Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] 👾 由于 Acme 认证 CNAME 跟随导致认证失败问题 #228

Closed
PBK-B opened this issue Oct 20, 2024 · 2 comments
Closed

[Bug] 👾 由于 Acme 认证 CNAME 跟随导致认证失败问题 #228

PBK-B opened this issue Oct 20, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@PBK-B
Copy link
Contributor

PBK-B commented Oct 20, 2024
edited
Loading

描述问题
泛解析域名,lego 默认实现启用了签发认证 CNAME 跟随,这会导致出现签发认证失败问题。

相关上游 issue: go-acme/lego#1867

复现步骤
复现该问题的步骤:
为 CNAME 解析的泛解析域名签发并部署证书

期望的结果
签发成功

日志

[2024-10-20 23:03:39]
开始检查
[2024-10-20 23:03:39]
获取记录成功
[2024-10-20 23:03:39]
检查通过
[2024-10-20 23:03:39]
开始申请
[2024-10-20 23:03:43]
申请证书失败
error: one or more domains had a problem: [example.com] [example.com] acme: error presenting token: alicloud: zone w.kunlunpi.com. not found in AliDNS for domain all.example.com.w.kunlunpi.com.

环境
nil

其他信息
Onboarding Your Customers with Let's Encrypt and ACME: https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme/#the-advantages-of-a-cname
@PBK-B PBK-B added the bug Something isn't working label Oct 20, 2024
@PBK-B
Copy link
Contributor Author

PBK-B commented Oct 20, 2024

@usual2970 我这边尝试在添加域名时增加 DisableFollowCNAME 参数,用于配置 lego 的 LEGO_DISABLE_CNAME_SUPPORT 行为,已测试能够成功签发。

img01

PBK-B added a commit to PBK-B/go-certimate that referenced this issue Oct 20, 2024
@PBK-B
feat: domain config add disable follow CNAME usual2970#228
8d9ef78
PBK-B added a commit to PBK-B/go-certimate that referenced this issue Oct 20, 2024
@PBK-B
feat: docking disableFollowCNAME config item function usual2970#228
365687a
@usual2970
Copy link
Owner

@usual2970 我这边尝试在添加域名时增加 DisableFollowCNAME 参数,用于配置 lego 的 LEGO_DISABLE_CNAME_SUPPORT 行为,已测试能够成功签发。

👌👌

@PBK-B PBK-B mentioned this issue Oct 20, 2024
Merged
PBK-B added a commit to PBK-B/go-certimate that referenced this issue Oct 21, 2024
@PBK-B
feat: domain config add disable follow CNAME usual2970#228
2c75d2b
PBK-B added a commit to PBK-B/go-certimate that referenced this issue Oct 21, 2024
@PBK-B
feat: docking disableFollowCNAME config item function usual2970#228
64b7ed0
@PBK-B PBK-B closed this as completed Oct 21, 2024
usual2970 pushed a commit that referenced this issue Nov 5, 2024
@PBK-B
feat: domain config add disable follow CNAME #228
48d3efb
usual2970 pushed a commit that referenced this issue Nov 5, 2024
@PBK-B
feat: docking disableFollowCNAME config item function #228
be0dc68
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@usual2970 @PBK-B