Lego: Azure Authentication broken

Created on 9 Aug 2017  Â·  12Comments  Â·  Source: go-acme/lego

When trying to use azure dns it fails with the following:

Error: autorest/azure: Service returned an error. Status=401 Code="AuthenticationFailed" Message="Authentication failed. The 'Authorization' header is missing.""

Any ideas @buckett @xenolf ?

picture annerajb

All 12 comments

Could you try updating the azure dependency?

xenolf picture xenolf on 10 Aug 2017

Can you elaborate a little bit I haven't used go before. Looking at your
code it seems it points to the GitHub of the go azure sdk. And there is no
commit pinning the version.

On Thu, Aug 10, 2017, 6:10 AM xenolf notifications@github.com wrote:

Could you try updating the azure dependency?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/xenolf/lego/issues/418#issuecomment-321510300, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AA14XnARandHDbncfNmELjmkUfJ7i-Yfks5sWtctgaJpZM4OybjB
.

annerajb picture annerajb on 10 Aug 2017

Run go get -u github.com/Azure/azure-sdk-for-go and go get -u github.com/Azure/go-autorest

mholt picture mholt on 10 Aug 2017

Thanks I think that was the issue the vendored versions where too old
for reference: https://github.com/janeczku/rancher-letsencrypt/pull/90

annerajb picture annerajb on 11 Aug 2017
👍1

Hi,

I don't know too much about golang so maybe I am doing something wrong, but I am not able to fix that problem with go get -u github.com/Azure/azure-sdk-for-go and go get -u github.com/Azure/go-autorest.

I tried this:

skuda@skuda ~/go/src/github.com/xenolf/lego (master) $ go get -u github.com/Azure/azure-sdk-for-go
package github.com/Azure/azure-sdk-for-go: no buildable Go source files in /home/skuda/go/src/github.com/Azure/azure-sdk-for-go

skuda@skuda ~/go/src/github.com/xenolf/lego (master) $ go get -u github.com/Azure/go-autorest
package github.com/Azure/go-autorest: no buildable Go source files in /home/skuda/go/src/github.com/Azure/go-autorest

skuda@skuda ~/go/src/github.com/xenolf/lego (master) $ go clean .
skuda@skuda ~/go/src/github.com/xenolf/lego (master) $ go build -a -o /tmp/lego .

skuda@skuda ~/go/src/github.com/xenolf/lego (master) $ /tmp/lego --email [email protected] --domains www.example.com --dns azure run
2017/08/17 20:35:04 [INFO][www.example.com] acme: Obtaining bundled SAN certificate
2017/08/17 20:35:06 [INFO][www.example.com] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/7n3h3UiLQhnjYnV33455O3NEmzkn-T6JDLXXCC5IvAU
2017/08/17 20:35:06 [INFO][www.example.com] acme: Could not find solver for: http-01
2017/08/17 20:35:06 [INFO][www.example.com] acme: Could not find solver for: tls-sni-01
2017/08/17 20:35:06 [INFO][www.example.com] acme: Trying to solve DNS-01
2017/08/17 20:35:07 [www.example.com] Could not obtain certificates
    Error presenting token: dns.ZonesClient#Get: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="AuthenticationFailed" Message="Authentication failed. The 'Authorization' header is missing."

How should I compile lego to be able to use it with Azure DNS? Thanks!

skuda picture skuda on 17 Aug 2017

you are not alone.
i forgot to update this.
after building a new image that actually included the latest lego it still didn't work.

annerajb picture annerajb on 17 Aug 2017

@skuda , you need to keep these libraries in sync, not necessarily at master. You can find the matching versions from azure sdk's Github release page. https://github.com/Azure/azure-sdk-for-go/releases

tamalsaha picture tamalsaha on 22 Aug 2017

I verified and they are synced to the glide.lock of azure-sdk-for-go repository.
I tested it using the Dockerfile and passing my azure arguments.

annerajb picture annerajb on 23 Aug 2017

@tamalsaha , thank you but I can't get it to work, I tried using version listed here https://github.com/Azure/azure-sdk-for-go/blob/v10.2.1-beta/glide.lock and versions listed here https://github.com/annerajb/rancher-letsencrypt/blob/a324355884ac08223409ffbe31854510c905c06d/vendor.conf

I can't get any of those to work, I always get the same error, if someone knows what tags should I be using please let me know!

skuda picture skuda on 23 Aug 2017

Can confirm this is still an issue in release lego version 0.4.0 installed via Homebrew.
Have tried the above steps to build with latest versions of Azure/azure-sdk-for-go and Azure/go-autorest but to no avail. Does anybody have any ideas?

Edit

Also tried using the tags from annerajb/rancher-letsencrypt vendor.conf file (listed below) but still getting same error.

vendor.conf

github.com/aws/aws-sdk-go                           v1.8.6
github.com/Azure/azure-sdk-for-go                   v10.2.1-beta
github.com/Azure/go-autorest                        0545944

Tried with github.com/xenolf/lego checked out to:

  • master
  • tag v0.4.0
  • commit aaa8e70 from the above vendor.conf

All versions fail with error:

2017/09/25 14:09:10 [www.example.com] Could not obtain certificates
        Error presenting token: dns.ZonesClient#Get: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="AuthenticationFailed" Message="Authentication failed. The 'Authorization' header is missing."
kisamoto picture kisamoto on 25 Sep 2017

This should be fixed now. Could you verify the fix in current master before I push a new release?

xenolf picture xenolf on 25 Sep 2017
1

@xenolf can confirm fix on current master (330458372443df416615174dab032ca417cba382) using master branches of Azure services works.

Thanks!

kisamoto picture kisamoto on 26 Sep 2017
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Kuchenm0nster picture Kuchenm0nster  Â·  4Comments
voltagex picture voltagex  Â·  3Comments
AlbinOS picture AlbinOS  Â·  3Comments
kuuji picture kuuji  Â·  4Comments
bouwerp picture bouwerp  Â·  3Comments