GithubHelp home page GithubHelp logo

gandi's Introduction

Gandi module for Caddy

This package contains a DNS provider module for Caddy. It can be used to manage DNS records with Gandi accounts.

Caddy module name

dns.providers.gandi

Config examples

Caution

The API Key authentication is no longer supported and replaced by Personal Access Token

To use this module for the ACME DNS challenge, configure the ACME issuer in your Caddy JSON like so:

{
  "module": "acme",
  "dns": {
    "provider": {
      "name": "gandi",
      "bearer_token": "{env.GANDI_BEARER_TOKEN}"
    }
  }
}

or with the Caddyfile:

tls {
  dns gandi {env.GANDI_BEARER_TOKEN}
}

You can replace {env.GANDI_BEARER_TOKEN} with the actual auth token if you prefer to put it directly in your config instead of an environment variable.

Authenticating

See the associated README in the libdns package for important information about credentials.

gandi's People

Contributors

0xflotus avatar excid3 avatar francislavoie avatar obynio avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

0xflotus francislavoie emrysmyrddin excid3

gandi's Issues

License for this repo?

Hi to the maintainer: this is a very useful caddy plugin, but it does not have a software license file. Would you consider adding a license file so that people can be sure of the terms and conditions of reuse?

The Caddy core uses the Apache 2.0 license, and many plugins use either that or the MIT license.

Thanks in hope!

Various issues updating Dynamic DNS entry for a subdomain of a wildcard

Hello,

With a wildcard domain and two subdomains as configured here, I wish to have Dynamic DNS update only one of the subdomains, fw.DOMAIN.TLD, which is an A record. (The other subdomain is a CNAME pointing to fw, and therefore Dynamic DNS is only enabled for fw.)

Caddy is able to fetch a certificate using a DNS-01 challenge, so I know the Gandi token is good. However, the A record is not being updated.

Expected behavior
No error message and a single A record reflecting the tracked interface's IP.

Actual behavior
There was already an A record for fw in the DOMAIN.TLD zone with TTL 300 (the shortest TTL supported by Gandi). When the IP of the tracked interface matched what was already in DNS, the log output below was generated and no changes were made in Gandi DNS.

Most recent output at the top, with the first line being the error in question:

2024-06-07T21:13:13	Informational	caddy	"info","ts":"2024-06-07T21:13:13Z","logger":"dynamic_dns","msg":"domain not found in DNS","domain":"fw.DOMAIN.TLD"}
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","logger":"tls","msg":"finished cleaning storage units"}
2024-06-07T21:13:12	Warning	caddy	"warn","ts":"2024-06-07T21:13:12Z","logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/db/caddy/data/caddy","instance":"7dd70669-0cc4-4dfb-bf2b-ab10deedd5b9","try_again":"2024-06-08T21:13:12Z","try_again_in":86399.999999549}
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","msg":"serving initial configuration"}	
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","logger":"http","msg":"enabling automatic TLS certificate management","domains":["*.DOMAIN.TLD"]}
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x86c65a300"}
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","logger":"admin","msg":"admin endpoint started","address":"unix//var/run/caddy/caddy.sock","enforce_origin":false,"origins":["","//127.0.0.1","//::1"]}
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","logger":"admin.api","msg":"shutdown complete","exit_code":0}
2024-06-07T21:13:12	Informational	caddy	"info","ts":"2024-06-07T21:13:12Z","logger":"admin","msg":"stopped previous server","address":"unix//var/run/caddy/caddy.sock"}
2024-06-07T21:12:59	Informational	caddy	"info","ts":"2024-06-07T21:12:59Z","logger":"http","msg":"servers shutting down with eternal grace period"}
2024-06-07T21:12:59	Warning	caddy	"warn","ts":"2024-06-07T21:12:59Z","logger":"admin.api","msg":"exiting; byeee!! ๐Ÿ‘‹"}
2024-06-07T21:12:59	Informational	caddy	"info","ts":"2024-06-07T21:12:59Z","logger":"admin.api","msg":"received request","method":"POST","host":"127.0.0.1","uri":"/stop","remote_ip":"","remote_port":"","headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"User-Agent":["Go-http-client/1.1"]}}

However, while troubleshooting this issue I manually set the IP of the A record to 0.0.0.0, restarted Caddy, and:

  1. The TTL of that 0.0.0.0 record was changed from 300 to 3600 (matching the configured 1-hour TTL), but the IP was not changed; and
  2. a new A record (yes, duplicate label of fw) was created with TTL 3600 and the correct IP, resulting in both records being returned in queries. This is broken.

Here's the log output in that case, throwing the same domain not found in DNS error as above, but with two extra records above it which themselves seem correct:

2024-06-07T21:25:35	Informational	caddy	"info","ts":"2024-06-07T21:25:35Z","logger":"dynamic_dns","msg":"finished updating DNS","current_ips":["IP.ADD.RE.SS"]}
2024-06-07T21:25:35	Informational	caddy	"info","ts":"2024-06-07T21:25:35Z","logger":"dynamic_dns","msg":"updating DNS record","zone":"DOMAIN.TLD","type":"A","name":"fw","value":"IP.ADD.RE.SS","ttl":3600}
2024-06-07T21:25:35	Informational	caddy	"info","ts":"2024-06-07T21:25:35Z","logger":"dynamic_dns","msg":"domain not found in DNS","domain":"fw.DOMAIN.TLD"}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","logger":"tls","msg":"finished cleaning storage units"}
2024-06-07T21:25:34	Warning	caddy	"warn","ts":"2024-06-07T21:25:34Z","logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/db/caddy/data/caddy","instance":"7dd70669-0cc4-4dfb-bf2b-ab10deedd5b9","try_again":"2024-06-08T21:25:34Z","try_again_in":86399.999999349}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","msg":"serving initial configuration"}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","logger":"http","msg":"enabling automatic TLS certificate management","domains":["*.DOMAIN.TLD"]}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x86c0d1580"}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","logger":"admin","msg":"admin endpoint started","address":"unix//var/run/caddy/caddy.sock","enforce_origin":false,"origins":["","//127.0.0.1","//::1"]}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","logger":"admin.api","msg":"shutdown complete","exit_code":0}
2024-06-07T21:25:34	Informational	caddy	"info","ts":"2024-06-07T21:25:34Z","logger":"admin","msg":"stopped previous server","address":"unix//var/run/caddy/caddy.sock"}
2024-06-07T21:25:21	Informational	caddy	"info","ts":"2024-06-07T21:25:21Z","logger":"http","msg":"servers shutting down with eternal grace period"}
2024-06-07T21:25:21	Warning	caddy	"warn","ts":"2024-06-07T21:25:21Z","logger":"admin.api","msg":"exiting; byeee!! ๐Ÿ‘‹"}
2024-06-07T21:25:21	Informational	caddy	"info","ts":"2024-06-07T21:25:21Z","logger":"admin.api","msg":"received request","method":"POST","host":"127.0.0.1","uri":"/stop","remote_ip":"","remote_port":"","headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"User-Agent":["Go-http-client/1.1"]}}

Environment
OPNsense Business 24.4_8 (amd64)
caddy-custom 2.7.6.5.0.3.5.5_16
os-caddy 1.5.4_1

Downstream
The downstream maintainer of the Caddy plugin for.OPNsense has recommended I open the issue here.

LiveDNS returned a 403

I have a valid token in gandi for my domain and I get this error :

{"level":"error","ts":1694219741.370473,"logger":"tls.obtain","msg":"will retry","error":"[my.domain.tld] Obtain: [my.domain.tld] solving challenges: presenting for challenge: adding temporary record for zone "domain.tld.": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/*********************) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":2.588350617,"max_duration":2592000}

I can't understand why.

Can't build version 1.0.1 of plugin

I'm trying to build the current Caddy version with the Gandi Plugin but it fails.

docker file:

FROM caddy:2.2.1-builder AS builder

RUN xcaddy build v2.2.1 \
    --with github.com/caddy-dns/gandi

FROM caddy:2.2.1

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

Getting the following error message during build process:

Building web
Step 1/4 : FROM caddy:2.2.1-builder AS builder
 ---> 7fdc765c6443
Step 2/4 : RUN xcaddy build v2.2.1     --with github.com/caddy-dns/gandi
 ---> Running in ab3fbf199fe9
2020/11/17 15:40:09 [INFO] Temporary folder: /tmp/buildenv_2020-11-17-1540.327276530
2020/11/17 15:40:09 [INFO] Writing main module: /tmp/buildenv_2020-11-17-1540.327276530/main.go
2020/11/17 15:40:09 [INFO] Initializing Go module
2020/11/17 15:40:09 [INFO] exec (timeout=10s): /usr/local/go/bin/go mod init caddy 
go: creating new go.mod: module caddy
2020/11/17 15:40:09 [INFO] Pinning versions
2020/11/17 15:40:09 [INFO] exec (timeout=0s): /usr/local/go/bin/go get -d -v github.com/caddyserver/caddy/[email protected] 
go: downloading github.com/caddyserver/caddy/v2 v2.2.1
go: downloading golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
go: downloading github.com/caddyserver/certmagic v0.12.0
go: downloading go.uber.org/zap v1.15.0
go: downloading github.com/prometheus/client_golang v1.7.1
go: downloading go.uber.org/multierr v1.5.0
go: downloading go.uber.org/atomic v1.6.0
go: downloading github.com/golang/protobuf v1.4.2
go: downloading github.com/prometheus/procfs v0.1.3
go: downloading github.com/prometheus/common v0.10.0
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/prometheus/client_model v0.2.0
go: downloading github.com/klauspost/cpuid v1.2.5
go: downloading github.com/mholt/acmez v0.1.1
go: downloading github.com/miekg/dns v1.1.30
go: downloading github.com/cespare/xxhash v1.1.0
go: downloading google.golang.org/protobuf v1.24.0
go: downloading golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1
go: downloading github.com/cespare/xxhash/v2 v2.1.1
go: downloading golang.org/x/net v0.0.0-20200707034311-ab3426394381
go: downloading github.com/libdns/libdns v0.1.0
go: downloading github.com/matttproud/golang_protobuf_extensions v1.0.1
go: downloading golang.org/x/text v0.3.2
2020/11/17 15:40:13 [INFO] exec (timeout=0s): /usr/local/go/bin/go get -d -v github.com/caddy-dns/gandi 
go: downloading github.com/caddy-dns/gandi v1.0.1
go get github.com/caddy-dns/gandi: github.com/caddy-dns/[email protected]: verifying module: checksum mismatch
	downloaded: h1:oF64bX3y8St1KDvqDNHHKlsKSPfCcsjjlrAOY/6ochU=
	sum.golang.org: h1:LtTcFXwVqasaOQbJCd2WIQehTw0WPA8DrgKdievSMgU=

SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.
2020/11/17 15:40:15 [FATAL] exit status 1

403 denied from liveDNS

Hello,

I'm on a weird thing but i think, i didn't do something right.
Actually, caddy can't renew cetificate with challenge dns-01 method.

I already used the dns-01 challenge to create certificate and i t was working.
As gandi, recommand it, i use a PAT token.

I already test the right on the PAT token with a curl and it is working.

i'm using caddy with docker in rootless mode on a ubuntu raspeberry pi 4B:
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

Here you can find the log:

{"level":"info","ts":1714291592.4468634,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
{"level":"info","ts":1714291592.4477386,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x400065c980"}
{"level":"info","ts":1714291592.4479587,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1714291592.4480488,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"warn","ts":1714291592.4480925,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
{"level":"info","ts":1714291594.102408,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1714291594.1033092,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1714291594.1036127,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
{"level":"info","ts":1714291594.103691,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["crowdsec-lapi.one4all.icu","vaultwarden.one4all.icu","unifi.one4all.icu"]}
{"level":"info","ts":1714291594.1045113,"msg":"serving initial configuration"}
{"level":"info","ts":1714291594.1057403,"logger":"tls.obtain","msg":"acquiring lock","identifier":"crowdsec-lapi.one4all.icu"}
{"level":"info","ts":1714291594.1136107,"logger":"tls.obtain","msg":"acquiring lock","identifier":"vaultwarden.one4all.icu"}
{"level":"info","ts":1714291594.1140223,"logger":"tls.obtain","msg":"acquiring lock","identifier":"unifi.one4all.icu"}
{"level":"info","ts":1714291594.1153245,"logger":"tls.obtain","msg":"lock acquired","identifier":"crowdsec-lapi.one4all.icu"}
{"level":"warn","ts":1714291594.1156428,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"eee7b82e-de61-4f24-a189-ad02d59f1f71","try_again":1714377994.115637,"try_again_in":86399.999997166}
{"level":"info","ts":1714291594.1158938,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"crowdsec-lapi.one4all.icu"}
{"level":"info","ts":1714291594.1158996,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1714291594.118876,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["crowdsec-lapi.one4all.icu"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1714291594.1190138,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["crowdsec-lapi.one4all.icu"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1714291594.1246433,"logger":"tls.obtain","msg":"lock acquired","identifier":"vaultwarden.one4all.icu"}
{"level":"info","ts":1714291594.1254735,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"vaultwarden.one4all.icu"}
{"level":"info","ts":1714291594.1284652,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["vaultwarden.one4all.icu"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1714291594.1285927,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["vaultwarden.one4all.icu"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1714291594.1290307,"logger":"tls.obtain","msg":"lock acquired","identifier":"unifi.one4all.icu"}
{"level":"info","ts":1714291594.129561,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"unifi.one4all.icu"}
{"level":"info","ts":1714291594.1325417,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["unifi.one4all.icu"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1714291594.1326861,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["unifi.one4all.icu"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1714291595.2538826,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"vaultwarden.one4all.icu","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1714291595.3295097,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1714291595.402556,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"vaultwarden.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.vaultwarden.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"info","ts":1714291595.4149024,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"unifi.one4all.icu","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1714291595.4709754,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.crowdsec-lapi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291595.552268,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"unifi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.unifi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291595.5725703,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vaultwarden.one4all.icu","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[vaultwarden.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme-v02.api.letsencrypt.org/acme/order/1696472417/264777802507) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1714291595.5755095,"logger":"tls.issuance.zerossl","msg":"waiting on internal rate limiter","identifiers":["vaultwarden.one4all.icu"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1714291595.575645,"logger":"tls.issuance.zerossl","msg":"done waiting on internal rate limiter","identifiers":["vaultwarden.one4all.icu"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"error","ts":1714291595.6430342,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"crowdsec-lapi.one4all.icu","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[crowdsec-lapi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme-v02.api.letsencrypt.org/acme/order/1696472417/264777802607) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1714291595.6467245,"logger":"tls.issuance.zerossl","msg":"waiting on internal rate limiter","identifiers":["crowdsec-lapi.one4all.icu"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1714291595.6470873,"logger":"tls.issuance.zerossl","msg":"done waiting on internal rate limiter","identifiers":["crowdsec-lapi.one4all.icu"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"error","ts":1714291595.7190344,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"unifi.one4all.icu","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[unifi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme-v02.api.letsencrypt.org/acme/order/1696472417/264777802697) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1714291595.7227662,"logger":"tls.issuance.zerossl","msg":"waiting on internal rate limiter","identifiers":["unifi.one4all.icu"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1714291595.7229846,"logger":"tls.issuance.zerossl","msg":"done waiting on internal rate limiter","identifiers":["unifi.one4all.icu"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"error","ts":1714291596.0755703,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vaultwarden.one4all.icu","issuer":"acme.zerossl.com-v2-DV90","error":"[vaultwarden.one4all.icu] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1714291596.075835,"logger":"tls.obtain","msg":"will retry","error":"[vaultwarden.one4all.icu] Obtain: [vaultwarden.one4all.icu] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":1.950902328,"max_duration":2592000}
{"level":"info","ts":1714291596.7413254,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"unifi.one4all.icu","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1714291596.7513735,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1714291596.792135,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"unifi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.unifi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291596.842961,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.crowdsec-lapi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291597.1495845,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"unifi.one4all.icu","issuer":"acme.zerossl.com-v2-DV90","error":"[unifi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/QFMF3RLxy-LyGX7NcONblg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1714291597.149984,"logger":"tls.obtain","msg":"will retry","error":"[unifi.one4all.icu] Obtain: [unifi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/QFMF3RLxy-LyGX7NcONblg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":3.020867167,"max_duration":2592000}
{"level":"error","ts":1714291597.1792266,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"crowdsec-lapi.one4all.icu","issuer":"acme.zerossl.com-v2-DV90","error":"[crowdsec-lapi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/NMFUeiA-SOvq0hanzmHzYQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1714291597.1794944,"logger":"tls.obtain","msg":"will retry","error":"[crowdsec-lapi.one4all.icu] Obtain: [crowdsec-lapi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/NMFUeiA-SOvq0hanzmHzYQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":3.064084069,"max_duration":2592000}
{"level":"error","ts":1714291610.0469487,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"167.94.145.101","remote_port":"51528","client_ip":"167.94.145.101","proto":"HTTP/1.1","method":"GET","host":"78.122.83.202:80","uri":"/","headers":{}},"bytes_read":0,"user_id":"","duration":0.000051055,"size":9,"status":404,"resp_headers":{"Server":["Caddy"],"Content-Type":["text/plain; charset=utf-8"]}}
{"level":"error","ts":1714291613.1010063,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"167.94.145.101","remote_port":"55996","client_ip":"167.94.145.101","proto":"HTTP/1.1","method":"GET","host":"78.122.83.202","uri":"/","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"]}},"bytes_read":0,"user_id":"","duration":0.000046259,"size":9,"status":404,"resp_headers":{"Server":["Caddy"],"Content-Type":["text/plain; charset=utf-8"]}}
{"level":"error","ts":1714291613.1483254,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"167.94.145.101","remote_port":"56012","client_ip":"167.94.145.101","proto":"HTTP/2.0","method":"PRI","host":"","uri":"*","headers":{}},"bytes_read":0,"user_id":"","duration":0.00005063,"size":9,"status":404,"resp_headers":{"Server":["Caddy"],"Content-Type":["text/plain; charset=utf-8"]}}
{"level":"info","ts":1714291656.078281,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"vaultwarden.one4all.icu"}
{"level":"info","ts":1714291657.1435564,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"vaultwarden.one4all.icu","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1714291657.1511674,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"unifi.one4all.icu"}
{"level":"info","ts":1714291657.1803553,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"crowdsec-lapi.one4all.icu"}
{"level":"error","ts":1714291657.1817722,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"vaultwarden.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.vaultwarden.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291657.3623273,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vaultwarden.one4all.icu","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[vaultwarden.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/146197004/16197608674) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1714291657.6927218,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"unifi.one4all.icu","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1714291657.7261112,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1714291657.7327712,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"unifi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.unifi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291657.7867808,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.crowdsec-lapi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291657.9070628,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"unifi.one4all.icu","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[unifi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/146197004/16197608794) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1714291657.963719,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"crowdsec-lapi.one4all.icu","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[crowdsec-lapi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/146197004/16197608814) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1714291658.267437,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"vaultwarden.one4all.icu","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1714291658.3218498,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"vaultwarden.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.vaultwarden.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291658.6207426,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vaultwarden.one4all.icu","issuer":"acme.zerossl.com-v2-DV90","error":"[vaultwarden.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/KvYbOVZqvf0hZXfxNYsu7A) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1714291658.6210153,"logger":"tls.obtain","msg":"will retry","error":"[vaultwarden.one4all.icu] Obtain: [vaultwarden.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/KvYbOVZqvf0hZXfxNYsu7A) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":64.496082984,"max_duration":2592000}
{"level":"info","ts":1714291658.841263,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"unifi.one4all.icu","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1714291658.891976,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"unifi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.unifi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"info","ts":1714291658.8953407,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1714291658.9344628,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.crowdsec-lapi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291659.1847923,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"unifi.one4all.icu","issuer":"acme.zerossl.com-v2-DV90","error":"[unifi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/0x3t7TgR9ks-XXc_MeCOiA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1714291659.1850808,"logger":"tls.obtain","msg":"will retry","error":"[unifi.one4all.icu] Obtain: [unifi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/0x3t7TgR9ks-XXc_MeCOiA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":65.055963739,"max_duration":2592000}
{"level":"error","ts":1714291659.2969759,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"crowdsec-lapi.one4all.icu","issuer":"acme.zerossl.com-v2-DV90","error":"[crowdsec-lapi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/V1jKmx1tSg8JFyp3sy0oEA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1714291659.2972617,"logger":"tls.obtain","msg":"will retry","error":"[crowdsec-lapi.one4all.icu] Obtain: [crowdsec-lapi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/V1jKmx1tSg8JFyp3sy0oEA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":65.181851407,"max_duration":2592000}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.