Commit graph

9 commits

Author SHA1 Message Date
xenolf
b412c67aa6 Move providers out of ACME package. 2016-03-03 01:14:32 +01:00
Matthew Holt
971541dc0a Use http client with timeout of 10s
This will prevent indefinitely-hanging requests in case some service or middle box is malfunctioning.

Fix vet errors and lint warnings

Add vet to CI check

Only get issuer certificate if it would be used

No need to make a GET request if the OCSP server is not specified in leaf certificate

Fix CI tests

Make tests verbose
2016-02-14 14:33:54 -07:00
Simone Carletti
2e32f171d2 DNSimpleProvider: Fix wrong record deletion
This is a very subtle bug. In some specific circumstances, when the
list of domains in the SAN was > 1, the library may delete the wrong
record (specifically the last one) instead of the matching one.

The issue is explained here
https://groups.google.com/forum/#!topic/golang-nuts/tlWzJUWJKgA

Here's the output from one of the various tests

    ➜  lego git:(dnsimple-subdomain) ✗ DNSIMPLE_DOMAIN=simone.io go test -v ./... --run "TestLiveDNSimpleCleanUp"
    ?       github.com/xenolf/lego    [no test files]
    === RUN   TestLiveDNSimpleCleanUp
    2016/01/30 01:10:45 Empty records:
    2016/01/30 01:10:45 0
    2016/01/30 01:10:46 Fetched records:
    2016/01/30 01:10:46 [{5326536 41571  v=spf1 a include:_spf.google.com ~all 3600 0 TXT 2016-01-26 12:53:42.85 +0000 UTC 2016-01-26 12:53:42.85 +0000 UTC} {5026157 41571 google-site-verification=obstZAG6j2BVxYg696WxAsC46_d1-bzkv7D0qGm4K_0 3600 0 TXT 2015-10-19 11:21:03.586 +0000 UTC 2015-10-19 11:21:03.586 +0000 UTC} {5340655 41571 _acme-challenge ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-29 23:52:15.657 +0000 UTC 2016-01-29 23:52:15.657 +0000 UTC} {5340677 41571 _acme-challenge.www1 ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-30 00:03:19.89 +0000 UTC 2016-01-30 00:03:19.89 +0000 UTC}]
    2016/01/30 01:10:46 Record name:
    2016/01/30 01:10:46 _acme-challenge
    2016/01/30 01:10:46 {5326536 41571  v=spf1 a include:_spf.google.com ~all 3600 0 TXT 2016-01-26 12:53:42.85 +0000 UTC 2016-01-26 12:53:42.85 +0000 UTC}
    2016/01/30 01:10:46 {5026157 41571 google-site-verification=obstZAG6j2BVxYg696WxAsC46_d1-bzkv7D0qGm4K_0 3600 0 TXT 2015-10-19 11:21:03.586 +0000 UTC 2015-10-19 11:21:03.586 +0000 UTC}
    2016/01/30 01:10:46 {5340655 41571 _acme-challenge ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-29 23:52:15.657 +0000 UTC 2016-01-29 23:52:15.657 +0000 UTC}
    2016/01/30 01:10:46 Deleted>>
    2016/01/30 01:10:46 {5340655 41571 _acme-challenge ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-29 23:52:15.657 +0000 UTC 2016-01-29 23:52:15.657 +0000 UTC}
    2016/01/30 01:10:46 >>Deleted
    2016/01/30 01:10:46 {5340677 41571 _acme-challenge.www1 ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-30 00:03:19.89 +0000 UTC 2016-01-30 00:03:19.89 +0000 UTC}
    2016/01/30 01:10:46 Record to delete:
    2016/01/30 01:10:46 1
    2016/01/30 01:10:46 {5340677 41571 _acme-challenge.www1 ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-30 00:03:19.89 +0000 UTC 2016-01-30 00:03:19.89 +0000 UTC}
    2016/01/30 01:10:46 Record to delete (foos):
    2016/01/30 01:10:46 [{5340655 41571 _acme-challenge ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-29 23:52:15.657 +0000 UTC 2016-01-29 23:52:15.657 +0000 UTC}]
    2016/01/30 01:10:46 Found records to delete:
    2016/01/30 01:10:46 1
    2016/01/30 01:10:46 [0xc8203be240]
    2016/01/30 01:10:46 &{5340677 41571 _acme-challenge.www1 ADw2sEd82DUgXcQ9hNBZThJs7zVJkR5v9JeSbAb9mZY 120 0 TXT 2016-01-30 00:03:19.89 +0000 UTC 2016-01-30 00:03:19.89 +0000 UTC}
    --- PASS: TestLiveDNSimpleCleanUp (3.10s)
    PASS
    ok      github.com/xenolf/lego/acme    3.121s

The record 5340655 was supposed to be deleted, but 5340677 was deleted
instead (notice how the deleted record was always the last one in the
returned record set).

And of course the validation never passed

    ➜  letsencrypt-dnsimple git:(master) go run main.go --user xxx --api-key "xxx" --email "xxx@gmail.com" simone.io,foo1.simone.io,foo2.simone.io,foo3.simone.io
    2016/01/30 00:27:55 .data/users/xxx@gmail.com
    2016/01/30 00:27:55 {xxx@gmail.com <nil> 0xc82009a300}
    2016/01/30 00:27:56 [INFO] acme: Registering account for xxx@gmail.com
    2016/01/30 00:27:57 &{{ 116016 {RSA xxx} [mailto:xxx@gmail.com]   } https://acme-staging.api.letsencrypt.org/acme/reg/116016 https://acme-staging.api.letsencrypt.org/acme/new-authz https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf}
    2016/01/30 00:27:58 [INFO][simone.io, foo1.simone.io, foo2.simone.io, foo3.simone.io] acme: Obtaining bundled SAN certificate
    2016/01/30 00:27:59 [INFO][simone.io] acme: Could not find solver for: http-01
    2016/01/30 00:27:59 [INFO][simone.io] acme: Trying to solve DNS-01
    2016/01/30 00:28:00 simone.io
    2016/01/30 00:28:00 &{0 0 _acme-challenge Uo7cIEDgw_sCgZhSOML_GU4DkKlgpB6p1Et8lxRVGLI 120 0 TXT <nil> <nil>}
    2016/01/30 00:28:12 [INFO][simone.io] The server validated our request
    2016/01/30 00:28:14 &{5340584 41571 _acme-challenge Uo7cIEDgw_sCgZhSOML_GU4DkKlgpB6p1Et8lxRVGLI 120 0 TXT 2016-01-29 23:28:00.828 +0000 UTC 2016-01-29 23:28:00.828 +0000 UTC}
    2016/01/30 00:28:14 [INFO][foo1.simone.io] acme: Could not find solver for: http-01
    2016/01/30 00:28:14 [INFO][foo1.simone.io] acme: Trying to solve DNS-01
    2016/01/30 00:28:15 simone.io
    2016/01/30 00:28:15 &{0 0 _acme-challenge.foo1 l_HB5ctb2M86FVcgpCaWgURVhCePNY9KIVQ0tsVH2Ew 120 0 TXT <nil> <nil>}
    2016/01/30 00:28:19 &{5340585 41571 _acme-challenge.foo1 l_HB5ctb2M86FVcgpCaWgURVhCePNY9KIVQ0tsVH2Ew 120 0 TXT 2016-01-29 23:28:15.996 +0000 UTC 2016-01-29 23:28:15.996 +0000 UTC}
    2016/01/30 00:28:19 [INFO][foo2.simone.io] acme: Could not find solver for: http-01
    2016/01/30 00:28:19 [INFO][foo2.simone.io] acme: Could not find solver for: tls-sni-01
    2016/01/30 00:28:19 [INFO][foo2.simone.io] acme: Trying to solve DNS-01
    2016/01/30 00:28:20 simone.io
    2016/01/30 00:28:20 &{0 0 _acme-challenge.foo2 rohi66Q0VHSEu0kR3LcGPkFEIftt47xHfeQercf8frU 120 0 TXT <nil> <nil>}
    2016/01/30 00:28:22 [INFO][foo2.simone.io] The server validated our request
    2016/01/30 00:28:23 &{5340586 41571 _acme-challenge.foo2 rohi66Q0VHSEu0kR3LcGPkFEIftt47xHfeQercf8frU 120 0 TXT 2016-01-29 23:28:21.051 +0000 UTC 2016-01-29 23:28:21.051 +0000 UTC}
    2016/01/30 00:28:24 [INFO][foo3.simone.io] acme: Could not find solver for: tls-sni-01
    2016/01/30 00:28:24 [INFO][foo3.simone.io] acme: Could not find solver for: http-01
    2016/01/30 00:28:24 [INFO][foo3.simone.io] acme: Trying to solve DNS-01
    2016/01/30 00:28:25 simone.io
    2016/01/30 00:28:25 &{0 0 _acme-challenge.foo3 gmn1sKV_0gP3BiOT3yZQywZq95akKRGup0IJs1cqdVo 120 0 TXT <nil> <nil>}
    2016/01/30 00:28:27 [INFO][foo3.simone.io] The server validated our request
    2016/01/30 00:28:28 &{5340587 41571 _acme-challenge.foo3 gmn1sKV_0gP3BiOT3yZQywZq95akKRGup0IJs1cqdVo 120 0 TXT 2016-01-29 23:28:25.616 +0000 UTC 2016-01-29 23:28:25.616 +0000 UTC}
    2016/01/30 00:28:28 map[foo1.simone.io:acme: Error 0 - urn:acme:error:connection - DNS problem: NXDOMAIN looking up TXT for _acme-challenge.foo1.simone.io
    Error Detail:
    ]
    exit status 1

This is the result of the latest (successful) run:

    ➜  letsencrypt-dnsimple git:(master) ✗ go run main.go --user xxx --api-key "xxx" --email "xxx@gmail.com" simone.io,yy.simone.io,xx.simone.io
    2016/01/30 21:34:01 .data/users/xxx@gmail.com
    2016/01/30 21:34:01 {xxx@gmail.com <nil> 0xc820070480}
    2016/01/30 21:34:02 [INFO] acme: Registering account for xxx@gmail.com
    2016/01/30 21:34:03 &{{ 116199 {RSA xxx} [mailto:xxx@gmail.com]   } https://acme-staging.api.letsencrypt.org/acme/reg/116199 https://acme-staging.api.letsencrypt.org/acme/new-authz https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf}
    2016/01/30 21:34:03 [INFO][simone.io, yy.simone.io, xx.simone.io] acme: Obtaining bundled SAN certificate
    2016/01/30 21:34:04 [INFO][simone.io] acme: Could not find solver for: tls-sni-01
    2016/01/30 21:34:04 [INFO][simone.io] acme: Could not find solver for: http-01
    2016/01/30 21:34:04 [INFO][simone.io] acme: Trying to solve DNS-01
    2016/01/30 21:34:13 [INFO][simone.io] The server validated our request
    2016/01/30 21:34:14 Searching for
    2016/01/30 21:34:14 simone.io
    2016/01/30 21:34:15 To delete:
    2016/01/30 21:34:15 {5341831 41571 _acme-challenge TX8-77TN9XHZHO510Yw20u1j89UhdgGXcwScKZHRGNY 120 0 TXT 2016-01-30 20:34:05.859 +0000 UTC 2016-01-30 20:34:05.859 +0000 UTC}
    2016/01/30 21:34:15 Will delete:
    2016/01/30 21:34:15 [{5341831 41571 _acme-challenge TX8-77TN9XHZHO510Yw20u1j89UhdgGXcwScKZHRGNY 120 0 TXT 2016-01-30 20:34:05.859 +0000 UTC 2016-01-30 20:34:05.859 +0000 UTC}]
    2016/01/30 21:34:15 [INFO][yy.simone.io] acme: Could not find solver for: http-01
    2016/01/30 21:34:15 [INFO][yy.simone.io] acme: Could not find solver for: tls-sni-01
    2016/01/30 21:34:15 [INFO][yy.simone.io] acme: Trying to solve DNS-01
    2016/01/30 21:34:18 [INFO][yy.simone.io] The server validated our request
    2016/01/30 21:34:19 Searching for
    2016/01/30 21:34:19 yy.simone.io
    2016/01/30 21:34:19 To delete:
    2016/01/30 21:34:19 {5341832 41571 _acme-challenge.yy pHolYM_OqxCThmL3nBA91qRCI6-oEIMG0YOJj3R1Xww 120 0 TXT 2016-01-30 20:34:17.176 +0000 UTC 2016-01-30 20:34:17.176 +0000 UTC}
    2016/01/30 21:34:19 Will delete:
    2016/01/30 21:34:19 [{5341832 41571 _acme-challenge.yy pHolYM_OqxCThmL3nBA91qRCI6-oEIMG0YOJj3R1Xww 120 0 TXT 2016-01-30 20:34:17.176 +0000 UTC 2016-01-30 20:34:17.176 +0000 UTC}]
    2016/01/30 21:34:20 [INFO][xx.simone.io] acme: Could not find solver for: tls-sni-01
    2016/01/30 21:34:20 [INFO][xx.simone.io] acme: Trying to solve DNS-01
    2016/01/30 21:34:23 [INFO][xx.simone.io] The server validated our request
    2016/01/30 21:34:23 Searching for
    2016/01/30 21:34:23 xx.simone.io
    2016/01/30 21:34:24 To delete:
    2016/01/30 21:34:24 {5341833 41571 _acme-challenge.xx LEr6l7KJCr6e7LlqyQgAbZbKCRmLFa5zNC8kNHK1FtQ 120 0 TXT 2016-01-30 20:34:21.793 +0000 UTC 2016-01-30 20:34:21.793 +0000 UTC}
    2016/01/30 21:34:24 Will delete:
    2016/01/30 21:34:24 [{5341833 41571 _acme-challenge.xx LEr6l7KJCr6e7LlqyQgAbZbKCRmLFa5zNC8kNHK1FtQ 120 0 TXT 2016-01-30 20:34:21.793 +0000 UTC 2016-01-30 20:34:21.793 +0000 UTC}]
    2016/01/30 21:34:25 [INFO][simone.io, yy.simone.io, xx.simone.io] acme: Validations succeeded; requesting certificates
    2016/01/30 21:34:26 [INFO] acme: Requesting issuer cert from https://acme-staging.api.letsencrypt.org/acme/issuer-cert
    2016/01/30 21:34:26 [INFO][simone.io] Server responded with a certificate.
    [INFO][https://acme-staging.api.letsencrypt.org/acme/cert/fae971fcb1ce12 c4d3bb95a1f577786cccfe] Certificate simone.io, yy.simone.io, xx.simone.io2016/01/30 21:34:26 145 <nil>
    2016/01/30 21:34:26 .data/certs/1454186041
    2016/01/30 21:34:26 completed!
2016-01-30 22:14:29 +01:00
Simone Carletti
753f9ca798 DNSimpleProvider: Fix bug with subdomains
When requesting a certificate for a subdomain, the DNS record was
attached to the domain instead.

E.g.

Requested:

    ww1.example.com

Created:

   _acme-challenge.example.com

instead of

    _acme-challenge.ww1.example.com
2016-01-30 00:03:50 +01:00
Simone Carletti
adc8afbb89 Update the path to the go lib 2016-01-29 23:47:56 +01:00
Simone Carletti
08516614dd DNSimpleProvider: implement Present/CleanUp 2016-01-26 15:09:33 +01:00
Simone Carletti
6a3297e36f DNSimpleProvider: fetch credentials from env
I also had to rename the `envAuth()` in the Cloudflare implementation
to avoid the "redeclared" error

    acme/dns_challenge_dnsimple.go:41: envAuth redeclared in this block
        previous declaration at acme/dns_challenge_cloudflare.go:154
2016-01-26 13:13:40 +01:00
Simone Carletti
bcfce0809a DNSimpleProvider: Check valid credentials 2016-01-26 12:25:51 +01:00
Simone Carletti
3f4b078329 Basic DNSimple implementation for DNSProvider 2016-01-26 12:14:10 +01:00