Skip to content

Add DNS provider for Active24 #2478

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 11, 2025
Merged

Add DNS provider for Active24 #2478

merged 5 commits into from
Mar 11, 2025

Conversation

@ldez
Copy link
Member

@ldez ldez commented Mar 10, 2025
edited
Loading

  • adds a description to your PR
  • have a homogeneous design with the other providers
  • add tests (units)
  • add tests ("live")
  • add a provider descriptor
  • generate CLI help, documentation, and readme.
  • be able to do: (and put the output of this command to a comment) 
    make build
rm -rf .lego

ACTIVE24_API_KEY="xxx" \
ACTIVE24_SECRET="yyy" \
./dist/lego -m [email protected] --dns active24 -d '*.example.com' -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
    Note the wildcard domain is important.
  • pass the linter
  • do go mod tidy

Ping @foxtrotcz, can you run the command (with your domain, email, credentials, etc.)?

Closes #2477

How to test this PR?
  1. You need Go
  2. Checkout the PR: 
    git clone https://github.com/ldez/lego.git
cd lego
git checkout ldez:wip/active24
  3. Compile lego:
    • if you have make: make build
    • if you don't make make: go build -o dist/lego ./cmd/lego
  4. Run the following command with your information (email, domain, credentials): 
    ACTIVE24_API_KEY="xxx" \
ACTIVE24_SECRET="yyy" \
./dist/lego -m [email protected] --dns active24 -d '*.example.com' -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
    The wildcard domain is important
  5. Before each run of the command, you should clean your local environment: 
    rm -rf .lego

@foxtrotcz
Copy link

foxtrotcz commented Mar 10, 2025
edited by ldez
Loading

Wow, you are fast.
It doesn't clear the TXT record, otherwise it works and certificates are created in folder.
I redacted personal info from output.

REDACTED@ubuntu-server1:~/lego$ ACTIVE24_API_KEY="REDACTED" \
ACTIVE24_SECRET="REDACTED" \
./dist/lego -m [email protected] --dns active24 -d '*.REDACTED.com' -d REDACTED.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
2025/03/10 21:59:04 No key found for account [email protected]. Generating a P256 key.
2025/03/10 21:59:04 Saved key to /home/REDACTED/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2025/03/10 21:59:05 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf
Do you accept the TOS? Y/n
y
2025/03/10 21:59:08 [INFO] acme: Registering account for [email protected]
!!!! HEADS UP !!!!

Your account credentials have been saved in your
configuration directory at "/home/REDACTED/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from the ACME server so making regular
backups of this folder is ideal.
2025/03/10 21:59:08 [INFO] [*.REDACTED.com, REDACTED.com] acme: Obtaining bundled SAN certificate
2025/03/10 21:59:09 [INFO] [*.REDACTED.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/REDACTED/REDACTED
2025/03/10 21:59:09 [INFO] [REDACTED.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/REDACTED/REDACTED
2025/03/10 21:59:09 [INFO] [*.REDACTED.com] acme: use dns-01 solver
2025/03/10 21:59:09 [INFO] [REDACTED.com] acme: Could not find solver for: tls-alpn-01
2025/03/10 21:59:09 [INFO] [REDACTED.com] acme: Could not find solver for: http-01
2025/03/10 21:59:09 [INFO] [REDACTED.com] acme: use dns-01 solver
2025/03/10 21:59:09 [INFO] [*.REDACTED.com] acme: Preparing to solve DNS-01
2025/03/10 21:59:10 [INFO] [REDACTED.com] acme: Preparing to solve DNS-01
2025/03/10 21:59:10 [INFO] [*.REDACTED.com] acme: Trying to solve DNS-01
2025/03/10 21:59:10 [INFO] [*.REDACTED.com] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2025/03/10 21:59:12 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2025/03/10 21:59:20 [INFO] [*.REDACTED.com] The server validated our request
2025/03/10 21:59:20 [INFO] [REDACTED.com] acme: Trying to solve DNS-01
2025/03/10 21:59:20 [INFO] [REDACTED.com] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2025/03/10 21:59:22 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2025/03/10 21:59:25 [INFO] [REDACTED.com] The server validated our request
2025/03/10 21:59:25 [INFO] [*.REDACTED.com] acme: Cleaning DNS-01 challenge
2025/03/10 21:59:26 [WARN] [*.REDACTED.com] acme: cleaning up failed: active24: find record ID: no record found
2025/03/10 21:59:26 [INFO] [REDACTED.com] acme: Cleaning DNS-01 challenge
2025/03/10 21:59:26 [WARN] [REDACTED.com] acme: cleaning up failed: active24: find record ID: no record found
2025/03/10 21:59:26 [INFO] [*.REDACTED.com, REDACTED.com] acme: Validations succeeded; requesting certificates
2025/03/10 21:59:26 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2025/03/10 21:59:27 [INFO] [*.REDACTED.com] Server responded with a certificate.

Content of https://acme-staging-v02.api.letsencrypt.org/acme/authz/ links:

{
  "identifier": {
    "type": "dns",
    "value": "REDACTED.com"
  },
  "status": "valid",
  "expires": "2025-04-09T20:59:22Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/REDACTED/REDACTED/REDACTED",
      "status": "valid",
      "validated": "2025-03-10T20:59:22Z",
      "token": "REDACTED",
      "validationRecord": [
        {
          "hostname": "REDACTED.com"
        }
      ]
    }
  ]
}

{
  "identifier": {
    "type": "dns",
    "value": "REDACTED.com"
  },
  "status": "valid",
  "expires": "2025-04-09T20:59:13Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/REDACTED/REDACTED/REDACTED",
      "status": "valid",
      "validated": "2025-03-10T20:59:12Z",
      "token": "REDACTED",
      "validationRecord": [
        {
          "hostname": "REDACTED.com"
        }
      ]
    }
  ],
  "wildcard": true
}

@ldez
Copy link
Member Author

ldez commented Mar 10, 2025

I added some debug logs to diagnose the problem with the record deletion.

@foxtrotcz
Copy link

foxtrotcz commented Mar 11, 2025
edited
Loading

Ok, I think I got it. Relevant output record:
type: TXT, name: _acme-challenge.mydomain.com, content: code (_acme-challenge, code)

Currently you check subDomain but you need to check against full domain.

lego/providers/dns/active24/active24.go

Line 211 in 44e2e96

if record.Name != subDomain {

Another interesting thing, the output in records contained all my DNS. Not just the filtered ones. So it looks like this filter in API doesnt work. I tried to get the filter working myself in Python, but no luck.
But you still should use full domain, not subdomain on this line in case it starts to work in future.

lego/providers/dns/active24/active24.go

Line 193 in 44e2e96

Name: subDomain,

@ldez
Copy link
Member Author

ldez commented Mar 11, 2025

I updated the code, can you try again?

@foxtrotcz
Copy link

Yes, now everything works.

Maybe I would just add note about the API filter not working in case its relevant in the future.

lego/providers/dns/active24/active24.go

Line 192 in 44e2e96

filter := internal.RecordFilter{

@ldez ldez removed the waiting-for/user-tests Need users to test functionality label Mar 11, 2025
@ldez ldez added this to the unreleased milestone Mar 11, 2025
@ldez ldez marked this pull request as ready for review March 11, 2025 16:29
@ldez ldez requested a review from dmke March 11, 2025 16:29
dmke
dmke approved these changes Mar 11, 2025
View reviewed changes
Copy link
Member

@dmke dmke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ldez ldez merged commit 730af10 into go-acme:master Mar 11, 2025
7 checks passed
@ldez ldez deleted the wip/active24 branch March 11, 2025 16:54
@ldez ldez mentioned this pull request Mar 11, 2025
Merged
@ldez ldez modified the milestones: unreleased, v4.23 Apr 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmke dmke dmke approved these changes

Assignees

No one assigned

Labels

area/dnsprovider enhancement

Milestone

v4.23

Development

Successfully merging this pull request may close these issues.

Support for provider: Active24

3 participants

@ldez @foxtrotcz @dmke