Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error with a subdomain #18

Open
sevaa opened this issue Oct 9, 2022 · 1 comment
Open

Error with a subdomain #18

sevaa opened this issue Oct 9, 2022 · 1 comment

Comments

@sevaa
Copy link

sevaa commented Oct 9, 2022
edited
Loading

Trying to use certbot-dns-cpanel against a subdomain hosted with Cpanel 102.0.23.

There an add-on domain, yarxi.ru. There is a subdomain underneath that, test.yarxi.ru. I'm issuing the following command:

certbot run --authenticator certbot-dns-cpanel:cpanel --installer certbot-dns-cpanel:cpanel --certbot-dns-cpanel:cpanel-credentials cred.ini --logs-dir . --config-dir . --work-dir . -d test.yarxi.ru,www.test.yarxi.ru

and getting the following output:

Saving debug log to /home/seva/ssl/yx.ru/letsencrypt.log
Plugins selected: Authenticator certbot-dns-cpanel:cpanel, Installer certbot-dns-cpanel:cpanel
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for test.yarxi.ru
dns-01 challenge for www.test.yarxi.ru
Cleaning up challenges
Error adding TXT record: Unable to find SOA record.

The debug log is attached.

letsencrypt.zip

EDIT: it boils down to an error in response to the ZoneEdit/add_zone_record API method:

2023-01-04 12:19:59,120:DEBUG:certbot_dns_cpanel.dns_cpanel:add_zone_record: url='http://www.example.com:2082/json-api/cpanel', data='{
    "cpanel_jsonapi_user": "johndoe",
    "cpanel_jsonapi_apiversion": "2",
    "cpanel_jsonapi_module": "ZoneEdit",
    "cpanel_jsonapi_func": "add_zone_record",
    "domain": "test.boo.org",
    "name": "_acme-challenge",
    "type": "TXT",
    "txtdata": "s5tJpM0ACh1aGkJs1kFSpIM_rk1Qnholop71hgR_d3I",
    "ttl": 60
}', response data='{
    "postevent": {
        "result": 1
    },
    "apiversion": 2,
    "event": {
        "result": 1
    },
    "data": [
        {
            "result": {
                "status": 0,
                "newserial": null,
                "statusmsg": "Unable to find SOA record."
            }
        }
    ],
    "func": "add_zone_record",
    "module": "ZoneEdit",
    "preevent": {
        "result": 1
    }
}'

That's misconfiguration of the site, not a bug in certbot-dns-cpanel.
@sevaa sevaa closed this as completed Jan 4, 2023
@sevaa
Copy link
Author

sevaa commented Jan 5, 2023
edited
Loading

You can work around the issue by supplying the 2nd level domain as the domain arg and moving the subdomain part into the name portion. In other words, the operation succeeds if instead of "domain": "test.boo.org","name": "_acme-challenge" we provide "domain": "boo.org","name": "_acme-challenge.test".

Tbe fix boils down to the cpanel_zone = max(matching_zones, key = len) line in _get_zone_and_name; were it to use the min instead, the workaround would kick in and the whole thing would work. PR #19 does exactly that.

@sevaa sevaa reopened this Jan 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sevaa