Comments (3)
timkimber
commented on June 3, 2024
Hi @loganmzz
get_auth_dns() tries each of the DNS clients that are installed until it finds the authoritative DNS server for the domain.
It tries in this order:
- dig/drill
- host
- nslookup
This check is one of the most complicated parts of the code, but it's useful as it ensures that everything is working before we ask LetsEncrypt to do a similar check and produce the certificate.
If you attach the debug output here I can help, or if you can point out which log statements are confusing I can re-write them to be better.
from getssl.
loganmzz
commented on June 3, 2024
Ok, I haven't seen return statements.
Not sure, it's the best place to debug my case.
Still, here the relevant debug output (sorry for anonymized data :( ):
getssl version: 2.48
Using dig +noedns CNAME _acme-challenge.app.company.com
Checking if CNAME result contains NS records
Domain is a CNAME, actual domain is xxxxx.acme.company.com
Using dig +noedns NS xxxxx.acme.company.com to find primary nameserver
Using host -t NS to find primary name server for _acme-challenge.app.company.com
host: couldn't get address for '-t': not found
Using nslookup +noedns -debug -type=soa -type=ns _acme-challenge.app.company.com to find primary name server
nslookup: couldn't get address for '_acme-challenge.app.company.com': not found
nslookup: couldn't get address for '_acme-challenge.app.company.com': not found
Warning: Couldn't find primary DNS server - please set PUBLIC_DNS_SERVER or AUTH_DNS_SERVER in config
This means getssl cannot check the DNS entry has been updated
Using dig +noedns CNAME *.app.company.com
Checking if CNAME result contains NS records
Using dig +noedns NS *.app.company.com to find primary nameserver
Using host -t NS to find primary name server for *.app.company.com
host: couldn't get address for '-t': not found
Using nslookup +noedns -debug -type=soa -type=ns *.app.company.com to find primary name server
nslookup: couldn't get address for '*.app.company.com': not found
nslookup: couldn't get address for '*.app.company.com': not found
Warning: Couldn't find primary DNS server - please set PUBLIC_DNS_SERVER or AUTH_DNS_SERVER in config
This means getssl cannot check the DNS entry has been updated
I'm little bit surprise to not see: Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} SOA +trace +nocomments ${gad_d}" to find primary nameserver
(EDIT: Just check my config and it was disabled with _TEST_SKIP_SOA_CALL="1")
from getssl.
github-actions
commented on June 3, 2024
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
from getssl.
Related Issues (20)
- combined .pem for pure-ftpd ??? HOT 1
- Wildcard certificates with bind9 ?
- Move from Staging to Production? HOT 1
- DNS verification not working HOT 6
- revoke : Invalid key file ? + --account-id bug ? HOT 3
- cp failing due to identical files is still counted as a failure
- Is there a way to change the administrator email address registered with Letβs Encrypt using getSSL? HOT 3
- DNS CNAME check failed HOT 1
- Certificate on remote domain does not match, ignoring remote certificate (example.com != mydomain.net) HOT 12
- DNS script for Linode needs updating for V4 API
- I need help with CA's and Firefox HOT 3
- comma appended to server name? HOT 2
- Error with Azure DNS + LetsEncrypt domain validation token that starts with a dash char
- More stray http01 tokens
- CNAME issues with dns-01
- Too many server reloads; stale certificate exposed
- DNS-01 validation for non-wildcard names HOT 3
- Upgrading 2.49 HOT 3
- Error during secondary validation HOT 8
- Godaddy api disabled
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from getssl.