starred/certimate
1
0
Fork 0
mirror of https://github.com/certimate-go/certimate.git synced 2026-04-25 20:55:52 +03:00
Code Issues 52 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1205] 这是干什么的,为什么要发送这个请求?(可疑请求) #820

New issue
Open
opened 2026-03-03 01:06:13 +03:00 by kerem · 9 comments
kerem commented 2026-03-03 01:06:13 +03:00
Owner
Copy link

Originally created by @rikyotei on GitHub (Feb 27, 2026).
Original GitHub issue: https://github.com/certimate-go/certimate/issues/1205

Release Version / 软件版本

v0.4.17

Description / 问题描述

我发现certimate会发送一个请求到www.doubao.com.queniurc.com
这个是干什么的?既不是豆包官方的也不是千问的。

Image

Miscellaneous / 其他

No response

Originally created by @rikyotei on GitHub (Feb 27, 2026). Original GitHub issue: https://github.com/certimate-go/certimate/issues/1205 ### Release Version / 软件版本 v0.4.17 ### Description / 问题描述 我发现certimate会发送一个请求到www.doubao.com.queniurc.com 这个是干什么的?既不是豆包官方的也不是千问的。 <img width="1086" height="40" alt="Image" src="https://github.com/user-attachments/assets/0358c885-75da-4f65-9585-95cc528db9e9" /> ### Miscellaneous / 其他 _No response_
kerem commented 2026-03-03 01:06:14 +03:00
Author
Owner
Copy link

@fudiwei commented on GitHub (Feb 28, 2026):

这是在哪儿看到的? 😕

<!-- gh-comment-id:3976268702 --> @fudiwei commented on GitHub (Feb 28, 2026): 这是在哪儿看到的? 😕
kerem commented 2026-03-03 01:06:14 +03:00
Author
Owner
Copy link

@rikyotei commented on GitHub (Feb 28, 2026):

这是在哪儿看到的? 😕

Proxifier,通过代理来跑certimate就可以看到所有请求。《申请》这个过程中会出现这个请求,一般是在letsencrypt的请求之后出来。
我现在还遇到SSH上传challenge会被秒断的问题。
通过dns-01认证,cloudflare设置token限制访问ip就不成功的问题。
通宵了一夜,我快挂了。T_T

<!-- gh-comment-id:3976280566 --> @rikyotei commented on GitHub (Feb 28, 2026): > 这是在哪儿看到的? 😕 Proxifier,通过代理来跑certimate就可以看到所有请求。《申请》这个过程中会出现这个请求,一般是在letsencrypt的请求之后出来。 我现在还遇到SSH上传challenge会被秒断的问题。 通过dns-01认证,cloudflare设置token限制访问ip就不成功的问题。 通宵了一夜,我快挂了。T_T
kerem commented 2026-03-03 01:06:14 +03:00
Author
Owner
Copy link

@fudiwei commented on GitHub (Feb 28, 2026):

查了下 queniurc.com ICP 备案属于浙江雀牛网络科技有限公司,股权穿透来看是阿里云的全资控股子公司,目测是个 CDN 域名。

至于为什么会有这个域名上的请求,感觉是你本机环境的问题,把抖音系的软件也好插件也罢都卸载了再试试,或者用一台纯净系统重新抓包再看看。

<!-- gh-comment-id:3976286059 --> @fudiwei commented on GitHub (Feb 28, 2026): 查了下 queniurc.com ICP 备案属于浙江雀牛网络科技有限公司,股权穿透来看是阿里云的全资控股子公司,目测是个 CDN 域名。 至于为什么会有这个域名上的请求,感觉是你本机环境的问题,把抖音系的软件也好插件也罢都卸载了再试试,或者用一台纯净系统重新抓包再看看。
kerem commented 2026-03-03 01:06:14 +03:00
Author
Owner
Copy link

@fudiwei commented on GitHub (Feb 28, 2026):

github.com/oneyearice/oneyearice.github.io@b851cd2fb4/45-Redis/NoSQL数据库Redis/3.Redis性能优化和客户端访问.md (L281)

这里有人提到过这是抖音开发者工具所使用的域名。你有安装过这个软件吗?🤔

<!-- gh-comment-id:3976302324 --> @fudiwei commented on GitHub (Feb 28, 2026): > https://github.com/oneyearice/oneyearice.github.io/blob/b851cd2fb4e76125f3a9b5d7b858ce6fce18a98e/45-Redis/NoSQL%E6%95%B0%E6%8D%AE%E5%BA%93Redis/3.Redis%E6%80%A7%E8%83%BD%E4%BC%98%E5%8C%96%E5%92%8C%E5%AE%A2%E6%88%B7%E7%AB%AF%E8%AE%BF%E9%97%AE.md?plain=1#L281 这里有人提到过这是抖音开发者工具所使用的域名。你有安装过这个软件吗?🤔
kerem commented 2026-03-03 01:06:14 +03:00
Author
Owner
Copy link

@rikyotei commented on GitHub (Feb 28, 2026):

github.com/oneyearice/oneyearice.github.io@b851cd2fb4/45-Redis/NoSQL数据库Redis/3.Redis性能优化和客户端访问.md (L281)

这里有人提到过这是抖音开发者工具所使用的域名。你有安装过这个软件吗?🤔

并没有,我运行的是一台windows server 2025的内网服务器,用于.net开发的dev服务器,上面只有IIS和.net SDK。
由于不能上网,上网是通过proxifier代理到另外一台审计代理的。

我的.net程序也没有引用抖音的sdk,也没有redis相关的。哎。头大。

<!-- gh-comment-id:3976320255 --> @rikyotei commented on GitHub (Feb 28, 2026): > > https://github.com/oneyearice/oneyearice.github.io/blob/b851cd2fb4e76125f3a9b5d7b858ce6fce18a98e/45-Redis/NoSQL%E6%95%B0%E6%8D%AE%E5%BA%93Redis/3.Redis%E6%80%A7%E8%83%BD%E4%BC%98%E5%8C%96%E5%92%8C%E5%AE%A2%E6%88%B7%E7%AB%AF%E8%AE%BF%E9%97%AE.md?plain=1#L281 > > 这里有人提到过这是抖音开发者工具所使用的域名。你有安装过这个软件吗?🤔 并没有,我运行的是一台windows server 2025的内网服务器,用于.net开发的dev服务器,上面只有IIS和.net SDK。 由于不能上网,上网是通过proxifier代理到另外一台审计代理的。 我的.net程序也没有引用抖音的sdk,也没有redis相关的。哎。头大。
kerem commented 2026-03-03 01:06:14 +03:00
Author
Owner
Copy link

@rikyotei commented on GitHub (Feb 28, 2026):

[2026-02-28 12:05:42]
ready to request certificate ...
[2026-02-28 12:05:42]
found last node output #or masked u record
[2026-02-28 12:05:42]
found last certificate #soy masked m8hv record
[2026-02-28 12:05:42]
re-apply, because the configuration item 'Provider' changed
[2026-02-28 12:05:42]
acme config initialized
[2026-02-28 12:05:42]
acme account initialized
[2026-02-28 12:05:45]
[masked] acme: Obtaining bundled SAN certificate
[2026-02-28 12:05:46]
[masked] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/309 masked 29232
[2026-02-28 12:05:46]
[masked] acme: Could not find solver for: tls-alpn-01
[2026-02-28 12:05:46]
[masked] acme: Could not find solver for: http-01
[2026-02-28 12:05:46]
[masked] acme: use dns-01 solver
[2026-02-28 12:05:46]
[masked] acme: Preparing to solve DNS-01
[2026-02-28 12:09:06]
[masked] acme: Cleaning DNS-01 challenge
[2026-02-28 12:12:26]
[masked] acme: cleaning up failed: cloudflare: could not find zone for domain "masked": [fqdn=_acme-challenge. masked.] could not find the start of authority for '_acme-challenge. masked.': DNS call error: read udp 127.0.0.1:55656->127.172.0.13:53: i/o timeout [ns=google-public-dns-a.google.com:53, question='com. IN SOA']
[2026-02-28 12:12:26]
DNS call error: read udp 127.0.0.1:55737->127.172.0.17:53: i/o timeout [ns=google-public-dns-b.google.com:53, question='com. IN SOA']
[2026-02-28 12:12:27]
Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/3099 masked 232
[2026-02-28 12:12:28]
could not obtain certificate
[2026-02-28 12:12:28]
failed to obtain certificate: error: one or more domains had a problem: [masked] [masked] acme: error presenting token: cloudflare: could not find zone for domain "masked": [fqdn=_acme-challenge. masked.] could not find the start of authority for '_acme-challenge. masked.': DNS call error: read udp 127.0.0.1:55401->127.172.0.13:53: i/o timeout [ns=google-public-dns-a.google.com:53, question='com. IN SOA'] DNS call error: read udp 127.0.0.1:57497->127.172.0.17:53: i/o timeout [ns=google-public-dns-b.google.com:53, question='com. IN SOA']

这个是不是因为在加dns记录前先要通过dns检查记录是不是存在,然后我的服务器不能上网,proxifier又不能代理udp流量,从而导致dns-01质询卡在添加记录这个步骤上?

<!-- gh-comment-id:3976347053 --> @rikyotei commented on GitHub (Feb 28, 2026): ``` [2026-02-28 12:05:42] ready to request certificate ... [2026-02-28 12:05:42] found last node output #or masked u record [2026-02-28 12:05:42] found last certificate #soy masked m8hv record [2026-02-28 12:05:42] re-apply, because the configuration item 'Provider' changed [2026-02-28 12:05:42] acme config initialized [2026-02-28 12:05:42] acme account initialized [2026-02-28 12:05:45] [masked] acme: Obtaining bundled SAN certificate [2026-02-28 12:05:46] [masked] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/309 masked 29232 [2026-02-28 12:05:46] [masked] acme: Could not find solver for: tls-alpn-01 [2026-02-28 12:05:46] [masked] acme: Could not find solver for: http-01 [2026-02-28 12:05:46] [masked] acme: use dns-01 solver [2026-02-28 12:05:46] [masked] acme: Preparing to solve DNS-01 [2026-02-28 12:09:06] [masked] acme: Cleaning DNS-01 challenge [2026-02-28 12:12:26] [masked] acme: cleaning up failed: cloudflare: could not find zone for domain "masked": [fqdn=_acme-challenge. masked.] could not find the start of authority for '_acme-challenge. masked.': DNS call error: read udp 127.0.0.1:55656->127.172.0.13:53: i/o timeout [ns=google-public-dns-a.google.com:53, question='com. IN SOA'] [2026-02-28 12:12:26] DNS call error: read udp 127.0.0.1:55737->127.172.0.17:53: i/o timeout [ns=google-public-dns-b.google.com:53, question='com. IN SOA'] [2026-02-28 12:12:27] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/3099 masked 232 [2026-02-28 12:12:28] could not obtain certificate [2026-02-28 12:12:28] failed to obtain certificate: error: one or more domains had a problem: [masked] [masked] acme: error presenting token: cloudflare: could not find zone for domain "masked": [fqdn=_acme-challenge. masked.] could not find the start of authority for '_acme-challenge. masked.': DNS call error: read udp 127.0.0.1:55401->127.172.0.13:53: i/o timeout [ns=google-public-dns-a.google.com:53, question='com. IN SOA'] DNS call error: read udp 127.0.0.1:57497->127.172.0.17:53: i/o timeout [ns=google-public-dns-b.google.com:53, question='com. IN SOA'] ``` 这个是不是因为在加dns记录前先要通过dns检查记录是不是存在,然后我的服务器不能上网,proxifier又不能代理udp流量,从而导致dns-01质询卡在添加记录这个步骤上?
kerem commented 2026-03-03 01:06:15 +03:00
Author
Owner
Copy link

@rikyotei commented on GitHub (Feb 28, 2026):

我觉得我可能破案了?在发送飞书通知的时候失败了,发送之前发送了很多可疑请求,貌似是lark包里的? @fudiwei

Image Image Image
<!-- gh-comment-id:3977152420 --> @rikyotei commented on GitHub (Feb 28, 2026): 我觉得我可能破案了?在发送飞书通知的时候失败了,发送之前发送了很多可疑请求,貌似是lark包里的? @fudiwei <img width="852" height="44" alt="Image" src="https://github.com/user-attachments/assets/0c3b2910-87d4-4751-917a-f64438453c21" /> <img width="856" height="84" alt="Image" src="https://github.com/user-attachments/assets/dec256f3-a19f-41c2-a40b-c2607a2baf87" /> <img width="862" height="166" alt="Image" src="https://github.com/user-attachments/assets/c80f6c8f-957a-4bf4-aca4-6087b5a0e5ea" />
kerem commented 2026-03-03 01:06:15 +03:00
Author
Owner
Copy link

@rikyotei commented on GitHub (Feb 28, 2026):

也可能是劫持了?这里好像直接resty访问了webhook,并没有引用lark官方sdk。 那这问题就不是你们能解决的了? @fudiwei
https://github.com/certimate-go/certimate/blob/main/pkg/core/notifier/providers/larkbot/larkbot.go

<!-- gh-comment-id:3977165272 --> @rikyotei commented on GitHub (Feb 28, 2026): 也可能是劫持了?这里好像直接resty访问了webhook,并没有引用lark官方sdk。 那这问题就不是你们能解决的了? @fudiwei [https://github.com/certimate-go/certimate/blob/main/pkg/core/notifier/providers/larkbot/larkbot.go](url)
kerem commented 2026-03-03 01:06:15 +03:00
Author
Owner
Copy link

@fudiwei commented on GitHub (Mar 2, 2026):

这个是不是因为在加dns记录前先要通过dns检查记录是不是存在,然后我的服务器不能上网,proxifier又不能代理udp流量,从而导致dns-01质询卡在添加记录这个步骤上?

需要 DNS 查询域名的 SOA 记录,而 DNS 默认是走 UDP 的。

你可以增加环境变量 LEGO_EXPERIMENTAL_DNS_TCP_ONLY=1 并重启,这是 lego 的一个实验性特性,它将强制使用 DNS over TCP。但注意,并非所有 NS 都支持 TCP 协议。

我觉得我可能破案了?在发送飞书通知的时候失败了,发送之前发送了很多可疑请求,貌似是lark包里的? @fudiwei

Image Image Image

截图中的这些域名全都属于抖音及其子公司,ICP 备案可查。

在没有更充分的证据之前,我还是坚持认为这是你自己系统环境的问题。例如像 ibytedapm.com 这种请求,明显是某个抖音系产品上传遥测数据用的(即 APM),与 Certimate 无关。

<!-- gh-comment-id:3981877874 --> @fudiwei commented on GitHub (Mar 2, 2026): > 这个是不是因为在加dns记录前先要通过dns检查记录是不是存在,然后我的服务器不能上网,proxifier又不能代理udp流量,从而导致dns-01质询卡在添加记录这个步骤上? 需要 DNS 查询域名的 SOA 记录,而 DNS 默认是走 UDP 的。 你可以增加环境变量 `LEGO_EXPERIMENTAL_DNS_TCP_ONLY=1` 并重启,这是 lego 的一个实验性特性,它将强制使用 DNS over TCP。但注意,并非所有 NS 都支持 TCP 协议。 --- > 我觉得我可能破案了?在发送飞书通知的时候失败了,发送之前发送了很多可疑请求,貌似是lark包里的? [@fudiwei](https://github.com/fudiwei) > > <details> > <img alt="Image" width="852" height="44" src="https://private-user-images.githubusercontent.com/16711623/556373665-0c3b2910-87d4-4751-917a-f64438453c21.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NzI0MjM3NTAsIm5iZiI6MTc3MjQyMzQ1MCwicGF0aCI6Ii8xNjcxMTYyMy81NTYzNzM2NjUtMGMzYjI5MTAtODdkNC00NzUxLTkxN2EtZjY0NDM4NDUzYzIxLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNjAzMDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjYwMzAyVDAzNTA1MFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTE4MDU1NWZiMzg3ZDQyZTdiMGZmZWZkYjBkZDM4ODRlMzQyZTk3NWJjMGY0MTFiMGExYjhiYjMwNWRjYTk3ZmUmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.ZB8Os2IafeWjITh-fws90GZAfBc8egCi9zhG9WZHw1g"> <img alt="Image" width="856" height="84" src="https://private-user-images.githubusercontent.com/16711623/556373686-dec256f3-a19f-41c2-a40b-c2607a2baf87.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NzI0MjM3NTAsIm5iZiI6MTc3MjQyMzQ1MCwicGF0aCI6Ii8xNjcxMTYyMy81NTYzNzM2ODYtZGVjMjU2ZjMtYTE5Zi00MWMyLWE0MGItYzI2MDdhMmJhZjg3LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNjAzMDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjYwMzAyVDAzNTA1MFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTJhNzhjMzFkYWZhYWI3ZWRkODdiZTY1NTRiY2FmMmY5YTM2M2YxOThkZDlhZTkzZGQ2N2UxM2Q4Yjk4MTQ1MGImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.HIF7FLOC6x1xMZxWhJY8NI0oDwAqp7_oO3ABPnNRth8"> <img alt="Image" width="862" height="166" src="https://private-user-images.githubusercontent.com/16711623/556373711-c80f6c8f-957a-4bf4-aca4-6087b5a0e5ea.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NzI0MjM3NTAsIm5iZiI6MTc3MjQyMzQ1MCwicGF0aCI6Ii8xNjcxMTYyMy81NTYzNzM3MTEtYzgwZjZjOGYtOTU3YS00YmY0LWFjYTQtNjA4N2I1YTBlNWVhLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNjAzMDIlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjYwMzAyVDAzNTA1MFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWMwMGJjMDc0YmZmZmJjM2FiOWE2NWNkNTFjNmFkOGNlNjIyMThlZTFiZmQ0ZjA5NGI5MGQ2OTg2MzQ5ZjMzYTAmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.ipTiAJZbcSAh2Cxyul2jRtNLYjpZw0eUT6mggvr_h-A"> > </details> 截图中的这些域名全都属于抖音及其子公司,ICP 备案可查。 在没有更充分的证据之前,我还是坚持认为这是你自己系统环境的问题。例如像 `ibytedapm.com` 这种请求,明显是某个抖音系产品上传遥测数据用的(即 APM),与 Certimate 无关。
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
next
archive/v0.3
archive/v0.2
v0.4.21
v0.4.20
v0.4.19
v0.4.18
v0.4.17
v0.4.16
v0.4.15
v0.4.14
v0.4.13
v0.4.12
v0.4.11
v0.4.10
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.27
v0.3.26
v0.3.25
v0.3.24
v0.3.23
v0.3.22
v0.3.21
v0.3.20
v0.3.19
v0.3.18
v0.3.17
v0.3.16
v0.3.15
v0.3.14
v0.3.13
v0.3.12
v0.3.11
v0.3.10
v0.3.9
v0.3.8
v0.3.7
v0.3.6
v0.3.5
v0.3.4
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.24-beta
v0.2.23-beta
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.19
v0.1.18
v0.1.17
v0.1.16
v0.1.15
v0.1.14
v0.1.13
v0.1.12
v0.1.11
v0.1.10
v0.1.9
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.1
Labels
Clear labels   
announcement

   
backlog

   
bug

   
declined

   
documentation

   
duplicate

   
enhancement

   
good first issue

   
good first issue

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale
No labels
announcement
backlog
bug
declined
documentation
duplicate
enhancement
good first issue
good first issue
help wanted
invalid
pull-request
question
stale
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/certimate#820
No description provided.