DNS challenge for letsencrypt #144

Teifun2 · 2024-05-04T08:58:28Z

I implemented the DNS challenge for SSL Certificates. #49

Some things to note:

I only enabled DNS Challenge for Lets Encrypt as i have no idea how this interacts with other ACME providers.
The DNS Credentials and the Provider are needed for Renew aswell so they had to be saved.
I used a similar approach to setEAB. The Provider and Credentials are stored in the Database, with the filename of the certificate as key.
DNS Certificates can have Wildcards. I replaced these in the filename with _ as it cannot be stored otherwhise. [QUESTION] Wildcard lets'encrypt certificat #79
The Required Parameters for the DNS check are saved into the Environment Variables of the Application.
This was the only way i found how i could dynamically support all DNS providers without custom code for all of them.
I only tested the whole thing with the DNS provider Dynu and it worked without any issues,
I did not test how autorenew works. Altough i checked the code and it should probably work i did not test it.
If somone tells me how i can trigger the autorenew to kick in early then i can test this!
This is my first contribution, so it is very likely that i missed something!

Teifun2 · 2024-05-04T09:01:24Z

providers-scraper-util.js

This is just a helper file, that could be usefull in the future to update the supported list of dns providers. I can also remove it if it is not required.

Teifun2 · 2024-05-04T09:01:51Z

src/acme.go

All Port changes are not required if the challenge is dns based

Teifun2 · 2024-05-04T09:03:10Z

src/cert.go

This is porbably the most danegours line here. I am not sure if this will crash for existing certificates (it should not)

But backwards compatability would need to be checked!

In my current testing setup i had no existing certificates.

I am not sure about this, but I guess the author for TLS certificate config was by daluntw.

Hi @daluntw , you mind validating if this change here will not cause any problems? Many thanks!

I mainly do changes in src/mod/acme, the change on this files lgtm, but I do think handleListCertificate can be rewritten, it seems weird now.

I also agree that DNS bool can be more clarify

Teifun2 · 2024-05-04T09:03:32Z

src/go.sum

Many Many dependencies are added due to the different acme-lego providers that are supported

tobychui

Thanks for the good work!
I commented a few minor coding style and potential panic problems. Using the environment variable is a sub-optimal implementation, but if it works, it works. 👍🏻 .

As I am not the author of the ACME module, actual test has to be done by @yeungalan before I can merge this. After the merge, I will see if there are any way I could further optimize the UI (maybe an automatic generated form instead of a textarea) and figure out a way to not use the environment variable.

Again, thanks so much for your hard work and clean code!

tobychui · 2024-05-04T09:18:10Z

src/acme.go

-			isForceHttpsRedirectEnabledOriginally = true
-		}
+	dnsPara, _ := utils.PostPara(r, "dns")
+	if dnsPara == "false" {


It would be better also check for if dnsPara == "" (and error), which might occurs if the dns post parameter is missing

tobychui · 2024-05-04T09:20:32Z

src/cert.go

I am not sure about this, but I guess the author for TLS certificate config was by daluntw.

Hi @daluntw , you mind validating if this change here will not cause any problems? Many thanks!

tobychui · 2024-05-04T09:21:41Z

src/cert.go

@@ -46,6 +47,7 @@ func handleListCertificate(w http.ResponseWriter, r *http.Request) {
 			LastModifiedDate string
 			ExpireDate       string
 			RemainingDays    int
+			DNS              bool


Maybe change this to something like RequireDNSValidation or IsDNSCert so future contributor can better sure what this field is for?

tobychui · 2024-05-04T09:22:42Z

src/mod/acme/acme.go

@@ -79,7 +80,7 @@ func NewACME(acmeServer string, port string, database *database.Database) *ACMEH
 }

 // ObtainCert obtains a certificate for the specified domains.
-func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email string, caName string, caUrl string, skipTLS bool) (bool, error) {
+func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email string, caName string, caUrl string, skipTLS bool, dns bool) (bool, error) {


Same for this new parameter, something like useDNS bool will be better.

tobychui · 2024-05-04T09:25:48Z

src/mod/acme/autorenew.go

+		return
+	}
+
+	if !a.AcmeHandler.Database.TableExists("acme") {


NewTable function will check for if table exists by default. You can directly use NewTable without the need to check if it exists.

tobychui · 2024-05-04T10:33:58Z

src/web/snippet/acme.html

+      }
+
+      //Filename cannot contain wildcards, and wildcards are possible with DNS challenges
+      filename = filename.replace("*", "_");


A backend replacement logic for * to _ is also needed. Only replacing & checking in front-end is a dangerous implementation.

tobychui · 2024-05-04T10:35:25Z

src/web/components/cert.html

@@ -357,7 +361,8 @@ <h4 class="ui header" id="acmeAutoRenewer">
                        <td>${entry.Domain}</td>
                        <td>${entry.LastModifiedDate}</td>
                        <td class="${isExpired?"expired":"valid"} certdate">${entry.ExpireDate} (${!isExpired?entry.RemainingDays+" days left":"Expired"})</td>
-                        <td><button title="Renew Certificate" class="ui mini basic icon button renewButton" onclick="renewCertificate('${entry.Domain}', this);"><i class="ui green refresh icon"></i></button></td>
+                        <td><i class="${entry.DNS?"green check": "red times"} circle outline icon"></i></td>
+                        <td><button title="Renew Certificate" class="ui mini basic icon button renewButton" onclick="renewCertificate('${entry.Domain}', '${entry.DNS}', this);"><i class="ui green refresh icon"></i></button></td>


If you updated the backend struct field names, remember to change these as well.

Teifun2 · 2024-05-04T11:05:45Z

Using the environment variable is a sub-optimal implementation, but if it works, it works. 👍🏻 .

I am also not a fan of doing it this way. However it was the only way i found that could support all Providers without any custom implementation.

As you can see here there is an implementation that selects the correct DNSChallengeProvider by name:
https://github.com/go-acme/lego/blob/master/providers/dns/dns_providers.go

However this always uses the default DNSChallengeProvider constructor.
ex: https://github.com/go-acme/lego/blob/master/providers/dns/namecheap/namecheap.go#L131

The default constructor implementation always uses environment variables.

Each provider also has a constructor with config:
NewDNSProviderConfig
https://github.com/go-acme/lego/blob/master/providers/dns/namecheap/namecheap.go#L145

However this would require that every proivder we support has customer code to create the configuration, as there is no generic way to fill this sadly.

This was my fist time using GO so maybe there is some language feature that could make this possible. But if there is, i am not aware of it!

PastaGringo · 2024-05-04T12:12:14Z

I build a docker image with your branch @Teifun2 and I can access the DNS challenge option.
I have an issue but it might only concern my domain:

Here are the logs:

2024/05/04 11:53:45 [INFO] CA not set. Using default
2024/05/04 11:53:45 [ACME] Obtaining certificate...
2024/05/04 11:53:45 [INFO] Using https://acme-v02.api.letsencrypt.org/directory for CA Directory URL
2024/05/04 11:53:45 [INFO] Environment variable %s set successfully OVH_APPLICATION_SECRET
2024/05/04 11:53:45 [INFO] Environment variable %s set successfully OVH_CONSUMER_KEY
2024/05/04 11:53:45 [INFO] Environment variable %s set successfully OVH_ENDPOINT
2024/05/04 11:53:45 [INFO] Environment variable %s set successfully OVH_APPLICATION_KEY
2024/05/04 11:53:45 [INFO] acme: Registering account for [email protected]
2024/05/04 11:53:45 [INFO] [*.plebes.ovh] acme: Obtaining bundled SAN certificate
2024/05/04 11:53:46 [INFO] [*.plebes.ovh] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/346564704447
2024/05/04 11:53:46 [INFO] [*.plebes.ovh] acme: use dns-01 solver
2024/05/04 11:53:46 [INFO] [*.plebes.ovh] acme: Preparing to solve DNS-01
2024/05/04 11:53:46 [INFO] [*.plebes.ovh] acme: Trying to solve DNS-01
2024/05/04 11:53:46 [INFO] [*.plebes.ovh] acme: Checking DNS record propagation. [nameservers=127.0.0.11:53]
2024/05/04 11:53:48 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/05/04 11:53:53 [INFO] [*.plebes.ovh] acme: Cleaning DNS-01 challenge
2024/05/04 11:53:54 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/346564704447
2024/05/04 11:53:54 error: one or more domains had a problem:
[*.plebes.ovh] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: No TXT record found at _acme-challenge.plebes.ovh

I check another domain where I already generated wildcard certificate with Nginx Proxy Manager + LE and OVH DNS and I don't have any TXT record at _acme-challenge.domain.tld.

I directly used lego and I have the same issue so I will check what's the issue with lego/txt record:

$ sudo OVH_APPLICATION_KEY=XXX OVH_APPLICATION_SECRET=XXX OVH_CONSUMER_KEY=XXX  OVH_ENDPOINT=ovh-eu lego --email [email protected] --dns ovh --domains *.plebes.ovh run
2024/05/04 13:10:23 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
y
2024/05/04 13:10:28 [INFO] acme: Registering account for [email protected]
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/var/snap/lego/common/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/05/04 13:10:29 [INFO] [*.plebes.ovh] acme: Obtaining bundled SAN certificate
2024/05/04 13:10:29 [INFO] [*.plebes.ovh] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/346569400827
2024/05/04 13:10:29 [INFO] [*.plebes.ovh] acme: use dns-01 solver
2024/05/04 13:10:29 [INFO] [*.plebes.ovh] acme: Preparing to solve DNS-01
2024/05/04 13:10:30 [INFO] [*.plebes.ovh] acme: Trying to solve DNS-01
2024/05/04 13:10:30 [INFO] [*.plebes.ovh] acme: Checking DNS record propagation. [nameservers=1.1.1.1:53,8.8.8.8:53,[2606:4700:4700::1111]:53,[2001:4860:4860::8888]:53]
2024/05/04 13:10:32 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/05/04 13:10:39 [INFO] [*.plebes.ovh] acme: Cleaning DNS-01 challenge
2024/05/04 13:10:39 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/346569400827
2024/05/04 13:10:39 Could not obtain certificates:
        error: one or more domains had a problem:
[*.plebes.ovh] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: No TXT record found at _acme-challenge.plebes.ovh

I tried with certbot dns challenge and it worked well:

$ sudo certbot certonly --dns-ovh --dns-ovh-credentials ovh.ini -d *.plebes.ovh
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.plebes.ovh
Unsafe permissions on credentials configuration file: ovh.ini
Waiting 120 seconds for DNS changes to propagate

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/plebes.ovh/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/plebes.ovh/privkey.pem
This certificate expires on 2024-08-02.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

To verify if the wildcard certificate was valid I tried to import it into zoraxy, that cause a lots of issues terminating by shutting down Zoraxy :D :

Crash logs

goroutine 187 [running]:
net/http.(*conn).serve.func1()
        /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
        /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc00272e9a0}, 0xc0041fe900)
        /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc00272e9a0?}, 0x411c9b?)
        /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001035050, {0x4854708, 0xc00272e9a0}, 0xc0041fe900, 0xc00413fac8)
        /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc00272e9a0?}, 0xc00413fb30?)
        /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc00272e9a0?}, 0x72961a?)
        /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc00272e9a0}, 0xc0041fe900)
        /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc00405af60?}, {0x4854708?, 0xc00272e9a0?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc004028f30, {0x4858960, 0xc003e04270})
        /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:44:17 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:44:17 http: panic serving 86.245.85.216:58614: runtime error: invalid memory address or nil pointer dereference
goroutine 113 [running]:
net/http.(*conn).serve.func1()
        /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
        /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc0025977a0}, 0xc003fa3e60)
        /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc0025977a0?}, 0x411c9b?)
        /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001035050, {0x4854708, 0xc0025977a0}, 0xc003fa3e60, 0xc00444bac8)
        /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc0025977a0?}, 0xc00444bb30?)
        /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc0025977a0?}, 0x72961a?)
        /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc0025977a0}, 0xc003fa3e60)
        /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc003db0d20?}, {0x4854708?, 0xc0025977a0?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc003db62d0, {0x4858960, 0xc003e04270})
        /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:44:18 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:44:18 http: panic serving 86.245.85.216:58627: runtime error: invalid memory address or nil pointer dereference
goroutine 195 [running]:
net/http.(*conn).serve.func1()
        /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
        /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc00272eb60}, 0xc0041feea0)
        /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc00272eb60?}, 0x411c9b?)
        /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001035050, {0x4854708, 0xc00272eb60}, 0xc0041feea0, 0xc004465ac8)
        /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc00272eb60?}, 0xc004465b30?)
        /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc00272eb60?}, 0x72961a?)
        /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc00272eb60}, 0xc0041feea0)
        /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc004111ad0?}, {0x4854708?, 0xc00272eb60?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc004029c20, {0x4858960, 0xc003e04270})
        /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:44:18 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:44:18 http: panic serving 86.245.85.216:58616: runtime error: invalid memory address or nil pointer dereference
goroutine 132 [running]:
net/http.(*conn).serve.func1()
        /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
        /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc00272f180}, 0xc0041ff200)
        /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc00272f180?}, 0x411c9b?)
        /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001035050, {0x4854708, 0xc00272f180}, 0xc0041ff200, 0xc003f19ac8)
        /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc00272f180?}, 0xc003f19b30?)
        /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc00272f180?}, 0x72961a?)
        /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc00272f180}, 0xc0041ff200)
        /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc003e05d10?}, {0x4854708?, 0xc00272f180?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc003e3cc60, {0x4858960, 0xc003e04270})
        /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:44:18 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:44:18 http: panic serving 86.245.85.216:58617: runtime error: invalid memory address or nil pointer dereference
goroutine 110 [running]:
net/http.(*conn).serve.func1()
        /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
        /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc002597960}, 0xc0027a2240)
        /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc002597960?}, 0x411c9b?)
        /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001035050, {0x4854708, 0xc002597960}, 0xc0027a2240, 0xc003f1dac8)
        /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc002597960?}, 0xc003f1db30?)
        /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc002597960?}, 0x72961a?)
        /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc002597960}, 0xc0027a2240)
        /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc003e059b0?}, {0x4854708?, 0xc002597960?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc003e3c5a0, {0x4858960, 0xc003e04270})
        /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:44:18 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:44:18 http: panic serving 86.245.85.216:58619: runtime error: invalid memory address or nil pointer dereference
goroutine 109 [running]:
net/http.(*conn).serve.func1()
        /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
        /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc002597ea0}, 0xc0027a25a0)
        /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc002597ea0?}, 0x411c9b?)
        /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001035050, {0x4854708, 0xc002597ea0}, 0xc0027a25a0, 0xc003d97ac8)
        /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc002597ea0?}, 0xc003d97b30?)
        /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc002597ea0?}, 0x72961a?)
        /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc002597ea0}, 0xc0027a25a0)
        /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc003e05950?}, {0x4854708?, 0xc002597ea0?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc003e3c510, {0x4858960, 0xc003e04270})
        /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:44:18 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:44:18 http: panic serving 86.245.85.216:58647: runtime error: invalid memory address or nil pointer dereference
goroutine 343 [running]:
net/http.(*conn).serve.func1()
        /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
        /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc00272f6c0}, 0xc0041ff560)
        /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc00272f6c0?}, 0x411c9b?)
        /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001035050, {0x4854708, 0xc00272f6c0}, 0xc0041ff560, 0xc002107ac8)
        /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc00272f6c0?}, 0xc002107b30?)
        /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc00272f6c0?}, 0x72961a?)
        /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc00272f6c0}, 0xc0041ff560)
        /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc003e7c1e0?}, {0x4854708?, 0xc00272f6c0?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc0040e9950, {0x4858960, 0xc003e04270})
        /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:44:18 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:44:18 http: panic serving 86.245.85.216:58615: runtime error: invalid memory address or nil pointer dereference
goroutine 112 [running]:
net/http.(*conn).serve.func1()
        /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
        /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc00272fa40}, 0xc0041ff8c0)
        /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc00272fa40?}, 0x411c9b?)
        /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001035050, {0x4854708, 0xc00272fa40}, 0xc0041ff8c0, 0xc004447ac8)
        /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc00272fa40?}, 0xc004447b30?)
        /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc00272fa40?}, 0x72961a?)
        /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc00272fa40}, 0xc0041ff8c0)
        /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc003e05800?}, {0x4854708?, 0xc00272fa40?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc003e3c6c0, {0x4858960, 0xc003e04270})
        /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:44:18 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:44:18 http: panic serving 86.245.85.216:58618: runtime error: invalid memory address or nil pointer dereference
goroutine 111 [running]:
net/http.(*conn).serve.func1()
        /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
        /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc0027ca0e0}, 0xc0027a2900)
        /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc0027ca0e0?}, 0x411c9b?)
        /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001035050, {0x4854708, 0xc0027ca0e0}, 0xc0027a2900, 0xc004461ac8)
        /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc0027ca0e0?}, 0xc004461b30?)
        /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc0027ca0e0?}, 0x72961a?)
        /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc0027ca0e0}, 0xc0027a2900)
        /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc003e05a40?}, {0x4854708?, 0xc0027ca0e0?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc003e3c630, {0x4858960, 0xc003e04270})
        /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:44:18 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:44:18 http: panic serving 86.245.85.216:58648: runtime error: invalid memory address or nil pointer dereference
goroutine 351 [running]:
net/http.(*conn).serve.func1()
        /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
        /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc0027ca460}, 0xc0027a2c60)
        /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc0027ca460?}, 0x411c9b?)
        /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001035050, {0x4854708, 0xc0027ca460}, 0xc0027a2c60, 0xc002103ac8)
        /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc0027ca460?}, 0xc002103b30?)
        /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc0027ca460?}, 0x72961a?)
        /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc0027ca460}, 0xc0027a2c60)
        /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc003e7de00?}, {0x4854708?, 0xc0027ca460?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc000b6e000, {0x4858960, 0xc003e04270})
        /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:44:18 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:44:18 http: panic serving 86.245.85.216:58684: runtime error: invalid memory address or nil pointer dereference
goroutine 452 [running]:
net/http.(*conn).serve.func1()
        /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
        /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc0027ca7e0}, 0xc0041ffc20)
        /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc0027ca7e0?}, 0x411c9b?)
        /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001035050, {0x4854708, 0xc0027ca7e0}, 0xc0041ffc20, 0xc004461ac8)
        /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc0027ca7e0?}, 0xc0028e1b30?)
        /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc0027ca7e0?}, 0x72961a?)
        /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc0027ca7e0}, 0xc0041ffc20)
        /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc0028c4c00?}, {0x4854708?, 0xc0027ca7e0?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc004146870, {0x4858960, 0xc003e04270})
        /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:44:18 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:44:18 http: panic serving 86.245.85.216:58685: runtime error: invalid memory address or nil pointer dereference
goroutine 445 [running]:
net/http.(*conn).serve.func1()
        /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
        /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc0027caa80}, 0xc0027a3200)
        /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc0027caa80?}, 0x411c9b?)
        /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001035050, {0x4854708, 0xc0027caa80}, 0xc0027a3200, 0xc004461ac8)
        /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc0027caa80?}, 0xc0028e1b30?)
        /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc0027caa80?}, 0x72961a?)
        /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc0027caa80}, 0xc0027a3200)
        /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc00292c660?}, {0x4854708?, 0xc0027caa80?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc004028c60, {0x4858960, 0xc003e04270})
        /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3285 +0x4b4
- Shutting down Zoraxy
- Closing GeoDB 
- Closing Netstats Listener
- Netstats listener stopped
- Closing Statistic Collector
- Stopping mDNS Discoverer (might take a few minutes)
- Closing Certificates Auto Renewer
- Cleaning up tmp files
- Closing system wide logger
- Stopping system database

I started again the Zoraxy container and listing certificates was impossible:

Crash logs

2024/05/04 12:46:24 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:46:24 http: panic serving 86.245.85.216:58995: runtime error: invalid memory address or nil pointer dereference
goroutine 534 [running]:
net/http.(*conn).serve.func1()
      /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
      /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc004fbd0a0}, 0xc005188a20)
      /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc004fbd0a0?}, 0x411c9b?)
      /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001058960, {0x4854708, 0xc004fbd0a0}, 0xc005188a20, 0xc004a75ac8)
      /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc004fbd0a0?}, 0xc004a75b30?)
      /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc004fbd0a0?}, 0x72961a?)
      /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc004fbd0a0}, 0xc005188a20)
      /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc0050f2f90?}, {0x4854708?, 0xc004fbd0a0?}, 0x6?)
      /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc004ee1dd0, {0x4858960, 0xc0042d5560})
      /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
      /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:46:24 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:46:24 http: panic serving 86.245.85.216:59005: runtime error: invalid memory address or nil pointer dereference
goroutine 524 [running]:
net/http.(*conn).serve.func1()
      /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
      /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc004fbd260}, 0xc00525e240)
      /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc004fbd260?}, 0x411c9b?)
      /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001058960, {0x4854708, 0xc004fbd260}, 0xc00525e240, 0xc004a75ac8)
      /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc004fbd260?}, 0xc0037f1b30?)
      /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc004fbd260?}, 0x72961a?)
      /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc004fbd260}, 0xc00525e240)
      /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc005215710?}, {0x4854708?, 0xc004fbd260?}, 0x6?)
      /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc005042f30, {0x4858960, 0xc0042d5560})
      /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
      /usr/local/go/src/net/http/server.go:3285 +0x4b4
2024/05/04 12:46:24 [Could not Load CertInfoJson] conf/certs/*.plebes.ovh.json
2024/05/04 12:46:24 http: panic serving 86.245.85.216:59007: runtime error: invalid memory address or nil pointer dereference
goroutine 543 [running]:
net/http.(*conn).serve.func1()
      /usr/local/go/src/net/http/server.go:1898 +0xbe
panic({0x27975c0?, 0x7250520?})
      /usr/local/go/src/runtime/panic.go:770 +0x132
main.handleListCertificate({0x4854708, 0xc004fbd420}, 0xc005188fc0)
      /opt/zoraxy/source/cert.go:97 +0x66a
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1.1({0x4854708?, 0xc004fbd420?}, 0x411c9b?)
      /opt/zoraxy/source/mod/auth/router.go:42 +0x22
imuslab.com/zoraxy/mod/auth.(*AuthAgent).HandleCheckAuth(0xc001058960, {0x4854708, 0xc004fbd420}, 0xc005188fc0, 0xc004a75ac8)
      /opt/zoraxy/source/mod/auth/auth.go:84 +0x4c
imuslab.com/zoraxy/mod/auth.(*RouterDef).HandleFunc.func1({0x4854708?, 0xc004fbd420?}, 0xc0037f1b30?)
      /opt/zoraxy/source/mod/auth/router.go:41 +0x58
net/http.HandlerFunc.ServeHTTP(0x72f8b70?, {0x4854708?, 0xc004fbd420?}, 0x72961a?)
      /usr/local/go/src/net/http/server.go:2166 +0x29
net/http.(*ServeMux).ServeHTTP(0x470ed9?, {0x4854708, 0xc004fbd420}, 0xc005188fc0)
      /usr/local/go/src/net/http/server.go:2683 +0x1ad
net/http.serverHandler.ServeHTTP({0xc0051c2f90?}, {0x4854708?, 0xc004fbd420?}, 0x6?)
      /usr/local/go/src/net/http/server.go:3137 +0x8e
net/http.(*conn).serve(0xc0051a6360, {0x4858960, 0xc0042d5560})
      /usr/local/go/src/net/http/server.go:2039 +0x5e8
created by net/http.(*Server).Serve in goroutine 1
      /usr/local/go/src/net/http/server.go:3285 +0x4b4

So I started a new Zoraxy container from scratch and this time it was possible to request a wildcard SSL certificate:

2024/05/04 12:48:03 [Auth] Admin account created: pastagringo
2024/05/04 12:48:06 pastagringo logged in.
2024/05/04 12:48:08 [INFO] mDNS Startup scan completed
2024/05/04 12:48:21 [INFO] Updating prefered ACME CA to Let's Encrypt
2024/05/04 12:48:26 [ACME] ACME auto renew enabled
2024/05/04 12:48:54 [ACME] Obtaining certificate...
2024/05/04 12:48:54 [INFO] Using https://acme-v02.api.letsencrypt.org/directory for CA Directory URL
2024/05/04 12:48:54 [INFO] Environment variable %s set successfully OVH_APPLICATION_KEY
2024/05/04 12:48:54 [INFO] Environment variable %s set successfully OVH_APPLICATION_SECRET
2024/05/04 12:48:54 [INFO] Environment variable %s set successfully OVH_CONSUMER_KEY
2024/05/04 12:48:54 [INFO] Environment variable %s set successfully OVH_ENDPOINT
2024/05/04 12:48:54 [INFO] acme: Registering account for [email protected]
2024/05/04 12:48:55 [INFO] [*.plebes.ovh] acme: Obtaining bundled SAN certificate
2024/05/04 12:48:55 [INFO] [*.plebes.ovh] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/346579678497
2024/05/04 12:48:55 [INFO] [*.plebes.ovh] acme: use dns-01 solver
2024/05/04 12:48:55 [INFO] [*.plebes.ovh] acme: Preparing to solve DNS-01
2024/05/04 12:48:56 [INFO] [*.plebes.ovh] acme: Trying to solve DNS-01
2024/05/04 12:48:56 [INFO] [*.plebes.ovh] acme: Checking DNS record propagation. [nameservers=127.0.0.11:53]
2024/05/04 12:48:58 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/05/04 12:49:04 [INFO] [*.plebes.ovh] The server validated our request
2024/05/04 12:49:04 [INFO] [*.plebes.ovh] acme: Cleaning DNS-01 challenge
2024/05/04 12:49:05 [INFO] [*.plebes.ovh] acme: Validations succeeded; requesting certificates
2024/05/04 12:49:05 [INFO] [*.plebes.ovh] Server responded with a certificate.
2024/05/04 12:52:39 Uptime updated -  1714827159

Certificate is visible from certificate list:

I created a new reverse proxy to code.plebes.ovh without generating a new SSL cert and it worked well, Zoraxy used the wildcard certificate by default. SSL Labs report: https://www.ssllabs.com/ssltest/analyze.html?d=code.plebes.ovh&latest

So it seems everything was due to the fact that Lego doesn't or is not able to update the TXT record found at _acme-challenge from OVH domains. Certbot for its part is able to do it and after this dns update Lego was able to generate the wildcard cetificate. I don't know if this behavior concerns all the domains. Maybe @barto95100 could check this with his own OVH domain to confirm ;)

Well deserved @Teifun2 🥇

Moral: don't import wildcard SSL certificate yet :)

daluntw · 2024-05-04T19:15:25Z

src/mod/acme/acme_dns.go

+	// Iterate over each line
+	for _, line := range lines {
+		// Split the line by "=" character
+		parts := strings.Split(line, "=")


We might want to consider that some value might contain extra '=' such like base64, you can use strings.SplitN(line, "=", 1) to ensure only 2 parts

daluntw · 2024-05-04T19:16:17Z

src/mod/acme/acme_dns.go

+
+			// Add the key-value pair to the map
+			result[key] = value
+		}


maybe do some logging or return if extract failed ?

daluntw · 2024-05-04T19:41:07Z

src/mod/acme/acme.go

@@ -391,8 +430,18 @@ func (a *ACMEHandler) HandleRenewCertificate(w http.ResponseWriter, r *http.Requ
 		skipTLS = true
 	}

+	var dns bool
+
+	if dnsString, err := utils.PostPara(r, "dns"); err != nil {


maybe something like

dns := false if dnsString, err := utils.PostPara(r, "dns"); err == nil && dnsString == "true" { dns = true }

will be more easy to read?

For your information, there is actually a function named PostBool in mod/utils/utils.go 😂

zoraxy/src/mod/utils/utils.go

Line 63 in b4c771c

func PostBool(r *http.Request, key string) (bool, error) {

ah, didn't notice that func exist

we should use PostBool then, it even consider the upper-case

barto95100 · 2024-05-05T12:13:47Z

@PastaGringo, I test the branch of @Teifun2
It's ok for me, the certificate with ovh dns challenge is ok 🤗

this is the log:

2024/05/05 09:33:41 [ACME] Obtaining certificate...
2024/05/05 09:33:41 [INFO] Using https://acme-v02.api.letsencrypt.org/directory for CA Directory URL
2024/05/05 09:33:41 [INFO] Environment variable %s set successfully OVH_CONSUMER_KEY
2024/05/05 09:33:41 [INFO] Environment variable %s set successfully OVH_ENDPOINT
2024/05/05 09:33:41 [INFO] Environment variable %s set successfully OVH_APPLICATION_KEY
2024/05/05 09:33:41 [INFO] Environment variable %s set successfully OVH_APPLICATION_SECRET
2024/05/05 09:33:41 [INFO] acme: Registering account for [email protected]
2024/05/05 09:33:41 [INFO] [xxxxxxxwide.fr, *.xxxxxxxwide.fr] acme: Obtaining bundled SAN certificate
2024/05/05 09:33:42 [INFO] [*.xxxxxxxwide.fr] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/346928987407
2024/05/05 09:33:42 [INFO] [xxxxxxxwide.fr] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/346928987417
2024/05/05 09:33:42 [INFO] [*.xxxxxxxwide.fr] acme: use dns-01 solver
2024/05/05 09:33:42 [INFO] [xxxxxxxwide.fr] acme: Could not find solver for: tls-alpn-01
2024/05/05 09:33:42 [INFO] [xxxxxxxwide.fr] acme: Could not find solver for: http-01
2024/05/05 09:33:42 [INFO] [xxxxxxxwide.fr] acme: use dns-01 solver
2024/05/05 09:33:42 [INFO] [*.xxxxxxxwide.fr] acme: Preparing to solve DNS-01
2024/05/05 09:33:42 [INFO] [xxxxxxxwide.fr] acme: Preparing to solve DNS-01
2024/05/05 09:33:43 [INFO] [*.xxxxxxxwide.fr] acme: Trying to solve DNS-01
2024/05/05 09:33:43 [INFO] [*.xxxxxxxwide.fr] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/05/05 09:33:45 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/05/05 09:33:53 [INFO] [*.xxxxxxxwide.fr] The server validated our request
2024/05/05 09:33:53 [INFO] [xxxxxxxwide.fr] acme: Trying to solve DNS-01
2024/05/05 09:33:53 [INFO] [xxxxxxxwide.fr] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/05/05 09:33:55 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/05/05 09:34:00 [INFO] [xxxxxxxwide.fr] The server validated our request
2024/05/05 09:34:00 [INFO] [*.xxxxxxxwide.fr] acme: Cleaning DNS-01 challenge
2024/05/05 09:34:00 [INFO] [xxxxxxxwide.fr] acme: Cleaning DNS-01 challenge
2024/05/05 09:34:00 [INFO] [xxxxxxxwide.fr, *.xxxxxxxwide.fr] acme: Validations succeeded; requesting certificates
2024/05/05 09:34:01 [INFO] [xxxxxxxwide.fr] Server responded with a certificate.

and result of ssl report:

in browser :

yeungalan · 2024-05-06T01:41:41Z

WL

go mod tidy
go build

CONF

CF_API_EMAIL=y***@gmail.com
CF_API_KEY=e9****

Couple things here

need to run go mod tidy after merging into the main branch
The output certificate format is in .pem while the other cert is in .crt, it works as well tho
Minor code change as zoraxy has common library to handle HTTP request stuff

LGTM

Ref:

https://registry.terraform.io/providers/vancluever/acme/latest/docs/guides/dns-providers-cloudflare#CF_API_KEY
https://dash.cloudflare.com/profile/api-tokens

tobychui · 2024-05-06T02:13:25Z

Hi @Teifun2 , you got time recently fixing those commented items above? If no, I can also do it for you after the merge.

Updates

@yeungalan suggest that these are minor issues and he can fix it himself. So I will just merge it into the main branch and wait for his fixes. Thanks so much for everyone involved!

Teifun2 added 11 commits May 1, 2024 14:40

Added ui components needed for dns challenge

cb0e139

Send Values to Backend

7dad7c7

POC DNS Challenge with Dynu

73c0ea0

Show DNS Challenge only for Lets Encrypt

7583a46

DNS Credentials are saved in Database

8854a38

Manual Renew knows if DNS Challenge is required

e1b512f

Fixed Error Messages

dc069f3

DNS Provider Agnostic Solution

75ebd0f

Support all DNS Provders with acme-lego 4.16

5ffacb1

Scraped all DNS Providers with their Configuration

161c61f

Added Logging Statement

90c2199

Teifun2 commented May 4, 2024

View reviewed changes

src/acme.go

Copy link

Contributor Author

Teifun2 May 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All Port changes are not required if the challenge is dns based

Teifun2 commented May 4, 2024

View reviewed changes

tobychui requested a review from yeungalan May 4, 2024 09:06

tobychui reviewed May 4, 2024

View reviewed changes

tobychui added the enhancement New feature or request label May 4, 2024

daluntw reviewed May 4, 2024

View reviewed changes

yeungalan approved these changes May 6, 2024

View reviewed changes

tobychui merged commit 0b60140 into tobychui:main May 6, 2024

tobychui mentioned this pull request Jul 16, 2024

[BUG] Renewal of wildcard cert #249

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DNS challenge for letsencrypt #144

DNS challenge for letsencrypt #144

Teifun2 commented May 4, 2024 •

edited

Loading

Teifun2 May 4, 2024

Teifun2 May 4, 2024

Teifun2 May 4, 2024 •

edited

Loading

tobychui May 4, 2024

daluntw May 4, 2024

Teifun2 May 4, 2024

tobychui left a comment •

edited

Loading

tobychui May 4, 2024

tobychui May 4, 2024

tobychui May 4, 2024

tobychui May 4, 2024

tobychui May 4, 2024

tobychui May 4, 2024

tobychui May 4, 2024

Teifun2 commented May 4, 2024

PastaGringo commented May 4, 2024 •

edited

Loading

daluntw May 4, 2024

daluntw May 4, 2024

daluntw May 4, 2024

tobychui May 5, 2024

daluntw May 5, 2024

barto95100 commented May 5, 2024 •

edited

Loading

yeungalan commented May 6, 2024 •

edited

Loading

tobychui commented May 6, 2024 •

edited

Loading

DNS challenge for letsencrypt #144

DNS challenge for letsencrypt #144

Conversation

Teifun2 commented May 4, 2024 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Teifun2 May 4, 2024 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

tobychui left a comment • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Teifun2 commented May 4, 2024

PastaGringo commented May 4, 2024 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

barto95100 commented May 5, 2024 • edited Loading

yeungalan commented May 6, 2024 • edited Loading

tobychui commented May 6, 2024 • edited Loading

Updates

Teifun2 commented May 4, 2024 •

edited

Loading

Teifun2 May 4, 2024 •

edited

Loading

tobychui left a comment •

edited

Loading

PastaGringo commented May 4, 2024 •

edited

Loading

barto95100 commented May 5, 2024 •

edited

Loading

yeungalan commented May 6, 2024 •

edited

Loading

tobychui commented May 6, 2024 •

edited

Loading