Lego: Errors returned by PreSolve are discarded
Hi,
I'm using lego to issue a wildcard certificate using the DNS challenge and the exec dns provider. This setup worked for a while, then something broke two weeks ago and now I'm in the process of finding out what's wrong. In the process I updated to the code in the master branch and noticed that when the script called by the exec provider returns an error during present, this error is just discarded.
Take the following script:
#!/bin/bash
echo "script is exiting now"
exit 1
produces the following output when used with lego (b05b54d1f69a31ceed92e2995243c5b17821c9e4):
export EXEC_PATH=./update.sh
./lego --domains '*.example.com' --dns-resolvers 8.8.8.8 --dns exec renew --days 30
2018/12/19 11:51:28 [INFO] [*.example.com] acme: Trying renewal with 255 hours remaining
2018/12/19 11:51:28 [INFO] [*.example.com] acme: Obtaining bundled SAN certificate
2018/12/19 11:51:29 [INFO] [*.example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/[...]
2018/12/19 11:51:29 [INFO] [*.example.com] acme: use dns-01 solver
2018/12/19 11:51:29 [INFO] [*.example.com] acme: Preparing to solve DNS-01
2018/12/19 11:51:29 script is exiting now
2018/12/19 11:51:29 [INFO] [*.example.com] acme: Trying to solve DNS-01
2018/12/19 11:51:29 [INFO] [*.example.com] acme: Checking DNS record propagation using [8.8.8.8:53]
2018/12/19 11:51:29 [INFO] Wait [timeout: 1m0s, interval: 2s]
Then it waits for the DNS record (which was never inserted) to propagate and eventually fails.
I found two places where this might have been caused:
- ~The error returned by
Present()is logged, but not returned in the DNS challenge implementation, here:~ https://github.com/xenolf/lego/blob/b05b54d1f69a31ceed92e2995243c5b17821c9e4/challenge/dns01/dns_challenge.go#L91-L96 - In
parallelSolve, the error is saved into a map under the target domain https://github.com/xenolf/lego/blob/b05b54d1f69a31ceed92e2995243c5b17821c9e4/challenge/resolver/prober.go#L137 but then looks it up using the authz(?) value: https://github.com/xenolf/lego/blob/b05b54d1f69a31ceed92e2995243c5b17821c9e4/challenge/resolver/prober.go#L152
The correction for the first issue is easy, but I'm not sure what to do with the parallelSolve. Let me know if there's anything else I can do to help.
fd0
All 6 comments
Oh wow, that's fast. Thank you!
fd0
on 19 Dec 2018
A well-documented problem is often quick to solve, so thank you :wink:
ldez
on 19 Dec 2018
Nice to see you here, @fd0! It's a great report. Thanks for the quick fix, @ldez.
mholt
on 19 Dec 2018
@ldez what about the error returned by Present()? is it okay to just drop the error there?
fd0
on 19 Dec 2018
the error is returned: return fmt.Errorf(...) is not a log.
ldez
on 19 Dec 2018
Oh! I totally missed that, sorry for the noise ;)
fd0
on 19 Dec 2018
Related issues
lenovouser
路
5Comments
richtr
路
5Comments
athanp
路
3Comments
voltagex
路
3Comments
moomerman
路
4Comments
Most helpful comment
A well-documented problem is often quick to solve, so thank you :wink: