[GH-ISSUE #1126] DNS Challenge DuckDNS #926

Closed
opened 2026-02-26 06:34:59 +03:00 by kerem · 3 comments
Owner

Originally created by @Thomas55555 on GitHub (May 26, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1126

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes

Describe the bug

With the DNS Challenge I can create a certificate for yyy.xxx.duckdns.org. But it's no possible for *.xxx.duckdns.org or xxx.duckdns.org

Nginx Proxy Manager Version

2.9.3

Expected behavior

It should also be able to create a certificate for the domain, one level higher. In general it should be possible: https://github.com/infinityofspace/certbot_dns_duckdns

Operating System

Debian 10.9

Additional context
This is the error log:

Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-34" --agree-tos --email "my.mail@gmail.com" --domains "*.xxx.duckdns.org" --authenticator dns-duckdns  --dns-duckdns-token dns_duckdns_token=secret_token
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-duckdns, Installer None
Performing the following challenges:
dns-01 challenge for xxx.duckdns.org
Cleaning up challenges
Encountered exception during recovery: certbot.errors.PluginError: The clearing of the TXT record for domain "xxx.duckdns.org" was not successful.
Request status code: 200
Request response text: KO
The TXT update "blabla" for domain "xxx.duckdns.org" could not be set.
Request status code: 200
Request response text: KO

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:369:20)
    at maybeClose (node:internal/child_process:1067:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

Looking in /var/log/letsencrypt/letsencrypt.log shows:

Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1435, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1304, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 140, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 444, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 424, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/plugins/dns_common.py", line 60, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/opt/certbot/lib/python3.7/site-packages/certbot_dns_duckdns/cert/client.py", line 72, in _perform
    raise errors.PluginError(e)
certbot.errors.PluginError: The TXT update "blabla" for domain "xxx.duckdns.org" could not be set.
Request status code: 200
Request response text: KO
2021-05-26 14:17:15,451:ERROR:certbot._internal.log:The TXT update "blabla" for domain "xxx.duckdns.org" could not be set.
Request status code: 200
Request response text: KO
Originally created by @Thomas55555 on GitHub (May 26, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1126 <!-- Are you in the right place? - If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit. - If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask. - If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.* --> **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** <!-- A clear and concise description of what the bug is. --> With the DNS Challenge I can create a certificate for yyy.xxx.duckdns.org. But it's no possible for *.xxx.duckdns.org or xxx.duckdns.org **Nginx Proxy Manager Version** <!-- What version of Nginx Proxy Manager is reported on the login page? --> 2.9.3 **Expected behavior** <!-- A clear and concise description of what you expected to happen. --> It should also be able to create a certificate for the domain, one level higher. In general it should be possible: https://github.com/infinityofspace/certbot_dns_duckdns **Operating System** <!-- Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error. --> Debian 10.9 **Additional context** This is the error log: ``` Error: Command failed: /opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-34" --agree-tos --email "my.mail@gmail.com" --domains "*.xxx.duckdns.org" --authenticator dns-duckdns --dns-duckdns-token dns_duckdns_token=secret_token Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-duckdns, Installer None Performing the following challenges: dns-01 challenge for xxx.duckdns.org Cleaning up challenges Encountered exception during recovery: certbot.errors.PluginError: The clearing of the TXT record for domain "xxx.duckdns.org" was not successful. Request status code: 200 Request response text: KO The TXT update "blabla" for domain "xxx.duckdns.org" could not be set. Request status code: 200 Request response text: KO at ChildProcess.exithandler (node:child_process:326:12) at ChildProcess.emit (node:events:369:20) at maybeClose (node:internal/child_process:1067:16) at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) ``` Looking in /var/log/letsencrypt/letsencrypt.log shows: ``` Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in <module> sys.exit(main()) File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1435, in main return config.func(config, plugins) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1304, in certonly lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 140, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 444, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 424, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, best_effort) File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations resps = self.auth.perform(achalls) File "/opt/certbot/lib/python3.7/site-packages/certbot/plugins/dns_common.py", line 60, in perform self._perform(domain, validation_domain_name, validation) File "/opt/certbot/lib/python3.7/site-packages/certbot_dns_duckdns/cert/client.py", line 72, in _perform raise errors.PluginError(e) certbot.errors.PluginError: The TXT update "blabla" for domain "xxx.duckdns.org" could not be set. Request status code: 200 Request response text: KO 2021-05-26 14:17:15,451:ERROR:certbot._internal.log:The TXT update "blabla" for domain "xxx.duckdns.org" could not be set. Request status code: 200 Request response text: KO ```
kerem 2026-02-26 06:34:59 +03:00
  • closed this issue
  • added the
    bug
    label
Author
Owner

@chaptergy commented on GitHub (May 26, 2021):

I'm pretty sure this is not an issue with npm but instead with the DNS plugin you linked. Have you checked whether the same issue arises with a local installation of certbot and the duckdns plugin? If it works locally, but not in npm I will reopen this issue. Otherwise please open an issue over there.

<!-- gh-comment-id:848965291 --> @chaptergy commented on GitHub (May 26, 2021): I'm pretty sure this is not an issue with npm but instead with the DNS plugin you linked. Have you checked whether the same issue arises with a local installation of certbot and the duckdns plugin? If it works locally, but not in npm I will reopen this issue. Otherwise please open an issue over there.
Author
Owner

@Thomas55555 commented on GitHub (May 26, 2021):

Yes, I have checked it on my desktop there it is working. In the meanwhile, i figured out, that the subdomains are not working all the time. And i modified the command in that way:
/opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-34" --agree-tos --email "my.mail@gmail.com" --domains "*.xxx.duckdns.org" --authenticator dns-duckdns --dns-duckdns-token secret_token (<dns_duckdns_token=> is missing)
and then it was even working without the subdomain. I also don't understand it. But as it is working for me now, and a have reached the Let's Encrypt fair use limit in the meantime, you can keep it closed.

<!-- gh-comment-id:848974805 --> @Thomas55555 commented on GitHub (May 26, 2021): Yes, I have checked it on my desktop there it is working. In the meanwhile, i figured out, that the subdomains are not working all the time. And i modified the command in that way: `/opt/certbot/bin/certbot certonly --non-interactive --cert-name "npm-34" --agree-tos --email "my.mail@gmail.com" --domains "*.xxx.duckdns.org" --authenticator dns-duckdns --dns-duckdns-token secret_token` (<dns_duckdns_token=> is missing) and then it was even working without the subdomain. I also don't understand it. But as it is working for me now, and a have reached the Let's Encrypt fair use limit in the meantime, you can keep it closed.
Author
Owner

@chaptergy commented on GitHub (May 26, 2021):

Allright, let me know if anything "fixable" ever comes of it. And just FYI if you didn't already know: certbot has the flag --dry-run, if you add that the command is run against letsencrypts staging environment, and not the actual thing, so you won't be rate limited by the actual API

<!-- gh-comment-id:849038604 --> @chaptergy commented on GitHub (May 26, 2021): Allright, let me know if anything "fixable" ever comes of it. And just FYI if you didn't already know: certbot has the flag `--dry-run`, if you add that the command is run against letsencrypts staging environment, and not the actual thing, so you won't be rate limited by the actual API
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#926
No description provided.