Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom DNS server for domain resolution only without DNS authentication #9873

Closed
kolserdav opened this issue Jan 10, 2024 · 2 comments
Closed

Custom DNS server for domain resolution only without DNS authentication #9873

kolserdav opened this issue Jan 10, 2024 · 2 comments

Comments

@kolserdav
Copy link

Hello, thanks for your great work!

How can I set a custom DNS server for only resolve domain names by certbot? Withot any DNS authencication, it isn't needed because the authentication I make with webroot.

My operating system is (include version):

In the first machine I have certbot running in a Docker container, and in the same machine I have nginx running also in a Docker container, nginx and certbot containers have the same volume /var/static. I'm creating certificates with function webroot it works fine. But on another machine I have a bind9 Docker container with authoritative zone of domain [example.com], and when a subdomain created recently certbot can't resolve it and return a error llike this:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: www.gilo-killing-chattermag.example.com
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for www.gilo-killing-chattermag.example.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.gilo-killing-chattermag.example.com - check that a DNS record exists for this domain

  Domain: gilo-killing-chattermag.example.com
  Type:   dns
  Detail: During secondary validation: DNS problem: NXDOMAIN looking up A for gilo-killing-chattermag.example.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for gilo-killing-chattermag.example.com - check that a DNS record exists for this domain

It's expected behavior, but I tried to add custom DNS nameserver for the certbot container, and when I was doing it that domains were resolving inside the container via curl, but certbot didn't resolve them.

I installed Certbot with (snap, OS package manager, pip, certbot-auto, etc):

Docker, docker-compose

I ran this command and it produced this output:

certbot certonly --webroot -w /var/static -d gilo-killing-chattermag.example.com -d www.gilo-killing-chattermag.example.com

 DNS problem: NXDOMAIN

Certbot's behavior differed from what I expected because:

Certbot use the special DNS servers and not resolve with ones that passed to the container via --dns=[ip-addr]

Here is a Certbot log showing the issue (if available):

not necessary

Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:

location /.well-known/acme-challenge {
            root /var/static;
    }
@kolserdav kolserdav changed the title Is there a way to change the DNS server which certbot used to my own? Custom DNS server for domain resolution only without DNS authentication Jan 10, 2024
@osirisinferi
Copy link
Collaborator

Those DNS errors are actually not from Certbot, but from the validation server of the CA in use.

Certbot cannot influence what DNS servers are being used by the CA.

@kolserdav
Copy link
Author

The problem was with my DNS server. Actually the slave server can't perform transfer of zone, and in this way other DNS servers while watching out of sync data between my master and slave didn't query data from server and used it from the cache.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kolserdav @osirisinferi