Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change default solver method for wildcard domains #110

Closed
kirtangajjar opened this issue Jun 21, 2018 · 9 comments
Closed

Change default solver method for wildcard domains #110

kirtangajjar opened this issue Jun 21, 2018 · 9 comments
Labels
Bug

Comments

@kirtangajjar
Copy link
Contributor

Running bin/acme authorize '*.domain.ext' gives following error -

In AuthorizeCommand.php line 95:

  This ACME server does not expose supported challenge.

In such case, acmephp should set dns as default resolver(If the domain starts with *)

if user specifies any non-dns solver, then error should be thrown that non-dns solvers are not allowed by acme in wildcard domains.
@tgalopin tgalopin added the Bug label Oct 27, 2018
@tgalopin
Copy link
Member

Thanks for the feedback!

If you are interested by doing a PR on this, don't hesitate to ping me here or on the Symfony Slack: I'd be glad to help :) .

@tgalopin tgalopin reopened this Oct 27, 2018
@aik099
Copy link
Contributor

aik099 commented Jul 5, 2019

How do you validate wildcard domains using run command command?

In my case all the sub-domains lead to same document root so http-file would also work, but instead I also get same This ACME server does not expose supported challenge. error.

@jderusse
Copy link
Contributor

jderusse commented Jul 5, 2019

You have to use a DNS solver.
For now only AWS Route53 is implented

@aik099
Copy link
Contributor

aik099 commented Jul 5, 2019

Theoretically \AcmePhp\Core\Challenge\Dns\SimpleDnsSolver (activated via solver: dns config file line) should also work, but I'm not sure if it will actually wait during run command execution for me to change DNS?

Will it?

@aik099
Copy link
Contributor

aik099 commented Jul 5, 2019

I'm using Gandi.Net. It has API (see http://doc.livedns.gandi.net/) were you can:

  1. create new zone file version based on existing zone file
  2. add needed entries for validation to it
  3. switch to new zone file version
  4. after validation is done switch back to old zone file version
  5. drop new zone file version created for validation only

@jderusse
Copy link
Contributor

jderusse commented Jul 5, 2019

Sounds 5. Could you please submit a Pull Request?

@aik099
Copy link
Contributor

aik099 commented Jul 5, 2019

I probably could, but I wonder how do I test that. In the test suite I haven't found examples of DNS solver test classes.

Also maybe you can point me to the correct test case where I can see how challenge fixtures are used. Generating certificates right on Let's Encrypt just to test how it works sounds like a terrible idea.

@aik099
Copy link
Contributor

aik099 commented Jul 18, 2019
edited
Loading

@jderusse , PR created: #162

@xiaohuilam
Copy link
Contributor

xiaohuilam commented Jul 30, 2019
edited
Loading

I don't think resolver should be DNS by default when wildcard identifier occur.
It is a mechanism of letsencrypt, doesn't mean it's an ACME mechanism.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jderusse @aik099 @tgalopin @xiaohuilam @kirtangajjar