Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: acme dns challenge fail with two certificates for the same domain zone #530

Merged
merged 6 commits into from
Apr 16, 2023
Merged

fix: acme dns challenge fail with two certificates for the same domain zone #530

merged 6 commits into from
Apr 16, 2023

Conversation

Bisstocuz
Copy link
Contributor

@Bisstocuz Bisstocuz commented Apr 13, 2023
edited
Loading

Related issue #528

Error message:

1.68135842274485e+09    info    obtain  acquiring lock  {"identifier": "*.example.com"}
1.6813584227451315e+09  info    maintenance     started background certificate maintenance      {"cache": "0xc0003018f0"}
1.6813584227469733e+09  info    obtain  lock acquired   {"identifier": "*.example.com"}
1.6813584227471385e+09  info    obtain  obtaining certificate   {"identifier": "*.example.com"}
1.68135842274761e+09    info    waiting on internal rate limiter        {"identifiers": ["*.example.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "admin@example.com"}
1.6813584227476232e+09  info    done waiting on internal rate limiter   {"identifiers": ["*.example.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "admin@example.com"}
1.6813584256117125e+09  info    acme_client     trying to solve challenge       {"identifier": "*.example.com", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
1.6813584295660403e+09  error   acme_client     cleaning up solver      {"identifier": "*.example.com", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for "_acme-challenge.example.com" (usually OK if presenting also failed)"}
1.681358429566284e+09   info    acme_client     authorization finalized {"identifier": "*.example.com", "authz_status": "valid"}
1.6813584295663383e+09  info    acme_client     validations succeeded; finalizing order {"order": "https://acme-v02.api.letsencrypt.org/acme/order/1052573887/175858912547"}
1.6813584313439014e+09  info    acme_client     successfully downloaded available certificate chains    {"count": 2, "first_url": "https://acme-v02.api.letsencrypt.org/acme/cert/04270614245b3144156d4dbc7added15cec7"}
1.6813584313445919e+09  info    obtain  certificate obtained successfully       {"identifier": "*.example.com"}
1.6813584313446202e+09  info    obtain  releasing lock  {"identifier": "*.example.com"}
1.681358432637552e+09   info    obtain  acquiring lock  {"identifier": "example.com"}
1.6813584326390805e+09  info    obtain  lock acquired   {"identifier": "example.com"}
1.6813584326391814e+09  info    obtain  obtaining certificate   {"identifier": "example.com"}
1.6813584326396532e+09  info    waiting on internal rate limiter        {"identifiers": ["example.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "admin@example.com"}
1.6813584326396782e+09  info    done waiting on internal rate limiter   {"identifiers": ["example.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "admin@example.com"}
1.6813584339377418e+09  info    acme_client     trying to solve challenge       {"identifier": "example.com", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
1.6813584339743567e+09  error   acme_client     cleaning up solver      {"identifier": "example.com", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for "_acme-challenge.example.com" (usually OK if presenting also failed)"}
1.6813584343696542e+09  error   obtain  could not get certificate from issuer   {"identifier": "example.com", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[example.com] solving challenges: presenting for challenge: expected one record, got 2: [{ TXT  gzMAhE4kXxD-I1AtOgZXPFzPYETwu2AK4QZ73_EcSuQ 0s 0} { TXT  n5szy1XB50jmsvzll0FrqQM8NkxptcKcTpRA4kF6UqM 0s 0}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1052573887/175858936827) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
1.6813584343696938e+09  info    obtain  releasing lock  {"identifier": "example.com"}
[ERR] Could not manage certmagic certs: example.com: obtaining certificate: [example.com] Obtain: [example.com] solving challenges: presenting for challenge: expected one record, got 2: [{ TXT  gzMAhE4kXxD-I1AtOgZXPFzPYETwu2AK4QZ73_EcSuQ 0s 0} { TXT  n5szy1XB50jmsvzll0FrqQM8NkxptcKcTpRA4kF6UqM 0s 0}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1052573887/175858936827) (ca=https://acme-v02.api.letsencrypt.org/directory)
[INF] Successfully Created SSL Certificate at: /root/.local/share/certmagic

After fixed:

[INF] Requesting SSL Certificate for:  [*.example.com, example.com]
1.6813639810621955e+09  info    maintenance     started background certificate maintenance      {"cache": "0xc000321d50"}
1.6813639810622997e+09  info    obtain  acquiring lock  {"identifier": "*.example.com"}
1.6813639810661092e+09  info    obtain  lock acquired   {"identifier": "*.example.com"}
1.681363981066241e+09   info    obtain  obtaining certificate   {"identifier": "*.example.com"}
1.68136398404343e+09    info    waiting on internal rate limiter        {"identifiers": ["*.example.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "admin@example.com"}
1.681363984043484e+09   info    done waiting on internal rate limiter   {"identifiers": ["*.example.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "admin@example.com"}
1.6813639848616865e+09  info    acme_client     trying to solve challenge       {"identifier": "*.example.com", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
1.6813639943998172e+09  error   acme_client     cleaning up solver      {"identifier": "*.example.com", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for "_acme-challenge.example.com" (usually OK if presenting also failed)"}
1.6813639943998632e+09  info    acme_client     authorization finalized {"identifier": "*.example.com", "authz_status": "valid"}
1.6813639943998742e+09  info    acme_client     validations succeeded; finalizing order {"order": "https://acme-v02.api.letsencrypt.org/acme/order/1057453247/175872552917"}
1.6813639959146342e+09  info    acme_client     successfully downloaded available certificate chains    {"count": 2, "first_url": "https://acme-v02.api.letsencrypt.org/acme/cert/03841b99f6639aabe0e06832a52a4da308b4"}
1.6813639959150116e+09  info    obtain  certificate obtained successfully       {"identifier": "*.example.com"}
1.6813639959150426e+09  info    obtain  releasing lock  {"identifier": "*.example.com"}
1.6813639982304623e+09  info    obtain  acquiring lock  {"identifier": "example.com"}
1.6813639982319372e+09  info    obtain  lock acquired   {"identifier": "example.com"}
1.6813639982320085e+09  info    obtain  obtaining certificate   {"identifier": "example.com"}
1.6813639982323582e+09  info    waiting on internal rate limiter        {"identifiers": ["example.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "admin@example.com"}
1.681363998232381e+09   info    done waiting on internal rate limiter   {"identifiers": ["example.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "admin@example.com"}
1.6813639994403853e+09  info    acme_client     trying to solve challenge       {"identifier": "example.com", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
1.6813640172283795e+09  error   acme_client     cleaning up solver      {"identifier": "example.com", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for "_acme-challenge.example.com" (usually OK if presenting also failed)"}
1.6813640172284114e+09  info    acme_client     authorization finalized {"identifier": "example.com", "authz_status": "valid"}
1.681364017228428e+09   info    acme_client     validations succeeded; finalizing order {"order": "https://acme-v02.api.letsencrypt.org/acme/order/1057453247/175872590317"}
1.6813640186577752e+09  info    acme_client     successfully downloaded available certificate chains    {"count": 2, "first_url": "https://acme-v02.api.letsencrypt.org/acme/cert/03d30963c61b3a10a5b388c3568f8c6d1ef0"}
1.6813640186581326e+09  info    obtain  certificate obtained successfully       {"identifier": "example.com"}
1.6813640186581633e+09  info    obtain  releasing lock  {"identifier": "example.com"}
[INF] Successfully Created SSL Certificate at: /root/.local/share/certmagic

@ehsandeep ehsandeep linked an issue Apr 13, 2023 that may be closed by this pull request
ACME: previous dns record will not be deleted while issue the second certificate, it makes the second fail #528
Closed
@Bisstocuz Bisstocuz changed the title fix: acme dns challenge fail with the certificates for the same domain name fix: acme dns challenge fail with two certificates for the same domain zone Apr 13, 2023
@Mzack9999 Mzack9999 merged commit 7e28e91 into projectdiscovery:dev Apr 16, 2023
@Bisstocuz Bisstocuz deleted the dev branch April 17, 2023 01:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mzack9999 Mzack9999 Mzack9999 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ACME: previous dns record will not be deleted while issue the second certificate, it makes the second fail
3 participants
@Bisstocuz @Mzack9999 @ehsandeep