Error adding TXT record HTTP 422
kathrindc opened this issue · comments
Hi there,
it seems that something about the GoDaddy API is incompatible with this plugin.
I was trying to generate a wildcard certificate for one of my domains, but I keep getting this error.
I redacted some of the information, but here's the output:
Requesting a certificate for DOMAIN and *.DOMAIN
Encountered exception during recovery: lexicon.exceptions.LexiconError: Could not find record matching type: TXT, name: _acme-challenge.DOMAIN, content: <redacted>
Error adding TXT record: 422 Client Error: Unprocessable Entity for url: https://api.godaddy.com/v1/domains/DOMAIN/records/TXT/_acme-challenge
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details
This is the shell script I use:
(again, I redacted some stuff)
#!/usr/bin/env sh
docker run --rm \
-v /var/lib/letsencrypt:/var/lib/letsencrypt \
-v /etc/letsencrypt:/etc/letsencrypt \
--cap-drop=all \
miigotu/certbot-dns-godaddy certbot certonly \
--authenticator dns-godaddy \
--dns-godaddy-propagation-seconds 900 \
--dns-godaddy-credentials /var/lib/letsencrypt/godaddy_credentials.ini \
--keep-until-expiring --non-interactive --expand \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos --email "MYEMAIL" \
-d DOMAIN -d '*.DOMAIN'EDIT: This might be an upstream issue with lexicon, will check a bit later.
This is actually an issue with subdomain and wildcard.
Broken in #52
You can pin to the previous version until this is resolved: #52 (comment)
It seems the problem is that the lexicon uses a default ttl value of 60
certbot/plugins/dns_common_lexicon.py
but Godaddy allow minimum ttl=600
Possible fix this error by editing this file and change return 60 to 600, but it is not good.
Is it possible to pass ttl as a certbot command line argument?
It seems the problem is that the lexicon uses a default ttl value of 60 certbot/plugins/dns_common_lexicon.py but Godaddy allow minimum ttl=600
Possible fix this error by editing this file and change return 60 to 600, but it is not good.
Is it possible to pass ttl as a certbot command line argument?
This works for me. I adjusted the file en now Nginx can get a wildcard certificate.
Thanks
This works for me. I adjusted the file en now Nginx can get a wildcard certificate.
Thanks
I looked into this issue in more detail.
Although the initial premise in terms of TTL operation was correct, the technical approach to implementing the correction was not entirely correct.
This file:
certbot/plugins/dns_common_lexicon.py
is not part of the lexicon, but a universal part of the сertbot for working with the lexicon, and editing this file is a bad idea.
Lexicon not have a default value of TTL, and get it from certbot, if THIS plugin (certbot_dns_godaddy.py) not set it.
In other words, in the current architecture, it is the THIS plugin:
certbot_dns_godaddy.py
that is entrusted with the responsibility of setting the correct TTL!
Correct FIX:
open
certbot_dns_godaddy.py
Between lines 22 and 23 insert a new text line:
ttl = 600
which starts with four spaces, and save it
I looked into this issue in more detail. Although the initial premise in terms of TTL operation was correct, the technical approach to implementing the correction was not entirely correct.
This file: certbot/plugins/dns_common_lexicon.py is not part of the lexicon, but a universal part of the сertbot for working with the lexicon, and editing this file is a bad idea. Lexicon not have a default value of TTL, and get it from certbot, if THIS plugin (certbot_dns_godaddy.py) not set it.
In other words, in the current architecture, it is the THIS plugin: certbot_dns_godaddy.py that is entrusted with the responsibility of setting the correct TTL!
Correct FIX:
open certbot_dns_godaddy.py
Between lines 22 and 23 insert a new text line: ttl = 600 which starts with four spaces, and save it
This worked like a charm. for now I've forked this repo and install it via pip install -e 'git+https://github.com/ziazon/certbot-dns-godaddy.git@main#egg=certbot-dns-godaddy' until #60 is merged that is ;)
Wasn't able to get it to work by editing certbot_dns_godaddy.py but it did work after editing dns_common_lexicon.py but only for one domain, the other domain is still failing.
Wasn't able to get it to work by editing certbot_dns_godaddy.py but it did work after editing dns_common_lexicon.py but only for one domain, the other domain is still failing.
consider my solution above
Wasn't able to get it to work by editing certbot_dns_godaddy.py but it did work after editing dns_common_lexicon.py but only for one domain, the other domain is still failing.
consider my solution above
I tried that but got:
DEPRECATION: 'git+https://github.com/ziazon/certbot-dns-godaddy.git@main#egg=certbot-dns-godaddy' contains an egg fragment with a non-PEP 508 name pip 25.0 will enforce this behaviour change. A possible replacement is to use the req @ url syntax, and remove the egg fragment. Discussion can be found at pypa/pip#11617
ERROR: 'git+https://github.com/ziazon/certbot-dns-godaddy.git@main#egg=certbot-dns-godaddy' is not a valid editable requirement. It should either be a path to a local project or a VCS URL (beginning with bzr+http, bzr+https, bzr+ssh, bzr+sftp, bzr+ftp, bzr+lp, bzr+file, git+http, git+https, git+ssh, git+git, git+file, hg+file, hg+http, hg+https, hg+ssh, hg+static-http, svn+ssh, svn+http, svn+https, svn+svn, svn+file).
Regardless, my new error seems to be unrelated to the ttl issue, its getting a 404 for the zone file because its trying to use subdomain.mywebsite.com for the zone file instead of just mywebsite.com
Error determining zone identifier for subdomain.mysubdomain.com: 404 Client Error: Not Found for url: https://api.godaddy.com/v1/domains/subdomain.mysubdomain.com.
This seems to be an issue with certbot though since the last time I used it
EDIT: My issue is the same as #56, I should have looked a little deeper before posting sorry I will use the older version for now as that seems to work:
pip install -U certbot-dns-godaddy==2.6.0
I still get the error adding TXT record HTTP 422 even if I set the TTL
This module defines a certbot plugin to automate the process of completing a
``dns-01`` challenge (`~acme.challenges.DNS01`) by creating, and subsequently
removing, TXT records using the godaddy CCP API.
"""
import logging
from typing import Any, Callable
from certbot.plugins import dns_common_lexicon
logger = logging.getLogger(__name__)
class Authenticator(dns_common_lexicon.LexiconDNSAuthenticator):
"""DNS Authenticator for GoDaddy
This Authenticator uses the GoDaddy API to fulfill a dns-01 challenge.
"""
ttl = 600
...
When will you have a release for certbot 2.8.0?
When will you have a release for certbot 2.8.0?
just did, should be building and uploading now.