Comments (6)
xZise
commented on May 27, 2024
3
Just in case this is helpful, I've queried the URL /domain/zone/{zoneName}/status via OVH's API console and got the following JSON:
{
"errors": [],
"isDeployed": false,
"warnings": [
"zone [...] is a CNAME (illegal)",
"zone [...] is a CNAME (illegal)"
]
}I handled the warnings (which were visible in the UI but also present before I had the issue) and now it reports deployed as true. With that the plugin works again.
I don't know whether handling the warnings or doing anything in the zone changed the flag...
from certbot.
xZise
commented on May 27, 2024
I assume this might be an issue with OVH. I also get the same exception:
[...]
2023-11-08 18:24:09,988:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): eu.api.ovh.com:443
2023-11-08 18:24:10,128:DEBUG:urllib3.connectionpool:https://eu.api.ovh.com:443 "GET /1.0/auth/time HTTP/1.1" 200 10
2023-11-08 18:24:10,186:DEBUG:urllib3.connectionpool:https://eu.api.ovh.com:443 "GET /1.0/domain/zone/ HTTP/1.1" 200 12
2023-11-08 18:24:10,282:DEBUG:urllib3.connectionpool:https://eu.api.ovh.com:443 "GET /1.0/domain/zone/example.com/status HTTP/1.1" 200 None
2023-11-08 18:24:10,293:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/home/pi/.local/lib/python3.9/site-packages/certbot/plugins/dns_common_lexicon.py", line 250, in _resolve_domain
with Client(self._build_lexicon_config(domain_name)):
File "/home/pi/.local/lib/python3.9/site-packages/lexicon/client.py", line 168, in __enter__
raise e
File "/home/pi/.local/lib/python3.9/site-packages/lexicon/client.py", line 161, in __enter__
provider.authenticate()
File "/home/pi/.local/lib/python3.9/site-packages/lexicon/_private/providers/ovh.py", line 101, in authenticate
raise AuthenticationError(f"Zone {domain} is not deployed")
lexicon.exceptions.AuthenticationError: Zone example.com is not deployed
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/pi/.local/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
resps = self.auth.perform(achalls)
File "/home/pi/.local/lib/python3.9/site-packages/certbot/plugins/dns_common.py", line 76, in perform
self._perform(domain, validation_domain_name, validation)
File "/home/pi/.local/lib/python3.9/site-packages/certbot/plugins/dns_common_lexicon.py", line 220, in _perform
resolved_domain = self._resolve_domain(domain)
File "/home/pi/.local/lib/python3.9/site-packages/certbot/plugins/dns_common_lexicon.py", line 261, in _resolve_domain
raise result2 # pylint: disable=raising-bad-type
certbot.errors.PluginError: Unexpected error determining zone identifier for example.com: Zone example.com is not deployed
[...]
from certbot.
dleborgne
commented on May 27, 2024
Nice catch @xZise ! Fixing the zone warnings returned by /domain/zone/{zoneName}/status allowed the renewal of certificate using certbot-dns-ovh
from certbot.
e-gaulue
commented on May 27, 2024
This issue title is good and true. And according to me it's a problem.
I always had warnings on my zone since I added SRV record that point to serveur DNS name on my LAN. Example: xmpp service for my company.fr point to xmpp.mycompany.lan. As OVH has no clue of the .lan zone, it considers this record as wrong, but it works really well. All my internal xmpp client (Thunderbird) redirect my user whose email addresses ends with @mycompany.fr to the right internal server.
I should set an internal DNS proxy server to handle it right, but the one embedded in my router is just a kind of dnsmasq and it doesn't allow SRV records. Reason why I ended with this solution, that works well.
But doing this I lose the renewal by certbot-dns-ovh. I looked at the code and didn't see any option to bypass this "is deployed" test. Would be great for me and maybe more.
Regards,
from certbot.
kornflex
commented on May 27, 2024
Hello,
Same error for me. Same log files too...
Nothing to fix this ?
Thank you
from certbot.
charliebritton
commented on May 27, 2024
Also had the same issue. Deleting the record giving me a warning fixed the problem but now I don't have gmail verification on that domain which is annoying.
I think this would be better fixed upstream in the dns-lexicon package, as handling it here would seem a bit workaroundy as there's not enough detail returned in the error message to see if it's just the warning causing the issue?
Somebody has already made an issue in the lexicon repository here so hopefully it gets fixed upstream and we won't have an issue.
Seems OVH made some changes to their API
from certbot.
Related Issues (20)
- Route53 plugin failed to find private zone HOT 1
- Certificate won't renew by HTTP on a site with RewriteEngine Off
- Feature request: Provide a hook after renew HOT 1
- When setting up the redirect from HTTP to HTTPS in NGNIX HOT 2
- Expiration date to install Certificate in Ubuntu 16.04 HOT 1
- monero miner after installing certbot HOT 3
- `certbot reconfigure` used production API instead of staging API HOT 5
- expand tilde character in command line and config file settings
- Certbot Delete assumes enter is desired entry if used in conjunction with a pipe and grep.
- docs error duplicate word on https://certbot.eff.org/instructions?ws=other&os=pip HOT 2
- On debian 8, pip install certbot fails HOT 1
- Misleading challenges and prompting HOT 3
- Intermediate certificate is not checked for expiry if server certificate is not due for expiry HOT 1
- Wrong certbot output when --csr specifies non-existing file
- Ensure poetry-plugin-export gets patched or stop using poetry HOT 2
- Stop pinning back tox
- Combine pem files HOT 2
- Use 308 Redirect to keep Request Method #7407 HOT 1
- Nessus Found Vulnerability: SSL Certificate Cannot Be Trusted HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certbot.