Hallo,
seit ein paar Jahren verlängere ich meine 2 Wildcard Domains mittels certbot und dem netcup plugin (und damit der domain API). Ich mache das ganze über podman (docker würde es auch tun) in dieser Art:
Bash
#!/bin/bash -x
VERSION="v2.4.0"
podman run --pull always --rm \
--volume ../netcup/credentials.ini:/credentials.ini:z --volume ./cbconfig:/cbconfig:z --volume ./cblogs:/cblogs:z \
docker.io/aanno/certbot-netcup:${VERSION} renew \
--config-dir /cbconfig --logs-dir /cblogs $*
Wie gesagt, dass ganze funktionert seit Jahren. Aber im Moment will es nicht mehr. Im certbot log finde ich:
Code
2023-04-04 17:21:36,178:DEBUG:acme.client:Storing nonce: 1AAD85u7SyXY0TLHW5gXiqpNA9KI0T1z4KcroIteGBlKpD8
2023-04-04 17:21:36,178:DEBUG:acme.client:JWS payload:
b''<img src="https://forum.netcup.de/system/images/smilies/emojione/1f914.png" alt=":/" class="smiley" srcset="https://forum.netcup.de/system/images/smilies/emojione/1f914@2x.png 2x" loading="eager" data-tooltip="unsure" aria-label="unsure" id="wscSmiley_0_0" width="23" height="23">
2023-04-04 17:21:36,180:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz
-v3/216675227487:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvM
TIyMDU3MDkwIiwgIm5vbmNlIjogIjFBQUQ4NXU3U3lYWTBUTEhXNWdYaXFwTkE5S0kwVDF6NEtjcm9JdGVHQmxLcEQ4IiwgInVybCI6ICJodHRwcz
ovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMTY2NzUyMjc0ODcifQ",
"signature": "SQL1QxcSHIde9cykF4Kh66bv5NfSf2L8H7bHBkFScHkXWBfcxq3qoEy2Sc8eRdY-5AfYfUjijz415qKIm4jJHR2vQ07rEkOhx
XHbfgt4pByUigMp6e_3M65yIx7VhpyeAeLP_LRHn-skTKPBNq1R2zXDM9OFl2wvGcMVEwvClB05H9wrysM-uGB_IM_8d_OdIDEGOXiA_HEQJv3uas
f_XvgwwLHSR0sHD6L27u0WRH7MmgZTneyGrztvtw6Br8-cJmd34q43vwQUkmyfZPIs611G8GgpDsDeZoAyyF2CLSGLBZH3HX-o4vl8U70dVLFopby
ukkiStI5Os7YN1TlJ7A",
"payload": ""
}
2023-04-04 17:21:36,316:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v
3/216675227487 HTTP/1.1" 200 659
2023-04-04 17:21:36,317:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 04 Apr 2023 17:21:36 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Boulder-Requester: 122057090
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 371CbSWfPTtQPwqMnSgH_Dnt6VhCErSr5KdzDy9k73bSm8E
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "<domain>.com"
},
"status": "invalid",
"expires": "2023-04-11T17:06:29Z",
"challenges": [
{
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: SERVFAIL looking up TXT for _acme-challenge.<domain>.com - the domain's nameservers may be malfunctioning",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/216675227487/5QsEYA",
"token": "bFcekpDtgLpVbYDUMsSCO1a7J1Kz3maVytOMq0TTLQI",
"validated": "2023-04-04T17:21:31Z"
}
]
}
2023-04-04 17:21:36,317:DEBUG:acme.client:Storing nonce: 371CbSWfPTtQPwqMnSgH_Dnt6VhCErSr5KdzDy9k73bSm8E
2023-04-04 17:21:36,317:INFO:certbot._internal.auth_handler:Challenge failed for domain <domain>.com
2023-04-04 17:21:36,317:INFO:certbot._internal.auth_handler:Challenge failed for domain <domain>.com
2023-04-04 17:21:36,318:INFO:certbot._internal.auth_handler:dns-01 challenge for <domain>.com
2023-04-04 17:21:36,318:INFO:certbot._internal.auth_handler:dns-01 challenge for <domain>.com
2023-04-04 17:21:36,318:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: dns-netcup). The Certificate Authority reported these problems:
Domain: <domain>.com
Type: dns
Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.<domain>.com - the domain's nameservers may be malfunctioning
Domain: <domain>.com
Type: dns
Detail: DNS problem: SERVFAIL looking up TXT for _acme-challenge.<domain>.com - the domain's nameservers may be malfunctioning
Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-netcup. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-netcup-propagation-seconds (currently 900 seconds)
Display More
Hat jemand eine Idee, wie ich weiter verfahren könnte?
Beste Grüße, aanno