Comments (2)
infinityofspace
commented on August 20, 2024
Thank you for the bug report.
Unfortunately, I cannot reproduce the error described. All types of cert domains *.domain.tld, domain.tld, sub.domain.tld, sub2.sub1.domain.tld works fine for me.
The error message indicates that the API call to Porkbun was not successful. The http status code 400 describes an issue with the request (Bad Request) and the error message Encountered exception during recovery: KeyError: 'LONG_RANDOM_ISH_KEY_HERE' means the cleanup of the failed challenge failed because there was no TXT record created with the id of the long random key value (the long random value is the public secret of the DNS challenge). So the KeyError error can be ignored, since this is a consecutive error due to the failed Porkbun API call.
There should also be a more detailed error message (or no message found for an unknown error message) below the Status code: 400. Can you please share this message as well (you should replace private information with placeholder like you did with the domain)?
There are two possible causes of failure that I can mention without further information:
- there is a typo in the domain name (is rather unlikely, but please check the correct spelling)
- you have a DNS record which delegates the original domain to a non Porkbun managed domain, eg.
_acme-challenge.domain.tld. 600 IN CNAME _acme-challenge.domain2.tld.
The DNS delegation feature was introduced in version v0.3, to eliminate a general problem with it you could try the version v0.2.1.
client.py potentially removed the "*." replacement:
It is true that client.py removes the wildcard, but this is an intentional behavior. Specifying the domain with a wildcard *.domain.tld or without domain.tld is only relevant for cerbot and not for the Porkbun API call, since when we create the challenge for both of the specified domain, they both have to result in a TXT record for the subdomain _acme-challenge.domain.tld. So we have to remove the wildcard symbol. However, this behavior is logically different for certificates for subdomains and here the subdomains are taken into account accordingly. So a cert for the domain sub2.sub1.domain.tld result in a TXT record for the domain _acme-challenge.sub2.sub1.domain.tld. Because of the described resulting TXT entries your described error for wildcard domains and no error without the wildcard is very strange and if one of the two fails, then both should fail.
from certbot_dns_porkbun.
commented on August 20, 2024
Thanks for the in depth reply! Through some discussions I wiped prior _acme-challenge.domain.tld entries and recreated my command only to notice I included an incorrect credential format within /config/porkbun.ini:
dns_porkbun_key=porkbunapikey
dns_porkbun_secret=porkbunapikeysecret
versus
dns_porkbun_key porkbunapikey
dns_porkbun_secret porkbunapikeysecret
Through several different testing configurations today each returned an as expected result.
from certbot_dns_porkbun.
Related Issues (13)
- Support credentials file HOT 1
- Unable to issue / renew cert anymore HOT 3
- Add a snap build of the plugin HOT 1
- DNS CNAME Delegation Bug HOT 2
- TXT records have TTL of 600 although the min value is 300 HOT 1
- PluginEntryPoint#dns-porkbun does not provide IPluginFactory, skipping HOT 2
- Unable to renew certificate HOT 1
- Release that supports certbot 2.x? HOT 2
- Credentials argument is unrecognized HOT 1
- Cannot use for domain that uses ALIAS record HOT 3
- Delete DNS Api Failed HOT 2
- Only supports TLDs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certbot_dns_porkbun.