feat: take out CNAME support from experimental features (#1718)

.golangci.toml

@@ -125,7 +125,10 @@
     text = "(tlsFeatureExtensionOID|ocspMustStapleFeature) is a global variable"
   [[issues.exclude-rules]]
     path = "challenge/dns01/nameserver.go"
-    text = "(defaultNameservers|recursiveNameservers|dnsTimeout|fqdnSoaCache|muFqdnSoaCache) is a global variable"
+    text = "(defaultNameservers|recursiveNameservers|fqdnSoaCache|muFqdnSoaCache) is a global variable"
+  [[issues.exclude-rules]]
+    path = "challenge/dns01/nameserver_.+.go"
+    text = "dnsTimeout is a global variable"
   [[issues.exclude-rules]]
     path = "challenge/dns01/nameserver_test.go"
     text = "findXByFqdnTestCases is a global variable"

challenge/dns01/dns_challenge.go

@@ -176,22 +176,33 @@ func GetRecord(domain, keyAuth string) (fqdn, value string) {
 	keyAuthShaBytes := sha256.Sum256([]byte(keyAuth))
 	// base64URL encoding without padding
 	value = base64.RawURLEncoding.EncodeToString(keyAuthShaBytes[:sha256.Size])
-	fqdn = fmt.Sprintf("_acme-challenge.%s.", domain)
 
-	if ok, _ := strconv.ParseBool(os.Getenv("LEGO_EXPERIMENTAL_CNAME_SUPPORT")); ok {
+	fqdn = getChallengeFqdn(domain)
-		// recursion counter so it doesn't spin out of control
-		for limit := 0; limit < 50; limit++ {
-			// Keep following CNAMEs
-			r, err := dnsQuery(fqdn, dns.TypeCNAME, recursiveNameservers, true)
-			// Check if the domain has CNAME then use that
-			if err == nil && r.Rcode == dns.RcodeSuccess {
-				fqdn = updateDomainWithCName(r, fqdn)
-			} else {
-				// No more CNAME records to follow, exit
-				return
-			}
-		}
-	}
 
 	return
 }
+
+func getChallengeFqdn(domain string) string {
+	fqdn := fmt.Sprintf("_acme-challenge.%s.", domain)
+
+	if ok, _ := strconv.ParseBool(os.Getenv("LEGO_DISABLE_CNAME_SUPPORT")); ok {
+		return fqdn
+	}
+
+	// recursion counter so it doesn't spin out of control
+	for limit := 0; limit < 50; limit++ {
+		// Keep following CNAMEs
+		r, err := dnsQuery(fqdn, dns.TypeCNAME, recursiveNameservers, true)
+
+		// Check if the domain has CNAME then use that
+		if err == nil && r.Rcode == dns.RcodeSuccess {
+			fqdn = updateDomainWithCName(r, fqdn)
+			continue
+		}
+
+		// No more CNAME records to follow, exit
+		break
+	}
+
+	return fqdn
+}

challenge/dns01/nameserver.go

@@ -13,9 +13,6 @@ import (
 
 const defaultResolvConf = "/etc/resolv.conf"
 
-// dnsTimeout is used to override the default DNS timeout of 10 seconds.
-var dnsTimeout = 10 * time.Second
-
 var (
 	fqdnSoaCache   = map[string]*soaCacheEntry{}
 	muFqdnSoaCache sync.Mutex

challenge/dns01/nameserver_unix.go

@@ -0,0 +1,8 @@
+//go:build !windows
+
+package dns01
+
+import "time"
+
+// dnsTimeout is used to override the default DNS timeout of 10 seconds.
+var dnsTimeout = 10 * time.Second

challenge/dns01/nameserver_windows.go

@@ -0,0 +1,8 @@
+//go:build windows
+
+package dns01
+
+import "time"
+
+// dnsTimeout is used to override the default DNS timeout of 20 seconds.
+var dnsTimeout = 20 * time.Second

docs/content/dns/_index.md

@@ -45,11 +45,6 @@ $ CLOUDFLARE_EMAIL_FILE=/the/path/to/my/email \
   lego --dns cloudflare --domains www.example.com --email you@example.com run
 ```
 
-## Experimental Features
-
-To resolve CNAME when creating dns-01 challenge:
-set `LEGO_EXPERIMENTAL_CNAME_SUPPORT` to `true`.
-
 ## DNS Providers
 
 {{% tableofdnsproviders %}}

providers/dns/acmedns/acmedns_test.go

@@ -18,7 +18,7 @@ var (
 
 const (
 	// Fixed test data for unit tests.
-	egDomain  = "threeletter.agency"
+	egDomain  = "example.com"
 	egFQDN    = "_acme-challenge." + egDomain + "."
 	egKeyAuth = "⚷"
 )

providers/dns/versio/versio_test.go

@@ -2,6 +2,7 @@ package versio
 
 import (
 	"fmt"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -231,7 +232,10 @@ func muxSuccess() *http.ServeMux {
 	})
 
 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		log.Printf("Not Found for Request: (%+v)\n\n", r)
+		log.Printf("unexpected request: %+v\n\n", r)
+		data, _ := io.ReadAll(r.Body)
+		defer func() { _ = r.Body.Close() }()
+		log.Println(string(data))
 		http.NotFound(w, r)
 	})
 
@@ -267,6 +271,14 @@ func muxFailToCreateTXT() *http.ServeMux {
 		w.WriteHeader(http.StatusBadRequest)
 	})
 
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		log.Printf("unexpected request: %+v\n\n", r)
+		data, _ := io.ReadAll(r.Body)
+		defer func() { _ = r.Body.Close() }()
+		log.Println(string(data))
+		http.NotFound(w, r)
+	})
+
 	return mux
 }