[GH-ISSUE #562] [Bug] 腾讯EdgeOne 作为DNS提供商申请证书报错 #368

New issue

Closed

opened 2026-03-03 01:02:46 +03:00 by kerem · 6 comments

kerem commented 2026-03-03 01:02:46 +03:00

Owner

Copy link

Originally created by @gaoyuoppa on GitHub (Mar 27, 2025).
Original GitHub issue: https://github.com/certimate-go/certimate/issues/562

问题描述 / Description

腾讯EdgeOne 申请时报错，错误代码如下

error: one or more domains had a problem: [.####] [.####] acme: error presenting token: tencentcloud-eo: [TencentCloudSDKError] Code=InvalidParameterValue.InvalidDNSName, Message=DNS 记录名称错误。, RequestId=34ad06fb-10d4-4d62-920f-65b2922d516f

=====腾讯操作记录如下
{
"userIdentity": {
"principalId": "####",
"accountId": "####",
"secretId": "####",
"sessionContext": {},
"type": "CAMUser",
"userName": "####"
},
"eventRegion": "ap-shanghai",
"eventVersion": 2,
"errorCode": "0",
"errorMessage": "permission verify",
"requestID": "34ad06fb-10d4-4d62-920f-65b2922d516f",
"apiVersion": "3.0",
"eventType": "ApiCall",
"actionType": "Write",
"httpMethod": "POST",
"apiErrorCode": 0,
"apiErrorMessage": "InvalidParameterValue.InvalidDNSName",
"userAgent": "SDK_GO_1.0.1127",
"eventTime": 1743039905,
"sensitiveAction": "0",
"sourceIPAddress": "######",
"resourceType": "teo",
"eventName": "CreateDnsRecord",
"eventSource": "teo.tencentcloudapi.com",
"resourceSet": [
{
"resourceType": "TEO",
"resourceRegion": "Global",
"resourceId": "####",
"resourceTypeClass": "QCS::TEO::Zone"
}
],
"requestParameters": {
"ZoneId": "####",
"Name": "####",
"Type": "TXT",
"Content": "q1Og4S1kh-7JOSyoDcw0NI-q1EKJ2DHVTECaIQ6bWXw",
"TTL": 300,
"AccountArea": "0",
"Version": "2022-09-01",
"Region": ""
},
"responseElements": "{"Error":{"Code":"***","Message":"DNS 记录名称错误。"},"RequestId":"3####"}",
"resources": "["qcs::teo::uin\/:zone\/####"]",
"resourceName": "####",
"tags": [
""
]
}

其他 / Miscellaneous

错误代码对应：请求签名或鉴权发生错误时的错误码
主账号和子账户最小化授权都试过，不知道是不是哪里设置错了。

Originally created by @gaoyuoppa on GitHub (Mar 27, 2025). Original GitHub issue: https://github.com/certimate-go/certimate/issues/562 ### 问题描述 / Description 腾讯EdgeOne 申请时报错，错误代码如下 error: one or more domains had a problem: [*.####] [*.####] acme: error presenting token: tencentcloud-eo: [TencentCloudSDKError] Code=InvalidParameterValue.InvalidDNSName, Message=DNS 记录名称错误。, RequestId=34ad06fb-10d4-4d62-920f-65b2922d516f =====腾讯操作记录如下 { "userIdentity": { "principalId": "####", "accountId": "####", "secretId": "####", "sessionContext": {}, "type": "CAMUser", "userName": "####" }, "eventRegion": "ap-shanghai", "eventVersion": 2, "errorCode": "0", "errorMessage": "permission verify", "requestID": "34ad06fb-10d4-4d62-920f-65b2922d516f", "apiVersion": "3.0", "eventType": "ApiCall", "actionType": "Write", "httpMethod": "POST", "apiErrorCode": 0, "apiErrorMessage": "InvalidParameterValue.InvalidDNSName", "userAgent": "SDK_GO_1.0.1127", "eventTime": 1743039905, "sensitiveAction": "0", "sourceIPAddress": "######", "resourceType": "teo", "eventName": "CreateDnsRecord", "eventSource": "teo.tencentcloudapi.com", "resourceSet": [ { "resourceType": "TEO", "resourceRegion": "Global", "resourceId": "####", "resourceTypeClass": "QCS::TEO::Zone" } ], "requestParameters": { "ZoneId": "####", "Name": "####", "Type": "TXT", "Content": "q1Og4S1kh-7JOSyoDcw0NI-q1EKJ2DHVTECaIQ6bWXw", "TTL": 300, "AccountArea": "0", "Version": "2022-09-01", "Region": "" }, "responseElements": "{\"Error\":{\"Code\":\"***\",\"Message\":\"DNS 记录名称错误。\"},\"RequestId\":\"3####\"}", "resources": "[\"qcs::teo::uin\\/:zone\\/####\"]", "resourceName": "####", "tags": [ "" ] } ### 其他 / Miscellaneous 错误代码对应：请求签名或鉴权发生错误时的错误码 主账号和子账户最小化授权都试过，不知道是不是哪里设置错了。

kerem 2026-03-03 01:02:46 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-03-03 01:02:48 +03:00

Author

Owner

Copy link

@fudiwei commented on GitHub (Mar 27, 2025):

certimate 里看一下执行日志，找到 CreateDnsRecord 那条接口调用日志。

然后打开 https://cloud.tencent.com/document/product/1552/80720 点一下 API 调试，把日志里的参数贴进去，点执行看看结果。

P.S. 我一直觉得 Name 那个参数不应该是个 FQDN，但腾讯云文档的示例上就这么写的 😕 如果报错了你可以试着改成只有 SubDomain 的形式看看。

<!-- gh-comment-id:2756277438 --> @fudiwei commented on GitHub (Mar 27, 2025): certimate 里看一下执行日志，找到 `CreateDnsRecord` 那条接口调用日志。 然后打开 https://cloud.tencent.com/document/product/1552/80720 点一下 API 调试，把日志里的参数贴进去，点执行看看结果。 P.S. 我一直觉得 Name 那个参数不应该是个 FQDN，但腾讯云文档的示例上就这么写的 😕 如果报错了你可以试着改成只有 SubDomain 的形式看看。

kerem commented 2026-03-03 01:02:48 +03:00

Author

Owner

Copy link

@fudiwei commented on GitHub (Mar 27, 2025):

噢，腾讯云日志里给参数了，就是这坨：

<!-- gh-comment-id:2756296272 --> @fudiwei commented on GitHub (Mar 27, 2025): 噢，腾讯云日志里给参数了，就是这坨： 

kerem commented 2026-03-03 01:02:48 +03:00

Author

Owner

Copy link

@gaoyuoppa commented on GitHub (Mar 27, 2025):

哥，抽空修复下。
执行日志中的是错误的，

"requestParameters": {
"ZoneId": "xxxxxxx",
"Name": "xxxxxxx-xyz.mgqhcu17ooaq.cname.certd.com.cn",
"Type": "TXT",
"Content": "nRdgxRGXh3xrA52Bx11TgQdpxTf5QixaksfEI_popiDSUxeWE",
"TTL": 300,
"AccountArea": "0",
"Version": "2022-09-01",
"Region": ""
},

============
正确的
"requestParameters": {
"ZoneId": "zone-2nz54dq9xffg",
"Name": "2w.xxxxxxx.xyz",
"Type": "TXT",
"Content": "xxxxxxx-xyz.mgqhcu17ooaq.cname.certd.com.cn",
"AccountArea": "0",
"Version": "2022-09-01",
"Region": ""
},

=========

===========
键值 Name
DNS 记录名，如果是中文、韩文、日文域名，需要转换为 punycode 后输入。

示例值
www.example.com

键值Content
DNS 记录内容，根据 Type 值填入与之相对应的内容，如果是中文、韩文、日文域名，需要转换为 punycode 后输入。
示例值
1.2.3.4

<!-- gh-comment-id:2757664658 --> @gaoyuoppa commented on GitHub (Mar 27, 2025): 哥，抽空修复下。 执行日志中的是错误的， "requestParameters": { "ZoneId": "xxxxxxx", "Name": "xxxxxxx-xyz.mgqhcu17ooaq.cname.certd.com.cn", "Type": "TXT", "Content": "nRdgxRGXh3xrA52Bx11TgQdpxTf5QixaksfEI_popiDSUxeWE", "TTL": 300, "AccountArea": "0", "Version": "2022-09-01", "Region": "" }, ============ 正确的 "requestParameters": { "ZoneId": "zone-2nz54dq9xffg", "Name": "2w.xxxxxxx.xyz", "Type": "TXT", "Content": "xxxxxxx-xyz.mgqhcu17ooaq.cname.certd.com.cn", "AccountArea": "0", "Version": "2022-09-01", "Region": "" }, ========= =========== 键值 Name DNS 记录名，如果是中文、韩文、日文域名，需要转换为 punycode 后输入。 示例值 www.example.com 键值Content DNS 记录内容，根据 Type 值填入与之相对应的内容，如果是中文、韩文、日文域名，需要转换为 punycode 后输入。 示例值 1.2.3.4 

kerem commented 2026-03-03 01:02:48 +03:00

Author

Owner

Copy link

@fudiwei commented on GitHub (Mar 27, 2025):

你有 CNAME？需要在 Certimate 里配置关闭 CNAME 跟随。

<!-- gh-comment-id:2757749961 --> @fudiwei commented on GitHub (Mar 27, 2025): 你有 CNAME？需要在 Certimate 里配置关闭 CNAME 跟随。

kerem commented 2026-03-03 01:02:48 +03:00

Author

Owner

Copy link

@gaoyuoppa commented on GitHub (Mar 27, 2025):

泛域名
Certimate默认开启CNAME跟随，解析有CNAME报错error: one or more domains had a problem: [.xxxx.xyz] [.xxxx.xyz] acme: error presenting token: tencentcloud-eo: [TencentCloudSDKError] Code=InvalidParameterValue.InvalidDNSName, Message=DNS 记录名称错误。, RequestId=c05dc247-8e9e-41fc-bafa-f9b625666a2b

---

	Certimate关闭CNAME跟随，解析有CNAME报错errorerror: one or more domains had a problem: [*.xxxx.xyz] [*.xxxx.xyz] acme: error presenting token: tencentcloud-eo: [TencentCloudSDKError] Code=InvalidParameterValue.ConflictWithRecord, Message=当前添加或启用的 TXT 记录和 CNAME 记录之间存在冲突，请先删除或暂停现有的 CNAME 记录后重试。, RequestId=33c48b8f-5543-491e-aff2-d983f1c9ff98

======

非泛域名
Certimate默认开启CNAME跟随，解析有CNAME /解析没有CNAME，报错， error: one or more domains had a problem: [dh.xxxx.xyz] invalid authorization: acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Incorrect TXT record "8y67BWKRgVGHReZ6uYR_G7nbbxMh5szKr4pbfEEWGdQ" found at _acme-challenge.dh.xxxx.xyz

---

Certimate关闭CNAME跟随 ， 解析有CNAME/解析没有CNAME ，报错，error: one or more domains had a problem: [dh.xxxx.xyz] invalid authorization: acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: During secondary validation: No TXT record found at _acme-challenge.dh.xxxx.xyz

<!-- gh-comment-id:2757887661 --> @gaoyuoppa commented on GitHub (Mar 27, 2025): 泛域名 Certimate默认开启CNAME跟随，解析有CNAME报错error: one or more domains had a problem: [*.xxxx.xyz] [*.xxxx.xyz] acme: error presenting token: tencentcloud-eo: [TencentCloudSDKError] Code=InvalidParameterValue.InvalidDNSName, Message=DNS 记录名称错误。, RequestId=c05dc247-8e9e-41fc-bafa-f9b625666a2b ------ Certimate关闭CNAME跟随，解析有CNAME报错errorerror: one or more domains had a problem: [*.xxxx.xyz] [*.xxxx.xyz] acme: error presenting token: tencentcloud-eo: [TencentCloudSDKError] Code=InvalidParameterValue.ConflictWithRecord, Message=当前添加或启用的 TXT 记录和 CNAME 记录之间存在冲突，请先删除或暂停现有的 CNAME 记录后重试。, RequestId=33c48b8f-5543-491e-aff2-d983f1c9ff98 ====== 非泛域名 Certimate默认开启CNAME跟随，解析有CNAME /解析没有CNAME，报错， error: one or more domains had a problem: [dh.xxxx.xyz] invalid authorization: acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Incorrect TXT record "8y67BWKRgVGHReZ6uYR_G7nbbxMh5szKr4pbfEEWGdQ" found at _acme-challenge.dh.xxxx.xyz ------ Certimate关闭CNAME跟随 ， 解析有CNAME/解析没有CNAME ，报错，error: one or more domains had a problem: [dh.xxxx.xyz] invalid authorization: acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: During secondary validation: No TXT record found at _acme-challenge.dh.xxxx.xyz

kerem commented 2026-03-03 01:02:48 +03:00

Author

Owner

Copy link

@fudiwei commented on GitHub (Mar 27, 2025):

接口如果调用成功的话后续 ACME 错误就已经与 Certimate 无关了 😕

你可以结合 acme.sh 的手动模式来排查 DNS 问题。通常来说都是权威 DNS 解析未生效。

<!-- gh-comment-id:2758061409 --> @fudiwei commented on GitHub (Mar 27, 2025): 接口如果调用成功的话后续 ACME 错误就已经与 Certimate 无关了 😕 你可以结合 [acme.sh](https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode) 的手动模式来排查 DNS 问题。通常来说都是权威 DNS 解析未生效。

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

next

archive/v0.3

archive/v0.2

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.24-beta

v0.2.23-beta

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.19

v0.1.18

v0.1.17

v0.1.16

v0.1.15

v0.1.14

v0.1.13

v0.1.12

v0.1.11

v0.1.10

v0.1.9

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

v0.0.1

Labels

Clear labels   

announcement

  

backlog

  

bug

  

declined

  

documentation

  

duplicate

  

enhancement

  

good first issue

  

good first issue

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

No labels

announcement

backlog

bug

declined

documentation

duplicate

enhancement

good first issue

good first issue

help wanted

invalid

pull-request

question

stale

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/certimate#368

No description provided.