Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[certbot-dns-google] Lookup zone based on validation name instead of domain #9930

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[certbot-dns-google] Lookup zone based on validation name instead of domain #9930

wants to merge 1 commit into from

Conversation

jonas-p
Copy link

@jonas-p jonas-p commented Apr 10, 2024

If you've set up delegation of the _acme-challenge subdomain to a validation-specific zone in Google Cloud DNS the plugin fails to find the correct zone since the current lookup is based on the domain.

E.g.
Lets say I have two zones in two separate GCP projects (Cloud DNS):

  • Zone 1 (project-a): example.com with a NS record that delegates _acme-challenge.example.com to Zone 2.
  • Zone 2 (project-b): _acme-challenge.example.com.

Running certbot with --dns-google-project project-b --domain example.com will fail to find the zone in project b.

This changes the zone lookup for the Google Cloud DNS validator to the validation_name instead of the domain argument. The validation_name is usually just the domain name with the "_acme-challenge." prefix.

Pull Request Checklist

  • The Certbot team has recently expressed interest in reviewing a PR for this. If not, this PR may be closed due our limited resources and need to prioritize how we spend them.
  • If the change being made is to a distributed component, edit the master section of certbot/CHANGELOG.md to include a description of the change being made.
  • Add or update any documentation as needed to support the changes in this PR.
  • Include your name in AUTHORS.md if you like.

@jonas-p jonas-p force-pushed the dns-google-patch branch 2 times, most recently from 2826a7b to 6b3ff12 Compare April 10, 2024 15:03
@jonas-p jonas-p marked this pull request as draft April 10, 2024 15:05
@jonas-p
Find zone based on validation name
21704bf 
If you've set up delegation of the _acme-challenge subdomain to a
validation-specific zone in Google Cloud DNS the plugin fails to
find the correct zone since the current lookup is based on the domain.

This changes the zone lookup for the Google Cloud DNS validator to
the validation_name instead of the domain argument. The validation_name
is usually just the domain name with the "_acme-challenge." prefix.
@jonas-p jonas-p marked this pull request as ready for review April 10, 2024 15:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@jonas-p