New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Gandi DNS challenge provider #133
Conversation
Thank you for providing this :) Is it really take 30 minutes for a DNS record to appear? That seems very excessive. |
Hi xenolf Gandi themselves say it takes up to 20 minutes (see question one of this faq: https://wiki.gandi.net/en/dns/faq). However, I found it could take slightly longer (50%-ish) for lego to notice. There was a couple of occasions during testing when I typed:
(and the same for Thanks for considering this patch. |
The >20min thing was bugging me so I stuck in a few Printfs to see what was going on, and I think I have indeed found a bug within EDIT: See #136 |
Something isn't right with this PR. There are changes in here which are supposed to only be in #148 |
This type allows for implementing DNS ChallengeProviders that require an unsually long timeout when checking for record propagation.
Add Gandi DNS challenge provider
This commit adds support for a Gandi DNS ChallengeProvider, making use
of Gandi's XML-RPC API described at http://doc.rpc.gandi.net/index.html. It
has no dependencies other than the Go standard library.
I realise that due to #100 and #111 there may not be opportunity to
look at this for a while but I thought I'd upload it anyway. Once they
are resolved, if it is deemed suitable for lego/acme, I can easily
rework it into its own package or whatever else is required.
Some issues that I came across were:
seemed to take 20-30 minutes on average, but the TXT record does
appear eventually! Therefore I had to change the
waitFor
timeoutcall following the "Checking DNS record propagation..." from 30
seconds to 60 minutes. However, users of other ChallengeProviders
are not likely to be happy about this new timeout. Do we need a
per-provider timeout? What's the best way? A new interface method to
be implemented for
ChallengeProvider
such asTimeout() time.Duration
?use
CTRL-C
to abort the running program than with other DNSproviders, in which case CleanUp does not run and you are left with
a useless but harmless TXT record and zone. In the CLI program, do
you think we should trap that signal (on unix) and attempt to run
CleanUps for unfinished challenges, or is this a non-issue?
recorded the XML going back and forth from a successful session,
anonymized it, and used it as the basis for a fake RPC server. I
hope that is enough, but any better suggestions are welcome.
Cheers,