starred/certimate
1
0
Fork 0
mirror of https://github.com/certimate-go/certimate.git synced 2026-04-25 20:55:52 +03:00
Code Issues 52 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1083] 阿里云DNS提供商问题 #731

New issue
Closed
opened 2026-03-03 01:05:33 +03:00 by kerem · 6 comments
kerem commented 2026-03-03 01:05:33 +03:00
Owner
Copy link

Originally created by @13723778149 on GitHub (Dec 4, 2025).
Original GitHub issue: https://github.com/certimate-go/certimate/issues/1083

Release Version / 软件版本

v0.4.7

Description / 问题描述

我使用acme.sh脚本对阿里云的AK进行了验证,可以手动申请证书,另外,我提供工作流执行的错误日志:

#mo-lSQ-eDmH8bfwASj4YF 开始
[2025-12-04 20:36:55]
the workflow is starting
#VBd8dvcgFUpll_OXuIDEN 申请
[2025-12-04 20:36:55]
ready to request certificate ...
[2025-12-04 20:36:55]
no found last issued certificate, begin to apply
[2025-12-04 20:36:55]
acme config initialized
[2025-12-04 20:36:55]
acme account initialized
[2025-12-04 20:36:57]
[xdcrazytimer.hainanxingdong.com] acme: Obtaining bundled SAN certificate
[2025-12-04 20:36:58]
[xdcrazytimer.hainanxingdong.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2850111556/622596662466
[2025-12-04 20:36:59]
[xdcrazytimer.hainanxingdong.com] acme: Could not find solver for: tls-alpn-01
[2025-12-04 20:36:59]
[xdcrazytimer.hainanxingdong.com] acme: Could not find solver for: http-01
[2025-12-04 20:36:59]
[xdcrazytimer.hainanxingdong.com] acme: use dns-01 solver
[2025-12-04 20:36:59]
[xdcrazytimer.hainanxingdong.com] acme: Preparing to solve DNS-01
[2025-12-04 20:36:59]
[xdcrazytimer.hainanxingdong.com] acme: Cleaning DNS-01 challenge
[2025-12-04 20:36:59]
[xdcrazytimer.hainanxingdong.com] acme: cleaning up failed: alicloud: API call failed: SDKError:
[2025-12-04 20:36:59]
StatusCode: 400
[2025-12-04 20:36:59]
Code: SignatureDoesNotMatch
[2025-12-04 20:36:59]
Message: code: 400, Specified signature does not match our calculation. server StringToSign is [ACS3-HMAC-SHA256
[2025-12-04 20:36:59]
432c9adde535b097230abcff0d5907896d746b2fd215d05a4c5eed00a39085e0], server CanonicalRequest is [POST
[2025-12-04 20:36:59]
/
[2025-12-04 20:36:59]
PageNumber=1
[2025-12-04 20:36:59]
host:alidns.aliyuncs.com
[2025-12-04 20:36:59]
x-acs-action:DescribeDomains
[2025-12-04 20:36:59]
x-acs-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
[2025-12-04 20:36:59]
x-acs-credentials-provider:static_ak
[2025-12-04 20:36:59]
x-acs-date:2025-12-04T12:36:59Z
[2025-12-04 20:36:59]
x-acs-signature-nonce:5bc2bbea60ce6e1d573b952fd9038331
[2025-12-04 20:36:59]
x-acs-version:2015-01-09
[2025-12-04 20:36:59]
[2025-12-04 20:36:59]
host;x-acs-action;x-acs-content-sha256;x-acs-credentials-provider;x-acs-date;x-acs-signature-nonce;x-acs-version
[2025-12-04 20:36:59]
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855] request id: 1E248819-6B79-5C9D-A748-6F01AB420B73
[2025-12-04 20:36:59]
Data: {"Code":"SignatureDoesNotMatch","HostId":"alidns.aliyuncs.com","Message":"Specified signature does not match our calculation. server StringToSign is [ACS3-HMAC-SHA256\n432c9adde535b097230abcff0d5907896d746b2fd215d05a4c5eed00a39085e0], server CanonicalRequest is [POST\n/\nPageNumber=1\nhost:alidns.aliyuncs.com\nx-acs-action:DescribeDomains\nx-acs-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\nx-acs-credentials-provider:static_ak\nx-acs-date:2025-12-04T12:36:59Z\nx-acs-signature-nonce:5bc2bbea60ce6e1d573b952fd9038331\nx-acs-version:2015-01-09\n\nhost;x-acs-action;x-acs-content-sha256;x-acs-credentials-provider;x-acs-date;x-acs-signature-nonce;x-acs-version\ne3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855]","Recommend":"https://api.aliyun.com/troubleshoot?q=SignatureDoesNotMatch&product=Alidns&requestId=1E248819-6B79-5C9D-A748-6F01AB420B73","RequestId":"1E248819-6B79-5C9D-A748-6F01AB420B73"}
[2025-12-04 20:36:59]
[2025-12-04 20:37:00]
Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2850111556/622596662466
[2025-12-04 20:37:00]
could not obtain certificate
[2025-12-04 20:37:00]
failed to obtain certificate: error: one or more domains had a problem: [xdcrazytimer.hainanxingdong.com] [xdcrazytimer.hainanxingdong.com] acme: error presenting token: alicloud: API call failed: SDKError: StatusCode: 400 Code: SignatureDoesNotMatch Message: code: 400, Specified signature does not match our calculation. server StringToSign is [ACS3-HMAC-SHA256 878f51cb5642b37e61bcc9be28615d0e31615b52adbd3e2d7f0a1df0cac9185a], server CanonicalRequest is [POST / PageNumber=1 host:alidns.aliyuncs.com x-acs-action:DescribeDomains x-acs-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-acs-credentials-provider:static_ak x-acs-date:2025-12-04T12:36:59Z x-acs-signature-nonce:ddcbf60c0e3dbf198c3a25a2ef27387e x-acs-version:2015-01-09 host;x-acs-action;x-acs-content-sha256;x-acs-credentials-provider;x-acs-date;x-acs-signature-nonce;x-acs-version e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855] request id: 87FCF947-BA84-5FE0-891B-AF07A090BBC2 Data: {"Code":"SignatureDoesNotMatch","HostId":"alidns.aliyuncs.com","Message":"Specified signature does not match our calculation. server StringToSign is [ACS3-HMAC-SHA256\n878f51cb5642b37e61bcc9be28615d0e31615b52adbd3e2d7f0a1df0cac9185a], server CanonicalRequest is [POST\n/\nPageNumber=1\nhost:alidns.aliyuncs.com\nx-acs-action:DescribeDomains\nx-acs-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\nx-acs-credentials-provider:static_ak\nx-acs-date:2025-12-04T12:36:59Z\nx-acs-signature-nonce:ddcbf60c0e3dbf198c3a25a2ef27387e\nx-acs-version:2015-01-09\n\nhost;x-acs-action;x-acs-content-sha256;x-acs-credentials-provider;x-acs-date;x-acs-signature-nonce;x-acs-version\ne3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855]","Recommend":"https://api.aliyun.com/troubleshoot?q=SignatureDoesNotMatch&product=Alidns&requestId=87FCF947-BA84-5FE0-891B-AF07A090BBC2","RequestId":"87FCF947-BA84-5FE0-891B-AF07A090BBC2"}
#skkCMtqLlc32Adjs_Rkf 通知
[2025-12-04 20:37:00]
ready to send notification ...
[2025-12-04 20:37:01]
notification completed
#cYIpu63ptK_kc3lBWjO7F 结束
[2025-12-04 20:37:01]
the workflow is ending

Miscellaneous / 其他

No response

Originally created by @13723778149 on GitHub (Dec 4, 2025). Original GitHub issue: https://github.com/certimate-go/certimate/issues/1083 ### Release Version / 软件版本 v0.4.7 ### Description / 问题描述 我使用acme.sh脚本对阿里云的AK进行了验证,可以手动申请证书,另外,我提供工作流执行的错误日志: #mo-lSQ-eDmH8bfwASj4YF 开始 [2025-12-04 20:36:55] the workflow is starting #VBd8dvcgFUpll_OXuIDEN 申请 [2025-12-04 20:36:55] ready to request certificate ... [2025-12-04 20:36:55] no found last issued certificate, begin to apply [2025-12-04 20:36:55] acme config initialized [2025-12-04 20:36:55] acme account initialized [2025-12-04 20:36:57] [xdcrazytimer.hainanxingdong.com] acme: Obtaining bundled SAN certificate [2025-12-04 20:36:58] [xdcrazytimer.hainanxingdong.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2850111556/622596662466 [2025-12-04 20:36:59] [xdcrazytimer.hainanxingdong.com] acme: Could not find solver for: tls-alpn-01 [2025-12-04 20:36:59] [xdcrazytimer.hainanxingdong.com] acme: Could not find solver for: http-01 [2025-12-04 20:36:59] [xdcrazytimer.hainanxingdong.com] acme: use dns-01 solver [2025-12-04 20:36:59] [xdcrazytimer.hainanxingdong.com] acme: Preparing to solve DNS-01 [2025-12-04 20:36:59] [xdcrazytimer.hainanxingdong.com] acme: Cleaning DNS-01 challenge [2025-12-04 20:36:59] [xdcrazytimer.hainanxingdong.com] acme: cleaning up failed: alicloud: API call failed: SDKError: [2025-12-04 20:36:59] StatusCode: 400 [2025-12-04 20:36:59] Code: SignatureDoesNotMatch [2025-12-04 20:36:59] Message: code: 400, Specified signature does not match our calculation. server StringToSign is [ACS3-HMAC-SHA256 [2025-12-04 20:36:59] 432c9adde535b097230abcff0d5907896d746b2fd215d05a4c5eed00a39085e0], server CanonicalRequest is [POST [2025-12-04 20:36:59] / [2025-12-04 20:36:59] PageNumber=1 [2025-12-04 20:36:59] host:alidns.aliyuncs.com [2025-12-04 20:36:59] x-acs-action:DescribeDomains [2025-12-04 20:36:59] x-acs-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 [2025-12-04 20:36:59] x-acs-credentials-provider:static_ak [2025-12-04 20:36:59] x-acs-date:2025-12-04T12:36:59Z [2025-12-04 20:36:59] x-acs-signature-nonce:5bc2bbea60ce6e1d573b952fd9038331 [2025-12-04 20:36:59] x-acs-version:2015-01-09 [2025-12-04 20:36:59] [2025-12-04 20:36:59] host;x-acs-action;x-acs-content-sha256;x-acs-credentials-provider;x-acs-date;x-acs-signature-nonce;x-acs-version [2025-12-04 20:36:59] e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855] request id: 1E248819-6B79-5C9D-A748-6F01AB420B73 [2025-12-04 20:36:59] Data: {"Code":"SignatureDoesNotMatch","HostId":"alidns.aliyuncs.com","Message":"Specified signature does not match our calculation. server StringToSign is [ACS3-HMAC-SHA256\n432c9adde535b097230abcff0d5907896d746b2fd215d05a4c5eed00a39085e0], server CanonicalRequest is [POST\n/\nPageNumber=1\nhost:alidns.aliyuncs.com\nx-acs-action:DescribeDomains\nx-acs-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\nx-acs-credentials-provider:static_ak\nx-acs-date:2025-12-04T12:36:59Z\nx-acs-signature-nonce:5bc2bbea60ce6e1d573b952fd9038331\nx-acs-version:2015-01-09\n\nhost;x-acs-action;x-acs-content-sha256;x-acs-credentials-provider;x-acs-date;x-acs-signature-nonce;x-acs-version\ne3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855]","Recommend":"https://api.aliyun.com/troubleshoot?q=SignatureDoesNotMatch&product=Alidns&requestId=1E248819-6B79-5C9D-A748-6F01AB420B73","RequestId":"1E248819-6B79-5C9D-A748-6F01AB420B73"} [2025-12-04 20:36:59] [2025-12-04 20:37:00] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2850111556/622596662466 [2025-12-04 20:37:00] could not obtain certificate [2025-12-04 20:37:00] failed to obtain certificate: error: one or more domains had a problem: [xdcrazytimer.hainanxingdong.com] [xdcrazytimer.hainanxingdong.com] acme: error presenting token: alicloud: API call failed: SDKError: StatusCode: 400 Code: SignatureDoesNotMatch Message: code: 400, Specified signature does not match our calculation. server StringToSign is [ACS3-HMAC-SHA256 878f51cb5642b37e61bcc9be28615d0e31615b52adbd3e2d7f0a1df0cac9185a], server CanonicalRequest is [POST / PageNumber=1 host:alidns.aliyuncs.com x-acs-action:DescribeDomains x-acs-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-acs-credentials-provider:static_ak x-acs-date:2025-12-04T12:36:59Z x-acs-signature-nonce:ddcbf60c0e3dbf198c3a25a2ef27387e x-acs-version:2015-01-09 host;x-acs-action;x-acs-content-sha256;x-acs-credentials-provider;x-acs-date;x-acs-signature-nonce;x-acs-version e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855] request id: 87FCF947-BA84-5FE0-891B-AF07A090BBC2 Data: {"Code":"SignatureDoesNotMatch","HostId":"alidns.aliyuncs.com","Message":"Specified signature does not match our calculation. server StringToSign is [ACS3-HMAC-SHA256\n878f51cb5642b37e61bcc9be28615d0e31615b52adbd3e2d7f0a1df0cac9185a], server CanonicalRequest is [POST\n/\nPageNumber=1\nhost:alidns.aliyuncs.com\nx-acs-action:DescribeDomains\nx-acs-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\nx-acs-credentials-provider:static_ak\nx-acs-date:2025-12-04T12:36:59Z\nx-acs-signature-nonce:ddcbf60c0e3dbf198c3a25a2ef27387e\nx-acs-version:2015-01-09\n\nhost;x-acs-action;x-acs-content-sha256;x-acs-credentials-provider;x-acs-date;x-acs-signature-nonce;x-acs-version\ne3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855]","Recommend":"https://api.aliyun.com/troubleshoot?q=SignatureDoesNotMatch&product=Alidns&requestId=87FCF947-BA84-5FE0-891B-AF07A090BBC2","RequestId":"87FCF947-BA84-5FE0-891B-AF07A090BBC2"} #skkCMtqLlc32Adjs_Rkf 通知 [2025-12-04 20:37:00] ready to send notification ... [2025-12-04 20:37:01] notification completed #cYIpu63ptK_kc3lBWjO7F 结束 [2025-12-04 20:37:01] the workflow is ending ### Miscellaneous / 其他 _No response_
kerem 2026-03-03 01:05:33 +03:00
  • closed this issue
  • added the
    stale
         label
kerem commented 2026-03-03 01:05:34 +03:00
Author
Owner
Copy link

@fudiwei commented on GitHub (Dec 4, 2025):

检查 AK/SK 是否正确,前后是否多了空格。

<!-- gh-comment-id:3612138749 --> @fudiwei commented on GitHub (Dec 4, 2025): 检查 AK/SK 是否正确,前后是否多了空格。
kerem commented 2026-03-03 01:05:34 +03:00
Author
Owner
Copy link

@13723778149 commented on GitHub (Dec 5, 2025):

确实是多了空格,感谢大佬。

<!-- gh-comment-id:3614971610 --> @13723778149 commented on GitHub (Dec 5, 2025): 确实是多了空格,感谢大佬。
kerem commented 2026-03-03 01:05:35 +03:00
Author
Owner
Copy link

@13723778149 commented on GitHub (Dec 5, 2025):

大佬,请问您,我运行工作流会提示”failed to obtain certificate: error: one or more domains had a problem: [xdcrazytimer.hainanxingdong.com] propagation: time limit exceeded: last error: authoritative nameservers: DNS call error: dial udp: lookup 172.16.21.9.: no such host [ns=172.16.21.9.:53, question='_acme-challenge.xdcrazytimer.hainanxingdong.com. IN TXT']“,证书解析是在阿里云,内网环境有172.16.21.9服务器的named dns服务解析到内网web服务器,有办法实现证书申请,然后部署到内网web服务器吗

<!-- gh-comment-id:3614979249 --> @13723778149 commented on GitHub (Dec 5, 2025): 大佬,请问您,我运行工作流会提示”failed to obtain certificate: error: one or more domains had a problem: [xdcrazytimer.hainanxingdong.com] propagation: time limit exceeded: last error: authoritative nameservers: DNS call error: dial udp: lookup 172.16.21.9.: no such host [ns=172.16.21.9.:53, question='_acme-challenge.xdcrazytimer.hainanxingdong.com. IN TXT']“,证书解析是在阿里云,内网环境有172.16.21.9服务器的named dns服务解析到内网web服务器,有办法实现证书申请,然后部署到内网web服务器吗
kerem commented 2026-03-03 01:05:35 +03:00
Author
Owner
Copy link

@fudiwei commented on GitHub (Dec 5, 2025):

证书解析是在阿里云

啥叫“证书解析”?

<!-- gh-comment-id:3615748611 --> @fudiwei commented on GitHub (Dec 5, 2025): > 证书解析是在阿里云 啥叫“证书解析”?
kerem commented 2026-03-03 01:05:35 +03:00
Author
Owner
Copy link

@13723778149 commented on GitHub (Dec 8, 2025):

生产环境是由阿里云dns解析域名,我们内网环境是named服务解析域名,请问,内网环境怎么更新证书

<!-- gh-comment-id:3625779206 --> @13723778149 commented on GitHub (Dec 8, 2025): 生产环境是由阿里云dns解析域名,我们内网环境是named服务解析域名,请问,内网环境怎么更新证书
kerem commented 2026-03-03 01:05:35 +03:00
Author
Owner
Copy link

@fudiwei commented on GitHub (Dec 8, 2025):

把内网的这个域名 _acme-challenge 这个子域 CNAME 到公网域名上。

https://docs.certimate.me/blog/cname

<!-- gh-comment-id:3626575786 --> @fudiwei commented on GitHub (Dec 8, 2025): 把内网的这个域名 `_acme-challenge` 这个子域 CNAME 到公网域名上。 https://docs.certimate.me/blog/cname
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
next
archive/v0.3
archive/v0.2
v0.4.21
v0.4.20
v0.4.19
v0.4.18
v0.4.17
v0.4.16
v0.4.15
v0.4.14
v0.4.13
v0.4.12
v0.4.11
v0.4.10
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.27
v0.3.26
v0.3.25
v0.3.24
v0.3.23
v0.3.22
v0.3.21
v0.3.20
v0.3.19
v0.3.18
v0.3.17
v0.3.16
v0.3.15
v0.3.14
v0.3.13
v0.3.12
v0.3.11
v0.3.10
v0.3.9
v0.3.8
v0.3.7
v0.3.6
v0.3.5
v0.3.4
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.24-beta
v0.2.23-beta
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.19
v0.1.18
v0.1.17
v0.1.16
v0.1.15
v0.1.14
v0.1.13
v0.1.12
v0.1.11
v0.1.10
v0.1.9
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.1
Labels
Clear labels   
announcement

   
backlog

   
bug

   
declined

   
documentation

   
duplicate

   
enhancement

   
good first issue

   
good first issue

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale
No labels
announcement
backlog
bug
declined
documentation
duplicate
enhancement
good first issue
good first issue
help wanted
invalid
pull-request
question
stale
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/certimate#731
No description provided.