邮文qwq
1
1Panel 版本:v1.8.2
部署方式:使用官方文档中,在线安装quick_start.sh安装在ubuntu-22.04中
浏览器版本:(使用User-Agent代替吧)
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
问题描述:
在如图所示界面(敏感信息已用白色涂抹),使用创建证书功能
以example.com
为例,按照下图形式填写,为service.test.example.com
创建证书
在创建完成证书后,会导致
test.example.com
本身的DNS A解析记录被删除,情况如图所示(阿里云DNS操作记录)
这使申请完证书后,网站无法访问,必须重新手动恢复DNS解析记录。还请麻烦官方排查一下原因,谢谢啦
已有用户反馈过这个问题 我们复现一下
下个版本会重构证书模块
你可以到时候再试一下
1 个赞
邮文qwq
3
好的,感谢解答(发帖前其实有粗略检索了一下,不过没发现相同问题的帖子,抱歉
发现出错时候经常是还有其他TXT记录时候,并且域名已经手动添加正确IP,也会被删掉,还有该域名的泛解析域名,如果域名是二级域名,二级域名的泛解析,如 *.aaa.bbb.ccc,更容易被删。同时创建证书失败。其他系统同样使用此DNSPOD API KEY,创建记录并申请证书是正常的。
我也遇到了同样的问题,自动续签证书导致解析被删除,
我的解析方案是:
一个 A 记录 xxx-server. example.com => ip
其他地址 cname 到 xxx-server. example.com
刚刚自动续期导致 xxx-server. example.com 记录被删除,
项目直接无法访问,我使用的是 DNSPOD API,我的证书是泛解析,
在续期的时候出现这个问题。
下面是我的日志:
2024/01/01 01:10:37 开始申请证书,域名 [example.com,*.example.com] 申请方式 [DNS 自动] DNS 账号 [acme] 厂商 [DnsPod]
2024/01/01 01:10:37 [INFO] [example.com, *.example.com] acme: Obtaining bundled SAN certificate
2024/01/01 01:10:38 [INFO] [*.example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/*********
2024/01/01 01:10:38 [INFO] [example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/*********
2024/01/01 01:10:38 [INFO] [*.example.com] acme: use dns-01 solver
2024/01/01 01:10:38 [INFO] [example.com] acme: Could not find solver for: tls-alpn-01
2024/01/01 01:10:38 [INFO] [example.com] acme: Could not find solver for: http-01
2024/01/01 01:10:38 [INFO] [example.com] acme: use dns-01 solver
2024/01/01 01:10:38 [INFO] [*.example.com] acme: Preparing to solve DNS-01
2024/01/01 01:10:38 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "ali-server-gz.example.com."
2024/01/01 01:10:39 [INFO] [example.com] acme: Preparing to solve DNS-01
2024/01/01 01:10:39 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "ali-server-gz.example.com."
2024/01/01 01:10:40 [INFO] [*.example.com] acme: Trying to solve DNS-01
2024/01/01 01:10:40 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "ali-server-gz.example.com."
2024/01/01 01:10:40 [INFO] [*.example.com] acme: Checking DNS record propagation using [100.100.2.136:53 100.100.2.138:53]
2024/01/01 01:10:45 [INFO] Wait for propagation [timeout: 1h0m0s, interval: 5s]
2024/01/01 01:10:51 [INFO] [example.com] acme: Trying to solve DNS-01
2024/01/01 01:10:51 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "ali-server-gz.example.com."
2024/01/01 01:10:51 [INFO] [example.com] acme: Checking DNS record propagation using [100.100.2.136:53 100.100.2.138:53]
2024/01/01 01:10:56 [INFO] Wait for propagation [timeout: 1h0m0s, interval: 5s]
2024/01/01 01:11:04 [INFO] [*.example.com] acme: Cleaning DNS-01 challenge
2024/01/01 01:11:04 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "ali-server-gz.example.com."
2024/01/01 01:11:06 [INFO] [example.com] acme: Cleaning DNS-01 challenge
2024/01/01 01:11:06 [INFO] Found CNAME entry for "_acme-challenge.example.com.": "ali-server-gz.example.com."
2024/01/01 01:11:06 [WARN] [example.com] acme: cleaning up failed: API call has failed: could not get domains: 记录列表为空
2024/01/01 01:11:07 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/***********
2024/01/01 01:11:07 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/*********
2024/01/01 01:11:08 申请 [example.com] 证书失败, error: one or more domains had a problem:
[*.example.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: No TXT record found at _acme-challenge.example.com
[example.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: No TXT record found at _acme-challenge.example.com
申请证书那天正好编辑过dns记录,我还以为是我自己删的呢。
当前有很多用户反馈这个问题 但是我们用自己的 DNSPOD 账号还没有复现 如果有小伙伴可以提供 能复现的 DNSPOD 账号 可以加我企业微信