Skip to content

nifcloud: bug between v4.16.1 and v4.17.3 #2245

New issue
New issue
Open
Open
nifcloud: bug between v4.16.1 and v4.17.3#2245
Labels
area/dnsproviderquestion
@penM000

Description

@penM000
penM000
opened on Aug 21, 2024

Welcome

  • Yes, I'm using a binary release within 2 latest releases.
  • Yes, I've searched similar issues on GitHub and didn't find any.
  • Yes, I've included all information below (version, config, etc).

What did you expect to see?

As with v4.16.1, v4.17.3 and later versions can issue certificates.

What did you see instead?

The certificate was successfully issued in v4.16.1, but the handshake with “https://dns.api.nifcloud.com” fails in v4.17.3 and later versions.

How do you use lego?

Docker image

Reproduction steps

Verify that the certificate can be issued with v4.16.1.

export MAIL_ADDR=example@example.com
export NIFCLOUD_ACCESS_KEY_ID=<>
export NIFCLOUD_SECRET_ACCESS_KEY=<>
export DOMAIN=sub.example.nifcloud.net
export SAVE_DIR=/opt/lego
export LEGO_VERSION=v4.16.1
sudo docker run --rm --env  NIFCLOUD_ACCESS_KEY_ID=$NIFCLOUD_ACCESS_KEY_ID --env NIFCLOUD_SECRET_ACCESS_KEY=$NIFCLOUD_SECRET_ACCESS_KEY -v $SAVE_DIR:/.lego goacme/lego:$LEGO_VERSION  --dns nifcloud -a --email $MAIL_ADDR --domains $DOMAIN run

Verify that the certificate cannot be issued with v4.17.3.

export MAIL_ADDR=example@example.com
export NIFCLOUD_ACCESS_KEY_ID=<>
export NIFCLOUD_SECRET_ACCESS_KEY=<>
export DOMAIN=sub.example.nifcloud.net
export SAVE_DIR=/opt/lego
export LEGO_VERSION=v4.17.4
sudo docker run --rm --env  NIFCLOUD_ACCESS_KEY_ID=$NIFCLOUD_ACCESS_KEY_ID --env NIFCLOUD_SECRET_ACCESS_KEY=$NIFCLOUD_SECRET_ACCESS_KEY -v $SAVE_DIR:/.lego goacme/lego:$LEGO_VERSION  --dns nifcloud -a --email $MAIL_ADDR --domains $DOMAIN run

Version of lego

lego version 4.16.1 linux/amd64
lego version 4.17.3 linux/amd64

Logs

$ export LEGO_VERSION=v4.16.1
$ sudo docker run --rm --env  NIFCLOUD_ACCESS_KEY_ID=$NIFCLOUD_ACCESS_KEY_ID --env NIFCLOUD_SECRET_ACCESS_KEY=$NIFCLOUD_SECRET_ACCESS_KEY -v $SAVE_DIR:/.lego goacme/lego:$LEGO_VERSION  --dns nifcloud -a --email $MAIL_ADDR --domains $DOMAIN run
2024/08/21 06:39:06 [INFO] [sub.example.nifcloud.net] acme: Obtaining bundled SAN certificate
2024/08/21 06:39:07 [INFO] [sub.example.nifcloud.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/393043367796
2024/08/21 06:39:07 [INFO] [sub.example.nifcloud.net] acme: Could not find solver for: tls-alpn-01
2024/08/21 06:39:07 [INFO] [sub.example.nifcloud.net] acme: Could not find solver for: http-01
2024/08/21 06:39:07 [INFO] [sub.example.nifcloud.net] acme: use dns-01 solver
2024/08/21 06:39:07 [INFO] [sub.example.nifcloud.net] acme: Preparing to solve DNS-01
2024/08/21 06:39:09 [INFO] Wait for nifcloud [timeout: 2m0s, interval: 4s]
2024/08/21 06:39:09 [INFO] [sub.example.nifcloud.net] acme: Trying to solve DNS-01
2024/08/21 06:39:09 [INFO] [sub.example.nifcloud.net] acme: Checking DNS record propagation. [nameservers=8.8.8.8:53,8.8.4.4:53]
2024/08/21 06:39:11 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/21 06:39:11 [INFO] [sub.example.nifcloud.net] acme: Waiting for DNS record propagation.
2024/08/21 06:39:13 [INFO] [sub.example.nifcloud.net] acme: Waiting for DNS record propagation.
2024/08/21 06:39:16 [INFO] [sub.example.nifcloud.net] acme: Waiting for DNS record propagation.
2024/08/21 06:39:23 [INFO] [sub.example.nifcloud.net] The server validated our request
2024/08/21 06:39:23 [INFO] [sub.example.nifcloud.net] acme: Cleaning DNS-01 challenge
2024/08/21 06:39:25 [INFO] Wait for nifcloud [timeout: 2m0s, interval: 4s]
2024/08/21 06:39:26 [INFO] [sub.example.nifcloud.net] acme: Validations succeeded; requesting certificates
2024/08/21 06:39:27 [INFO] [sub.example.nifcloud.net] Server responded with a certificate.

$ export LEGO_VERSION=v4.17.3
$ sudo docker run --rm --env  NIFCLOUD_ACCESS_KEY_ID=$NIFCLOUD_ACCESS_KEY_ID --env NIFCLOUD_SECRET_ACCESS_KEY=$NIFCLOUD_SECRET_ACCESS_KEY -v $SAVE_DIR:/.lego goacme/lego:$LEGO_VERSION  --dns nifcloud -a --email $MAIL_ADDR --domains $DOMAIN run
2024/08/21 06:41:45 [INFO] [sub.example.nifcloud.net] acme: Obtaining bundled SAN certificate
2024/08/21 06:41:45 [INFO] [sub.example.nifcloud.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/393044192476
2024/08/21 06:41:45 [INFO] [sub.example.nifcloud.net] acme: Could not find solver for: tls-alpn-01
2024/08/21 06:41:45 [INFO] [sub.example.nifcloud.net] acme: Could not find solver for: http-01
2024/08/21 06:41:45 [INFO] [sub.example.nifcloud.net] acme: use dns-01 solver
2024/08/21 06:41:45 [INFO] [sub.example.nifcloud.net] acme: Preparing to solve DNS-01
2024/08/21 06:41:45 [INFO] [sub.example.nifcloud.net] acme: Cleaning DNS-01 challenge
2024/08/21 06:41:46 [WARN] [sub.example.nifcloud.net] acme: cleaning up failed: nifcloud: failed to change record set: unable to communicate with the API server: error: Post "https://dns.api.nifcloud.com/2012-12-12N2013-12-16/hostedzone/example.nifcloud.net/rrset": remote error: tls: handshake failure 
2024/08/21 06:41:46 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/393044192476
2024/08/21 06:41:46 Could not obtain certificates:
        error: one or more domains had a problem:
[sub.example.nifcloud.net] [sub.example.nifcloud.net] acme: error presenting token: nifcloud: failed to change record set: unable to communicate with the API server: error: Post "https://dns.api.nifcloud.com/2012-12-12N2013-12-16/hostedzone/example.nifcloud.net/rrset": remote error: tls: handshake failure

Go environment (if applicable)

$ go version && go env
# paste output here

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/dnsproviderquestion

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions