Options displayed as 'undefined' in debug log #1
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I had troubled recently with the automated SSL certificate renewal. I ended having to do it manually with docker and a certbot-dns-cloudflare image. I am trying to figure out what went wrong. In the debug log messages, I see that the options usually displayed are now 'undefined':
Any idea what could be wrong?
I am using the le-challenge-cloudflare plugin with a delay of 10 seconds to get the DNS TXT data to update. Though it worked before, during the renewal, I could not see the 10-second delay being honored and the renewal was failing right away. I am going to add a log below.
Here is the full log of the failed renewal attempt:
What are the installed versions of these?
And what does your
approveDomains
function look like?I am using greenlock-express 2.7.8 with greenlock 2.7.22.
I am using approvedDomains and have not specified an approveDomains function, just like in the quick start example.
My code looks like this:
Must be a regression. I'm looking into it.
Thank you.
The log used to look like this:
This line in greenlock/index.js looks a little suspicious:
as no arguments are getting passed to cb2. Shouldn't a callback function be passed to gl.approveDomains after the opts argument?
First:
This is just a red herring that needs a better log message. It's normal to get this message on startup because no certs have been loaded yet at all. It's just a cache miss.
The second time it shows the certs, but the options aren't showing because the assignment was moved to after the logging (line 560 of lib/core.js).
This looks important:
I can indeed confirm that there is no TXT record
_greenlock-dryrun-7280.checkin.wednesdaynighthop.com
.I think this is an issue of fixing one bug caused another. I'm moving on to looking at
le-challenge-cloudflare
. I think it may be relying on_acme-challenge
as a hard-coded value, or I may have accidentally broken the contract and passed in the wrong value.I believe that if you set
skipChallengeTest: true
andskipDryRun: true
in the main options it will get around that issue.The TXT record is gone as I have renewed the certificate manually.
By the way, I am using this plugin: https://github.com/llun/le-challenge-cloudflare
P.S. The code is really nasty because I've attempted to maintain backwards compatibility while adding new features, sometimes with different API signatures. I'll have v3 out before November (the next mandatory Let's Encrypt API update) and I'll be deleting all backwards compatibility to drastically simplify the code.
There's already nice test harnesses
acme-challenge-test
andgreenlock-store-test
for the v3 API (available in greenlock v2.7+).Hmm I have log from my app from 3/2/19 and the options displayed correctly at launch. I had greenlock-express 2.6.7 at the time.
Would you mind putting some custom logging into le-challenge-cloudflare showing what's being passed into the arguments and sending that log to me? I'd do it myself, but I don't have cloudflare set up for my domains.
Right around here:
https://github.com/llun/le-challenge-cloudflare/blob/master/lib/index.js#L32
Here is what I get:
Hmm I see the expected hostname is wrong.
Greenlock expects this:
but the plugin is using:
By the way, the skipDryRun option does not seem to exist. I see this in acme-v2/node.js:
That's from within the dry run function, hence it calls with the
dryrun
option set. When it doesn't do the dry run, that code never executes.You only see the one option because it's the next acme-v2.js version in the queue (which is already implemented for https://greenlock.domains) that has the option
skipDryRun
separate fromskipChallengeTest
.If I set skipChallengeTest to true, the hostname is still different from
${acmePrefix}.${domain}
:I'm going to just remove the dry run so that I don't have to come up with a convoluted fix.
If I change it back to
_acme-challenge
then there's a DNS cache self-poisoning issue.In v3 I'll get it all cleanup up.
Alternatively, the plugin could be updated to make use of done.dnsHost to replace
${acmePrefix}.${domain}
.Or rather, the plugin should be updated to pass
acme-challenge-test
.I published a new patch version of greenlock that should unbreak le-challenge-cloudflare.
I also manually tested it with node v6.8 to try to make sure there were no other regressions.
Is it working for you now? Can I close out the issue?
I will test it out this Thursday, sorry for the delay.
I tested it out today and a new certificate was fetched without issue, so I think your fix worked. Thank you!
You're welcome. Thanks for the report and the help debugging.