Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS substitution incorrect logs #1476

Closed
JensSpanier opened this issue Mar 29, 2020 · 1 comment
Closed

DNS substitution incorrect logs #1476

JensSpanier opened this issue Mar 29, 2020 · 1 comment
Labels
confirmed bug
Milestone
2.1.6

Comments

@JensSpanier
Copy link
Contributor

Related to #1466

Version: 2.1.6.768

Log:

Authorize identifier smtp.domain1.tld
Authorizing smtp.domain1.tld using dns-01 validation (Cloudflare)
Detected that _acme-challenge.smtp.domain1.tld is a CNAME that leads to 6b8165725623de93fb896f4a223c743f.acme.domain2.tld
Answer should now be available at 6b8165725623de93fb896f4a223c743f.acme.domain2.tld
Preliminary validation at 91.216.248.143 failed: no TXT records found
Will retry in 60 seconds (retry 1/2)...
Preliminary validation succeeded
Authorization result: valid
Authorize identifier smtp.domain3.tld
Authorizing smtp.domain3.tld using dns-01 validation (Cloudflare)
Answer should now be available at null
Preliminary validation at 173.245.59.84 failed: no TXT records found
Will retry in 60 seconds (retry 1/2)...
Preliminary validation succeeded
Authorization result: valid
Authorize identifier smtp.domain2.tld
Authorizing smtp.domain2.tld using dns-01 validation (Cloudflare)
Answer should now be available at null
Preliminary validation at 173.245.59.84 failed: no TXT records found
Will retry in 60 seconds (retry 1/2)...
Preliminary validation succeeded
Authorization result: valid
Authorize identifier smtp.domain4.tld
Authorizing smtp.domain4.tld using dns-01 validation (Cloudflare)
Answer should now be available at null
Preliminary validation at 173.245.59.84 failed: no TXT records found
Will retry in 60 seconds (retry 1/2)...
Preliminary validation succeeded
Authorization result: valid
Requesting certificate SMTP

I noticed two things:

  1. Preliminary validation at 91.216.248.143 failed: no TXT records found: 91.216.248.143 is the IP of the DNS server of domain1.tld. But doesn't get the DNS server of domain2.tld asked for the TXT record?
  2. Answer should now be available at null doesn't seem right.

But all in all it works very well.
@WouterTinus
Copy link
Member

Hi Jens, sharp observations, thanks!

  1. Yes, domain2.tld is the one that is ultimately questioned for the TXT records, as you would probably be able to make out when running with --verbose. But the program looks for authorative name servers for domain1.tld as a starting point for the search. First it will expect to find the CNAME record there, and next it queries domain2.tld for the TXT records. I will update the logging to log the queried domein instead of the starting name server IP (which will move to the DEBUG level of logging).

  2. Yes, that's a little bug.

@WouterTinus WouterTinus added this to the 2.1.6 milestone Mar 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
confirmed bug
Projects
None yet
Milestone
2.1.6
Development

No branches or pull requests
2 participants
@WouterTinus @JensSpanier