Comments (5)
commented on July 24, 2024
1
Update:
I ve added those in entrypoint script:
echo "zone \"${domain}\" IN {"
echo " type master;"
echo " allow-transfer { any; };"
echo " file \"${zone_file}\";"
echo " update-policy {"
echo " grant keyname. name _acme-challenge.wcl.net. txt;"
echo " };"
echo "};"
--------
{
echo "include \"${NAMED_LOG_CONF}\";"
echo "include \"${NAMED_OPT_CONF}\";"
echo "include \"/etc/bind/named.conf.local\";"
echo "include \"/etc/bind/named.conf.default-zones\";"
echo "include \"/etc/bind/tsig.key\";"
} > "${NAMED_CONF}"
However, certbot is failing with that error:
2020-08-08 00:08:50,783:DEBUG:acme.client:Storing nonce: 0002WQPJS-XuFFfRv-OgZH5557u21jzYdh92GLoD9xnNCYk
2020-08-08 00:08:50,784:INFO:certbot.auth_handler:Performing the following challenges:
2020-08-08 00:08:50,784:INFO:certbot.auth_handler:dns-01 challenge for wcl.net
2020-08-08 00:08:50,785:WARNING:certbot.plugins.dns_common:Unsafe permissions on credentials configuration file: /root/certbot.ini
2020-08-08 00:08:50,791:DEBUG:certbot_dns_rfc2136.dns_rfc2136:No authoritative SOA record found for _acme-challenge.wcl.net
2020-08-08 00:08:50,793:DEBUG:certbot_dns_rfc2136.dns_rfc2136:Received authoritative SOA response for wcl.net
2020-08-08 00:08:50,797:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/dns_common.py", line 57, in perform
self._perform(domain, validation_domain_name, validation)
File "/usr/lib/python3/dist-packages/certbot_dns_rfc2136/dns_rfc2136.py", line 76, in _perform
self._get_rfc2136_client().add_txt_record(validation_name, validation, self.ttl)
File "/usr/lib/python3/dist-packages/certbot_dns_rfc2136/dns_rfc2136.py", line 135, in add_txt_record
.format(dns.rcode.to_text(rcode)))
certbot.errors.PluginError: Received response from server: SERVFAIL
2020-08-08 00:08:50,797:DEBUG:certbot.error_handler:Calling registered functions
2020-08-08 00:08:50,797:INFO:certbot.auth_handler:Cleaning up challenges
2020-08-08 00:08:50,800:DEBUG:certbot_dns_rfc2136.dns_rfc2136:No authoritative SOA record found for _acme-challenge.wcl.net
2020-08-08 00:08:50,801:DEBUG:certbot_dns_rfc2136.dns_rfc2136:Received authoritative SOA response for wcl.net
2020-08-08 00:08:50,803:DEBUG:certbot_dns_rfc2136.dns_rfc2136:Successfully deleted TXT record
2020-08-08 00:08:50,803:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/dns_common.py", line 57, in perform
self._perform(domain, validation_domain_name, validation)
File "/usr/lib/python3/dist-packages/certbot_dns_rfc2136/dns_rfc2136.py", line 76, in _perform
self._get_rfc2136_client().add_txt_record(validation_name, validation, self.ttl)
File "/usr/lib/python3/dist-packages/certbot_dns_rfc2136/dns_rfc2136.py", line 135, in add_txt_record
.format(dns.rcode.to_text(rcode)))
certbot.errors.PluginError: Received response from server: SERVFAIL
Might be related to dir permissions though.
from docker-bind.
science695
commented on July 24, 2024
1
@anApeThrummingAViola Unsafe permission errors in linux, usually mean the file has too much access, not too little.
i.e.: it is world writable, or world readable. Depending on the situation, even group read/writable might cause an error.
In this case, here is some info on Certbot's warning: https://certbot-dns-rfc2136.readthedocs.io/en/stable/#credentials
from docker-bind.
anApeThrummingAViola
commented on July 24, 2024
I'm stuck at the same point, I doubt it's write permissions, as it persists even after adding write permissions for the 'bind' group to both the /etc/bind directory as well as the zone file.
from docker-bind.
anApeThrummingAViola
commented on July 24, 2024
That was a good hint, my pre-set permissions on the bind dir were 2755, I changed them to 0774, restarted bind, and that got me past this problem.
from docker-bind.
anApeThrummingAViola
commented on July 24, 2024
blushes I also had opened the firewall for port 53 TCP instead of UDP
from docker-bind.
Related Issues (15)
- AWS ALB CNAME support HOT 6
- xargs: unmatched single quote HOT 2
- problem with reverse resolution and multiple EXTRA_HOSTS HOT 7
- Cannot route all subdomains to an IP except the domain itself HOT 1
- query failed (REFUSED) with version (tag) 0.16 HOT 4
- More flexible CNAME/IP support for WILDCARD_DNS and EXTRA_HOSTS HOT 1
- Option for "forward only" ? HOT 1
- container keeps crashing/restarting HOT 4
- Building zone files fails for the debian image in docker compose HOT 1
- Completely disable recursion HOT 1
- [Bug]: timeout when run in no internet network enviroment
- [Feature]: Statistics Channel enable
- [Question]: How do i use host.docker.internal while this service is active HOT 2
- DNSSEC problems with DNS forwarders HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-bind.