to get more information about the API behavior. @Confuzed, can you try to give me the responses of the following API endpoint, with several FQDN (example.co.uk, example.com, foo.example.co.uk, foo.example.com)? |
@ldez definitely want to help with this, just been struggling for time and am currently away from home. Will test those endpoints as soon as I can. |
Hello we are experiencing the same issue, with same error message as original post. Direct cURL requests to EasyDNS seem to work just fine using multi-part TLD domains. We build from latest --version shows
|
using cURL with similar requests: https://sandbox.rest.easydns.net:3001/#/read/listUserDomains
https://sandbox.rest.easydns.net:3001/#/read/listParsedZone
{
"tm": 1665148834,
"data": [
{
"id": "69173373",
"domain": "juliamiles.co.uk",
"host": "*",
"ttl": 3600,
"type": "A",
"rdata": "209.208.211.200",
"last_mod": "2019-09-13 20:24:29"
},
{
"id": "69173376",
"domain": "juliamiles.co.uk",
"host": "@",
"ttl": 3600,
"type": "A",
"rdata": "209.208.211.200",
"last_mod": "2019-09-13 20:24:29"
},
{
"id": "69173380",
"domain": "juliamiles.co.uk",
"host": "join",
"ttl": 3600,
"type": "CNAME",
"rdata": "secure.score-cash.com.",
"last_mod": "2019-09-13 20:24:30"
},
{
"id": "69173387",
"domain": "juliamiles.co.uk",
"host": "@",
"ttl": 3600,
"type": "NS",
"rdata": "dns1.easydns.com.",
"last_mod": "2019-09-13 20:24:32",
"orig_rdata": "LOCAL."
},
{
"id": "69173387",
"domain": "juliamiles.co.uk",
"host": "@",
"ttl": 3600,
"type": "NS",
"rdata": "dns2.easydns.net.",
"last_mod": "2019-09-13 20:24:32",
"orig_rdata": "LOCAL."
},
{
"id": "69173387",
"domain": "juliamiles.co.uk",
"host": "@",
"ttl": 3600,
"type": "NS",
"rdata": "dns3.easydns.org.",
"last_mod": "2019-09-13 20:24:32",
"orig_rdata": "LOCAL."
},
{
"id": "69173388",
"domain": "juliamiles.co.uk",
"host": "@",
"ttl": 3600,
"type": "SOA",
"rdata": "dns1.easydns.com. zone.easydns.com. 1665139042 3600 600 604800 0",
"last_mod": "2019-09-13 20:24:33",
"orig_rdata": "dns1.easydns.com. zone.easydns.com. %%NOW%% 3600 600 604800 0"
},
{
"id": "93320134",
"domain": "juliamiles.co.uk",
"host": "@",
"ttl": 60,
"type": "CAA",
"rdata": "0 issuewild letsencrypt.org",
"last_mod": "2021-10-14 20:28:16"
},
{
"id": "104616394",
"domain": "juliamiles.co.uk",
"host": "@",
"ttl": 60,
"type": "TXT",
"rdata": "v=spf1 mx a ip4:38.109.20.80\/28 ip4:209.208.211.192\/28 ~all",
"last_mod": "2022-10-07 10:37:21"
}
],
"count": 20,
"total": 20,
"start": 0,
"max": 1000,
"status": 200
} |
|
I have this same issue with example.id.au works fine with example.com.au I found that it doesn't even create the TXT records |
The problem is the way to get to the zone. I will try to find something but I will need people to test it. |
You can try the following PR #2121 |
Could it possibly be because my actual domain is ab.id.au One of those rare two character domain names ? |
No, the algo is simple and just splits the domain based on dots. |
Welcome
What did you expect to see?
When attempting to obtain a cert for a domain with a ccTLD that is made up of two parts, e.g. example.co.uk, I expect lego to correctly submit the zone update to the EasyDNS REST API to complete the DNS challenge before generating certificates.
What did you see instead?
When attempting to obtain certificates for a domain in the form of example.co.uk using the DNS challenge provider for EasyDNS, I consistently get an error response:
When I tested the zone update against the REST API directly, using Postman and the same credentials, the request succeeded.
On inspection of the logging available through EasyDNS's management portal I noticed that the domain was split such that the domain was co.uk and it treated example as part of the host name.
How do you use lego?
Docker image
Reproduction steps
Pre-requisite: A domain registered and managed with EasyDNS that has a multi-part TLD, such as .co.uk. It is also necessary to sign up explicitly for API access.
lego -a --dns easydns --domains example.co.uk --email [email protected]
In order to test this more easily I wrote a script which sets up the environment variables and executes lego via docker. I'll share that here:
Version of lego
lego version v4.4.0 linux/amd64
Logs
Go environment (if applicable)
The docker container
The text was updated successfully, but these errors were encountered: