mirror of
https://github.com/certimate-go/certimate.git
synced 2026-04-26 13:15:55 +03:00
[GH-ISSUE #590] [Bug] 自建PowerDNS的权威服务器API无法正常使用 #390
Labels
No labels
announcement
backlog
bug
declined
documentation
duplicate
enhancement
good first issue
good first issue
help wanted
invalid
pull-request
question
stale
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/certimate#390
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @lj5645 on GitHub (Apr 5, 2025).
Original GitHub issue: https://github.com/certimate-go/certimate/issues/590
软件版本 / Release Version
usual2970/certimate:latest
缺陷描述 / Description
我使用的是自建PowerDNS的权威服务器,已经开启了程序的API功能,在同服务器上原始的acme.sh脚本是可以使用的,但是使用本程序按照相同的API地址填入后运行会有超时的情况。但是acme.sh却没有超时可以正常申请到证书。
复现步骤 / Steps to reproduce
直接使用程序自带的PowerDNS
日志 / Logs
其他 / Miscellaneous
以下是Acme.sh的PowerDNS章节的使用说明
Use PowerDNS embedded API to automatically issue cert
5. 使用 PowerDNS 嵌入式 API 自动颁发证书
First you need to login to your PowerDNS account to enable the API and set your API-Token in the configuration.
首先你需要登录到你的 PowerDNS 账户以启用 API,并在配置中设置你的 API-Token。
https://doc.powerdns.com/authoritative/http-api/index.html
export PDNS_Url="http://ns.example.com:8081"
export PDNS_ServerId="localhost"
export PDNS_Token="0123456789ABCDEF"
export PDNS_Ttl=60
Ok, let's issue a cert now:
好的,我们现在来颁发一个证书:
./acme.sh --issue --dns dns_pdns -d example.com -d *.example.com
The PDNS_Url, PDNS_ServerId, PDNS_Token and PDNS_Ttl will be saved in ~/.acme.sh/account.conf and will be reused when needed.
PDNS_Url 、 PDNS_ServerId 、 PDNS_Token 和 PDNS_Ttl 将保存在 ~/.acme.sh/account.conf 中,并在需要时重复使用。
@fudiwei commented on GitHub (Apr 6, 2025):
docker logs 输出也贴一下
@lj5645 commented on GitHub (Apr 10, 2025):
申请证书
[2025-04-11 01:12:28]
ready to apply ...
[2025-04-11 01:17:07]
failed to apply
[2025-04-11 01:17:07]
error: one or more domains had a problem: [*.16925401.xyz] propagation: time limit exceeded: last error: [zone=16925401.xyz.] could not determine authoritative nameservers [16925401.xyz] propagation: time limit exceeded: last error: [zone=16925401.xyz.] could not determine authoritative nameservers
2025/04/10 17:12:31 [INFO] [16925401.xyz, .16925401.xyz] acme: Obtaining bundled SAN certificate
2025/04/10 17:12:36 [INFO] [16925401.xyz] AuthURL: https://acme.zerossl.com/v2/DV90/authz/FIh9ILeW5St7BrMY7KjjNQ
2025/04/10 17:12:36 [INFO] [.16925401.xyz] AuthURL: https://acme.zerossl.com/v2/DV90/authz/KGaHELhuffhUYDqnxi9VuQ
2025/04/10 17:12:36 [INFO] [16925401.xyz] acme: Could not find solver for: http-01
2025/04/10 17:12:36 [INFO] [16925401.xyz] acme: use dns-01 solver
2025/04/10 17:12:36 [INFO] [.16925401.xyz] acme: use dns-01 solver
2025/04/10 17:12:36 [INFO] [16925401.xyz] acme: Preparing to solve DNS-01
2025/04/10 17:12:41 [INFO] [.16925401.xyz] acme: Preparing to solve DNS-01
2025/04/10 17:12:47 [INFO] [16925401.xyz] acme: Trying to solve DNS-01
2025/04/10 17:12:47 [INFO] [16925401.xyz] acme: Checking DNS record propagation. [nameservers=127.0.0.11:53]
2025/04/10 17:12:49 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2025/04/10 17:12:50 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:12:52 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:12:54 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:12:56 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:12:58 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:01 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:03 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:05 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:07 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:09 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:11 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:13 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:16 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:18 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:20 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:22 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:24 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:26 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:28 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:30 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:32 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:34 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:36 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:38 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:40 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:42 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:44 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:46 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:48 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:50 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:52 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:55 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:57 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:13:59 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:01 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:03 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:05 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:07 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:09 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:11 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:13 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:15 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:17 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:19 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:21 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:23 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:25 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:27 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:29 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:31 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:33 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:35 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:37 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:39 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:41 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:43 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:45 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:47 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:49 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:51 [INFO] [.16925401.xyz] acme: Trying to solve DNS-01
2025/04/10 17:14:51 [INFO] [.16925401.xyz] acme: Checking DNS record propagation. [nameservers=127.0.0.11:53]
2025/04/10 17:14:53 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2025/04/10 17:14:53 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:55 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:57 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:14:59 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:01 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:03 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:05 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:07 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:09 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:11 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:13 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:15 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:17 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:19 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:21 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:23 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:25 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:27 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:29 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:31 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:33 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:35 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:37 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:39 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:41 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:43 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:45 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:47 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:49 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:51 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:53 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:55 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:57 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:15:59 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:01 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:03 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:05 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:07 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:09 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:11 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:13 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:15 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:17 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:19 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:21 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:23 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:25 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:27 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:30 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:32 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:34 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:36 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:38 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:40 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:42 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:44 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:46 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:48 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:50 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:52 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/10 17:16:54 [INFO] [16925401.xyz] acme: Cleaning DNS-01 challenge
2025/04/10 17:16:59 [INFO] [.16925401.xyz] acme: Cleaning DNS-01 challenge
2025/04/10 17:17:01 [WARN] [.16925401.xyz] acme: cleaning up failed: pdns: no existing record found for _acme-challenge.16925401.xyz.
2025/04/10 17:17:03 [INFO] Deactivating auth: https://acme.zerossl.com/v2/DV90/authz/FIh9ILeW5St7BrMY7KjjNQ
2025/04/10 17:17:06 [INFO] Deactivating auth: https://acme.zerossl.com/v2/DV90/authz/KGaHELhuffhUYDqnxi9VuQ
@lj5645 commented on GitHub (Apr 10, 2025):
我certimate的容器和PowerDNS的容器都在同一个Docker网络里面,按照正常来说这两个容器内部是互通的,
PDNS的内部容器IP是172.19.0.3。
certimate容器的内部IP是172.19.0.11
内部还有一个PowerDNS-Admin IP是172.19.0.2这个使用内部的IP+key是可以管理PowDNS的。但是certimate就是链接不上PowerDNS的api
@fudiwei commented on GitHub (Apr 12, 2025):
试试 lego 能否正常签发。
@lj5645 commented on GitHub (Apr 23, 2025):
也是不行,会超时。
[root@VM-0-15-centos lego]# PDNS_API_URL=http://localhost:80
PDNS_API_KEY=xxxx
/home/lego/lego --email saber@skyts.cc --dns pdns -d '*.16925401.xyz' -d 16925401.xyz run
2025/04/23 12:17:40 No key found for account saber@skyts.cc. Generating a P256 key.
2025/04/23 12:17:40 Saved key to /home/lego/.lego/accounts/acme-v02.api.letsencrypt.org/saber@skyts.cc/keys/saber@skyts.cc.key
2025/04/23 12:17:40 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf
Do you accept the TOS? Y/n
y
2025/04/23 12:18:09 [INFO] acme: Registering account for saber@skyts.cc
!!!! HEADS UP !!!!
Your account credentials have been saved in your
configuration directory at "/home/lego/.lego/accounts".
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from the ACME server so making regular
backups of this folder is ideal.
2025/04/23 12:18:09 [INFO] [.16925401.xyz, 16925401.xyz] acme: Obtaining bundled SAN certificate
2025/04/23 12:18:10 [INFO] [.16925401.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2357122817/509778165777
2025/04/23 12:18:10 [INFO] [16925401.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2357122817/509778165827
2025/04/23 12:18:10 [INFO] [.16925401.xyz] acme: use dns-01 solver
2025/04/23 12:18:10 [INFO] [16925401.xyz] acme: Could not find solver for: tls-alpn-01
2025/04/23 12:18:10 [INFO] [16925401.xyz] acme: Could not find solver for: http-01
2025/04/23 12:18:10 [INFO] [16925401.xyz] acme: use dns-01 solver
2025/04/23 12:18:10 [INFO] [.16925401.xyz] acme: Preparing to solve DNS-01
2025/04/23 12:18:11 [INFO] [16925401.xyz] acme: Preparing to solve DNS-01
2025/04/23 12:18:12 [INFO] [.16925401.xyz] acme: Trying to solve DNS-01
2025/04/23 12:18:12 [INFO] [.16925401.xyz] acme: Checking DNS record propagation. [nameservers=183.60.83.19:53,183.60.82.98:53]
2025/04/23 12:18:14 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2025/04/23 12:18:14 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/23 12:18:16 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/23 12:18:18 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/23 12:18:20 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
.
.
.
.
2025/04/23 12:20:12 [INFO] [.16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/23 12:20:14 [INFO] [16925401.xyz] acme: Trying to solve DNS-01
2025/04/23 12:20:14 [INFO] [16925401.xyz] acme: Checking DNS record propagation. [nameservers=183.60.83.19:53,183.60.82.98:53]
2025/04/23 12:20:16 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2025/04/23 12:20:16 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/23 12:20:18 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/23 12:20:20 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/23 12:20:22 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
.
.
.
.
2025/04/23 12:22:14 [INFO] [16925401.xyz] acme: Waiting for DNS record propagation.
2025/04/23 12:22:16 [INFO] [.16925401.xyz] acme: Cleaning DNS-01 challenge
2025/04/23 12:22:16 [INFO] [16925401.xyz] acme: Cleaning DNS-01 challenge
2025/04/23 12:22:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2357122817/509778165777
2025/04/23 12:22:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2357122817/509778165827
2025/04/23 12:22:17 Could not obtain certificates:
error: one or more domains had a problem:
[*.16925401.xyz] propagation: time limit exceeded: last error: [zone=16925401.xyz.] could not determine authoritative nameservers
[16925401.xyz] propagation: time limit exceeded: last error: [zone=16925401.xyz.] could not determine authoritative nameservers
[root@VM-0-15-centos lego]#
@lj5645 commented on GitHub (Apr 23, 2025):
这个lego是直接在宿主机上运行的,也是使用相同的Acme.sh配置连接api
@fudiwei commented on GitHub (Apr 23, 2025):
建议向上游依赖 lego 提 Issue。