Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[rfc2136] Use one UPDATE request per zone, cache SOA walk #9763

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

[rfc2136] Use one UPDATE request per zone, cache SOA walk #9763

wants to merge 4 commits into from

Conversation

nabijaczleweli
Copy link

@nabijaczleweli nabijaczleweli commented Sep 7, 2023
edited

Currently, rfc2136 does one UPDATE request per TXT record. Both when adding and when deleting. Thus, a full transaction looks like

;; Changes between zone versions: 1693923578 -> 1693923579, changeset: 15, timestamp: 1693960456
;; Removed
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923578 86400 3600 604800 3600
;; Added
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923579 86400 3600 604800 3600
_acme-challenge.lfs.nabijaczleweli.xyz. 120     TXT     "93hCX_qIxT5h25Y04h9aDJMG6PUHs5qcr6CamGTCOiQ"

;; Changes between zone versions: 1693923579 -> 1693923580, changeset: 16, timestamp: 1693960456
;; Removed
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923579 86400 3600 604800 3600
;; Added
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923580 86400 3600 604800 3600
_acme-challenge.real.lfs.nabijaczleweli.xyz. 120        TXT     "Qu6e1wAd7-iaHjxhWJ4KgzT1vTaWnbCvUlc7R_HfmUk"

;; Changes between zone versions: 1693923580 -> 1693923581, changeset: 17, timestamp: 1693960487
;; Removed
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923580 86400 3600 604800 3600
_acme-challenge.lfs.nabijaczleweli.xyz. 120     TXT     "93hCX_qIxT5h25Y04h9aDJMG6PUHs5qcr6CamGTCOiQ"
;; Added
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923581 86400 3600 604800 3600

;; Changes between zone versions: 1693923581 -> 1693923582, changeset: 18, timestamp: 1693960487
;; Removed
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923581 86400 3600 604800 3600
_acme-challenge.real.lfs.nabijaczleweli.xyz. 120        TXT     "Qu6e1wAd7-iaHjxhWJ4KgzT1vTaWnbCvUlc7R_HfmUk"
;; Added
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923582 86400 3600 604800 3600

for two domains under a zone. This means two SOA bumps, two UPDATEs to secondaries, all just-about-instantly. Hope they don't get version 1693923578 instead of 1693923579 by accident!
It also makes the journal annoying since the transaction is sprawled over four versions (or, if requesting more domains under the same zone, more versions).

Instead, we can create (delete) all the TXT records we want for a given zone in one UPDATE:

;; Changes between zone versions: 1694007347 -> 1694007348, changeset: 20, timestamp: 1694042378
;; Removed
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1694007347 86400 3600 604800 3600
;; Added
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1694007348 86400 3600 604800 3600
_acme-challenge.testussy.nabijaczleweli.xyz. 120        TXT     "bWEHjO87_Zwh78ZOHcWV9ESLv_KTNAuYuxV-olpv_-g"
_acme-challenge.real.testussy.nabijaczleweli.xyz. 120   TXT     "Bf7VS8w-EPCWs4XR5BMQFqhbkoRKrDcZB0JK-0vO5MM"

;; Changes between zone versions: 1694007348 -> 1694007349, changeset: 21, timestamp: 1694042543
;; Removed
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1694007348 86400 3600 604800 3600
_acme-challenge.testussy.nabijaczleweli.xyz. 120        TXT     "bWEHjO87_Zwh78ZOHcWV9ESLv_KTNAuYuxV-olpv_-g"
_acme-challenge.real.testussy.nabijaczleweli.xyz. 120   TXT     "Bf7VS8w-EPCWs4XR5BMQFqhbkoRKrDcZB0JK-0vO5MM"
;; Added
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1694007349 86400 3600 604800 3600
;; Changes between zone versions: 1693863159 -> 1693863160, changeset: 20, timestamp: 1694042378
;; Removed
ws.co.ls.               3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693863159 86400 3600 604800 3600
;; Added
ws.co.ls.               3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693863160 86400 3600 604800 3600
_acme-challenge.a.b.c.d.e.f.g.ws.co.ls. 120     TXT     "ShkaQ2_eG8JjC5k_yTtLpismkSFmreQLEI1Dmlogdcs"
_acme-challenge.h.ws.co.ls.     120     TXT     "E15GTX8qZnShct0F9IC0cYobQ0oI3n0L8zf68FpwXrA"
_acme-challenge.g.h.ws.co.ls.   120     TXT     "gah42UKIW0WPiCit-VPk2t9oXBPeUWvUgY3F93vJo4U"
_acme-challenge.f.g.h.ws.co.ls. 120     TXT     "sfWPq9g24Apw1GOqLsWPmR7SQzeK_phadYkDTCnEBuM"
_acme-challenge.e.f.g.h.ws.co.ls. 120   TXT     "FYDq7oE6UcqNGF2pfmnd0g8IxLWFtdgCqYERZvMZ3zM"
_acme-challenge.d.e.f.g.h.ws.co.ls. 120 TXT     "iiTQO9mQ_wtikzFwWTsIjbqXO4STJmIF11IONnz13Xg"
_acme-challenge.c.d.e.f.g.h.ws.co.ls. 120       TXT     "5OB7-0NoPRplqYX109vfGFgNccJ7SAU0XH6vsollhq4"
_acme-challenge.b.c.d.e.f.g.h.ws.co.ls. 120     TXT     "9hMoXdYItUcSCGeQo688AfKBiJws-YHiJlbyB7tkb38"

;; Changes between zone versions: 1693863160 -> 1693863161, changeset: 21, timestamp: 1694042543
;; Removed
ws.co.ls.               3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693863160 86400 3600 604800 3600
_acme-challenge.a.b.c.d.e.f.g.ws.co.ls. 120     TXT     "ShkaQ2_eG8JjC5k_yTtLpismkSFmreQLEI1Dmlogdcs"
_acme-challenge.h.ws.co.ls.     120     TXT     "E15GTX8qZnShct0F9IC0cYobQ0oI3n0L8zf68FpwXrA"
_acme-challenge.g.h.ws.co.ls.   120     TXT     "gah42UKIW0WPiCit-VPk2t9oXBPeUWvUgY3F93vJo4U"
_acme-challenge.f.g.h.ws.co.ls. 120     TXT     "sfWPq9g24Apw1GOqLsWPmR7SQzeK_phadYkDTCnEBuM"
_acme-challenge.e.f.g.h.ws.co.ls. 120   TXT     "FYDq7oE6UcqNGF2pfmnd0g8IxLWFtdgCqYERZvMZ3zM"
_acme-challenge.d.e.f.g.h.ws.co.ls. 120 TXT     "iiTQO9mQ_wtikzFwWTsIjbqXO4STJmIF11IONnz13Xg"
_acme-challenge.c.d.e.f.g.h.ws.co.ls. 120       TXT     "5OB7-0NoPRplqYX109vfGFgNccJ7SAU0XH6vsollhq4"
_acme-challenge.b.c.d.e.f.g.h.ws.co.ls. 120     TXT     "9hMoXdYItUcSCGeQo688AfKBiJws-YHiJlbyB7tkb38"
;; Added
ws.co.ls.               3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693863161 86400 3600 604800 3600

(if you're counting, this would've been 4+16 NOTIFYs sent to secondaries instead of 2+2). And, of course, 4 (16) versions in the journal.

Full, harrowing, logs in commit messages.

In a similar vein, rfc2136 walks the upstream to find the zone for each given TXT label. Which is fine, except it doesn't cache it at all. So for just the two above, it queries

IN SOA _acme-challenge.real.testussy.nabijaczleweli.xyz
IN SOA real.testussy.nabijaczleweli.xyz
IN SOA testussy.nabijaczleweli.xyz
IN SOA nabijaczleweli.xyz
IN SOA _acme-challenge.testussy.nabijaczleweli.xyz
IN SOA testussy.nabijaczleweli.xyz
IN SOA nabijaczleweli.xyz

when creating and then

IN SOA _acme-challenge.real.testussy.nabijaczleweli.xyz
IN SOA real.testussy.nabijaczleweli.xyz
IN SOA testussy.nabijaczleweli.xyz
IN SOA nabijaczleweli.xyz
IN SOA _acme-challenge.testussy.nabijaczleweli.xyz
IN SOA testussy.nabijaczleweli.xyz
IN SOA nabijaczleweli.xyz

when deleting.

Instead just have a {label: got-a-SOA} map, which turns it into

IN SOA _acme-challenge.real.testussy.nabijaczleweli.xyz
IN SOA real.testussy.nabijaczleweli.xyz
IN SOA testussy.nabijaczleweli.xyz
IN SOA nabijaczleweli.xyz
IN SOA _acme-challenge.testussy.nabijaczleweli.xyz

on creation and

on deletion.

@nabijaczleweli
Copy link
Author

no clue what this error means, or what the test is supposed to be doing, or what the updated spelling is supposed to be: https://dev.azure.com/certbot/certbot/_build/results?buildId=7070&view=logs&j=e15079d9-b790-527b-6052-e71d7388e6ca&t=08a6496d-7c88-596f-9edc-35ba97363e90&l=268

@nabijaczleweli nabijaczleweli marked this pull request as draft September 10, 2023 17:30
@nabijaczleweli nabijaczleweli marked this pull request as ready for review September 10, 2023 22:42
@nabijaczleweli
Copy link
Author

bump

@nabijaczleweli
[rfc2136] Minimise zone update count by putting all requests for a zo…
83fbe7b 
…ne into a single update

Function skeletons imported from /usr/lib/python3/dist-packages/certbot/plugins/dns_common.py.

Before:
;; Changes between zone versions: 1693923578 -> 1693923579, changeset: 15, timestamp: 1693960456
;; Removed
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923578 86400 3600 604800 3600
;; Added
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923579 86400 3600 604800 3600
_acme-challenge.lfs.nabijaczleweli.xyz. 120     TXT     "93hCX_qIxT5h25Y04h9aDJMG6PUHs5qcr6CamGTCOiQ"

;; Changes between zone versions: 1693923579 -> 1693923580, changeset: 16, timestamp: 1693960456
;; Removed
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923579 86400 3600 604800 3600
;; Added
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923580 86400 3600 604800 3600
_acme-challenge.real.lfs.nabijaczleweli.xyz. 120        TXT     "Qu6e1wAd7-iaHjxhWJ4KgzT1vTaWnbCvUlc7R_HfmUk"

;; Changes between zone versions: 1693923580 -> 1693923581, changeset: 17, timestamp: 1693960487
;; Removed
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923580 86400 3600 604800 3600
_acme-challenge.lfs.nabijaczleweli.xyz. 120     TXT     "93hCX_qIxT5h25Y04h9aDJMG6PUHs5qcr6CamGTCOiQ"
;; Added
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923581 86400 3600 604800 3600

;; Changes between zone versions: 1693923581 -> 1693923582, changeset: 18, timestamp: 1693960487
;; Removed
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923581 86400 3600 604800 3600
_acme-challenge.real.lfs.nabijaczleweli.xyz. 120        TXT     "Qu6e1wAd7-iaHjxhWJ4KgzT1vTaWnbCvUlc7R_HfmUk"
;; Added
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693923582 86400 3600 604800 3600

After:
;; Changes between zone versions: 1693863159 -> 1693863160, changeset: 20, timestamp: 1694042378
;; Removed
ws.co.ls.               3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693863159 86400 3600 604800 3600
;; Added
ws.co.ls.               3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693863160 86400 3600 604800 3600
_acme-challenge.a.b.c.d.e.f.g.ws.co.ls. 120     TXT     "ShkaQ2_eG8JjC5k_yTtLpismkSFmreQLEI1Dmlogdcs"
_acme-challenge.h.ws.co.ls.     120     TXT     "E15GTX8qZnShct0F9IC0cYobQ0oI3n0L8zf68FpwXrA"
_acme-challenge.g.h.ws.co.ls.   120     TXT     "gah42UKIW0WPiCit-VPk2t9oXBPeUWvUgY3F93vJo4U"
_acme-challenge.f.g.h.ws.co.ls. 120     TXT     "sfWPq9g24Apw1GOqLsWPmR7SQzeK_phadYkDTCnEBuM"
_acme-challenge.e.f.g.h.ws.co.ls. 120   TXT     "FYDq7oE6UcqNGF2pfmnd0g8IxLWFtdgCqYERZvMZ3zM"
_acme-challenge.d.e.f.g.h.ws.co.ls. 120 TXT     "iiTQO9mQ_wtikzFwWTsIjbqXO4STJmIF11IONnz13Xg"
_acme-challenge.c.d.e.f.g.h.ws.co.ls. 120       TXT     "5OB7-0NoPRplqYX109vfGFgNccJ7SAU0XH6vsollhq4"
_acme-challenge.b.c.d.e.f.g.h.ws.co.ls. 120     TXT     "9hMoXdYItUcSCGeQo688AfKBiJws-YHiJlbyB7tkb38"

;; Changes between zone versions: 1693863160 -> 1693863161, changeset: 21, timestamp: 1694042543
;; Removed
ws.co.ls.               3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693863160 86400 3600 604800 3600
_acme-challenge.a.b.c.d.e.f.g.ws.co.ls. 120     TXT     "ShkaQ2_eG8JjC5k_yTtLpismkSFmreQLEI1Dmlogdcs"
_acme-challenge.h.ws.co.ls.     120     TXT     "E15GTX8qZnShct0F9IC0cYobQ0oI3n0L8zf68FpwXrA"
_acme-challenge.g.h.ws.co.ls.   120     TXT     "gah42UKIW0WPiCit-VPk2t9oXBPeUWvUgY3F93vJo4U"
_acme-challenge.f.g.h.ws.co.ls. 120     TXT     "sfWPq9g24Apw1GOqLsWPmR7SQzeK_phadYkDTCnEBuM"
_acme-challenge.e.f.g.h.ws.co.ls. 120   TXT     "FYDq7oE6UcqNGF2pfmnd0g8IxLWFtdgCqYERZvMZ3zM"
_acme-challenge.d.e.f.g.h.ws.co.ls. 120 TXT     "iiTQO9mQ_wtikzFwWTsIjbqXO4STJmIF11IONnz13Xg"
_acme-challenge.c.d.e.f.g.h.ws.co.ls. 120       TXT     "5OB7-0NoPRplqYX109vfGFgNccJ7SAU0XH6vsollhq4"
_acme-challenge.b.c.d.e.f.g.h.ws.co.ls. 120     TXT     "9hMoXdYItUcSCGeQo688AfKBiJws-YHiJlbyB7tkb38"
;; Added
ws.co.ls.               3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1693863161 86400 3600 604800 3600
and
;; Changes between zone versions: 1694007347 -> 1694007348, changeset: 20, timestamp: 1694042378
;; Removed
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1694007347 86400 3600 604800 3600
;; Added
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1694007348 86400 3600 604800 3600
_acme-challenge.testussy.nabijaczleweli.xyz. 120        TXT     "bWEHjO87_Zwh78ZOHcWV9ESLv_KTNAuYuxV-olpv_-g"
_acme-challenge.real.testussy.nabijaczleweli.xyz. 120   TXT     "Bf7VS8w-EPCWs4XR5BMQFqhbkoRKrDcZB0JK-0vO5MM"

;; Changes between zone versions: 1694007348 -> 1694007349, changeset: 21, timestamp: 1694042543
;; Removed
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1694007348 86400 3600 604800 3600
_acme-challenge.testussy.nabijaczleweli.xyz. 120        TXT     "bWEHjO87_Zwh78ZOHcWV9ESLv_KTNAuYuxV-olpv_-g"
_acme-challenge.real.testussy.nabijaczleweli.xyz. 120   TXT     "Bf7VS8w-EPCWs4XR5BMQFqhbkoRKrDcZB0JK-0vO5MM"
;; Added
nabijaczleweli.xyz.     3600    SOA     ns.nabijaczleweli.xyz. nabijaczleweli/ns.nabijaczleweli.xyz. 1694007349 86400 3600 604800 3600

Full debug output:
$ sudo certbot certonly --test-cert --dry-run --cert-name testussy -d testussy.nabijaczleweli.xyz,real.testussy.nabijaczleweli.xyz,a.b.c.d.e.f.g.ws.co.ls,b.c.d.e.f.g.h.ws.co.ls,c.d.e.f.g.h.ws.co.ls,d.e.f.g.h.ws.co.ls,e.f.g.h.ws.co.ls,f.g.h.ws.co.ls,g.h.ws.co.ls,h.ws.co.ls --dns-rfc2136 --dns-rfc2136-credentials /etc/letsencrypt/dns-tsig.ini --dns-rfc2136-propagation-seconds 20
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Simulating a certificate request for testussy.nabijaczleweli.xyz and 9 more domains
No authoritative SOA record found for _acme-challenge.a.b.c.d.e.f.g.ws.co.ls
No authoritative SOA record found for a.b.c.d.e.f.g.ws.co.ls
No authoritative SOA record found for b.c.d.e.f.g.ws.co.ls
No authoritative SOA record found for c.d.e.f.g.ws.co.ls
No authoritative SOA record found for d.e.f.g.ws.co.ls
No authoritative SOA record found for e.f.g.ws.co.ls
No authoritative SOA record found for f.g.ws.co.ls
No authoritative SOA record found for g.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.real.testussy.nabijaczleweli.xyz
No authoritative SOA record found for real.testussy.nabijaczleweli.xyz
No authoritative SOA record found for testussy.nabijaczleweli.xyz
Received authoritative SOA response for nabijaczleweli.xyz
No authoritative SOA record found for _acme-challenge.testussy.nabijaczleweli.xyz
No authoritative SOA record found for testussy.nabijaczleweli.xyz
Received authoritative SOA response for nabijaczleweli.xyz
No authoritative SOA record found for _acme-challenge.b.c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for b.c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for d.e.f.g.h.ws.co.ls
No authoritative SOA record found for e.f.g.h.ws.co.ls
No authoritative SOA record found for f.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for d.e.f.g.h.ws.co.ls
No authoritative SOA record found for e.f.g.h.ws.co.ls
No authoritative SOA record found for f.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for d.e.f.g.h.ws.co.ls
No authoritative SOA record found for e.f.g.h.ws.co.ls
No authoritative SOA record found for f.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.e.f.g.h.ws.co.ls
No authoritative SOA record found for e.f.g.h.ws.co.ls
No authoritative SOA record found for f.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.f.g.h.ws.co.ls
No authoritative SOA record found for f.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
Successfully added TXT records _acme-challenge.a.b.c.d.e.f.g.ws.co.ls, _acme-challenge.b.c.d.e.f.g.h.ws.co.ls, _acme-challenge.c.d.e.f.g.h.ws.co.ls, _acme-challenge.d.e.f.g.h.ws.co.ls, _acme-challenge.e.f.g.h.ws.co.ls, _acme-challenge.f.g.h.ws.co.ls, _acme-challenge.g.h.ws.co.ls, _acme-challenge.h.ws.co.ls
Successfully added TXT records _acme-challenge.real.testussy.nabijaczleweli.xyz, _acme-challenge.testussy.nabijaczleweli.xyz
Waiting 20 seconds for DNS changes to propagate
No authoritative SOA record found for _acme-challenge.a.b.c.d.e.f.g.ws.co.ls
No authoritative SOA record found for a.b.c.d.e.f.g.ws.co.ls
No authoritative SOA record found for b.c.d.e.f.g.ws.co.ls
No authoritative SOA record found for c.d.e.f.g.ws.co.ls
No authoritative SOA record found for d.e.f.g.ws.co.ls
No authoritative SOA record found for e.f.g.ws.co.ls
No authoritative SOA record found for f.g.ws.co.ls
No authoritative SOA record found for g.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.real.testussy.nabijaczleweli.xyz
No authoritative SOA record found for real.testussy.nabijaczleweli.xyz
No authoritative SOA record found for testussy.nabijaczleweli.xyz
Received authoritative SOA response for nabijaczleweli.xyz
No authoritative SOA record found for _acme-challenge.testussy.nabijaczleweli.xyz
No authoritative SOA record found for testussy.nabijaczleweli.xyz
Received authoritative SOA response for nabijaczleweli.xyz
No authoritative SOA record found for _acme-challenge.b.c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for b.c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for d.e.f.g.h.ws.co.ls
No authoritative SOA record found for e.f.g.h.ws.co.ls
No authoritative SOA record found for f.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for d.e.f.g.h.ws.co.ls
No authoritative SOA record found for e.f.g.h.ws.co.ls
No authoritative SOA record found for f.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for d.e.f.g.h.ws.co.ls
No authoritative SOA record found for e.f.g.h.ws.co.ls
No authoritative SOA record found for f.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.e.f.g.h.ws.co.ls
No authoritative SOA record found for e.f.g.h.ws.co.ls
No authoritative SOA record found for f.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.f.g.h.ws.co.ls
No authoritative SOA record found for f.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
Received authoritative SOA response for ws.co.ls
Successfully deleted TXT record _acme-challenge.a.b.c.d.e.f.g.ws.co.ls, _acme-challenge.b.c.d.e.f.g.h.ws.co.ls, _acme-challenge.c.d.e.f.g.h.ws.co.ls, _acme-challenge.d.e.f.g.h.ws.co.ls, _acme-challenge.e.f.g.h.ws.co.ls, _acme-challenge.f.g.h.ws.co.ls, _acme-challenge.g.h.ws.co.ls, _acme-challenge.h.ws.co.ls
Successfully deleted TXT record _acme-challenge.real.testussy.nabijaczleweli.xyz, _acme-challenge.testussy.nabijaczleweli.xyz
All authorizations were not finalized by the CA.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Corresponding knot log:
2023-09-07T01:19:37+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57348, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57352, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57354, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57360, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57364, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57366, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57374, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57390, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57394, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@57398, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@57404, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@57420, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@57426, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@57438, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@57454, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@57470, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57480, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57494, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57498, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57508, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57524, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57530, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57538, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57542, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57546, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57562, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57564, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57574, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57584, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57590, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57592, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57594, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57602, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57612, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57628, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57634, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57646, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57662, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57664, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57676, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57680, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57690, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57698, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57710, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57720, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57728, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57738, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57750, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57760, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57768, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57770, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57784, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57794, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57810, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57822, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57830, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57838, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@57842, key certbot.tarta.
2023-09-07T01:19:38+0200 debug: [ws.co.ls.] ACL, allowed, action update, remote 192.168.1.250@57858, key certbot.tarta.
2023-09-07T01:19:38+0200 info: [ws.co.ls.] DDNS, processing 1 updates
2023-09-07T01:19:38+0200 info: [ws.co.ls.] DDNS, finished, serial 1693863159 -> 1693863160, 0.06 seconds
2023-09-07T01:19:38+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action update, remote 192.168.1.250@57870, key certbot.tarta.
2023-09-07T01:19:38+0200 info: [nabijaczleweli.xyz.] DDNS, processing 1 updates
2023-09-07T01:19:38+0200 info: [nabijaczleweli.xyz.] DDNS, finished, serial 1694007347 -> 1694007348, 0.05 seconds
2023-09-07T01:19:39+0200 info: [ws.co.ls.] notify, outgoing, remote 213.239.242.238@53 TCP, serial 1693863160
2023-09-07T01:19:39+0200 info: [nabijaczleweli.xyz.] notify, outgoing, remote 213.239.242.238@53 TCP, serial 1694007348
2023-09-07T01:19:40+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action transfer, remote 213.239.242.238@36895
2023-09-07T01:19:40+0200 debug: [ws.co.ls.] ACL, allowed, action transfer, remote 213.239.242.238@38337
2023-09-07T01:19:40+0200 info: [nabijaczleweli.xyz.] IXFR, outgoing, remote 213.239.242.238@36895 TCP, started, serial 1694007347 -> 1694007348
2023-09-07T01:19:40+0200 info: [ws.co.ls.] IXFR, outgoing, remote 213.239.242.238@38337 TCP, started, serial 1693863159 -> 1693863160
2023-09-07T01:19:40+0200 info: [nabijaczleweli.xyz.] IXFR, outgoing, remote 213.239.242.238@36895 TCP, finished, 0.00 seconds, 1 messages, 431 bytes
2023-09-07T01:19:40+0200 info: [ws.co.ls.] IXFR, outgoing, remote 213.239.242.238@38337 TCP, finished, 0.00 seconds, 1 messages, 972 bytes
2023-09-07T01:20:56+0200 debug: [rozbrajacz.futbol.] ACL, allowed, action transfer, remote 213.133.105.6@34779
2023-09-07T01:20:56+0200 info: [rozbrajacz.futbol.] IXFR, outgoing, remote 213.133.105.6@34779 TCP, zone is up-to-date, serial 1693338493
2023-09-07T01:20:56+0200 debug: [rozbrajacz.futbol.] ACL, allowed, action transfer, remote 213.133.105.6@34779
[waiting here]
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44606, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44612, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44618, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44634, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44646, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44648, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44654, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44666, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44674, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@44684, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@44688, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@44702, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@44706, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@44716, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@44732, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@44736, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44748, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44756, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44766, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44770, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44786, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44790, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44806, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44822, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44824, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44838, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44854, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44858, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44870, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44884, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44900, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44908, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44914, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44924, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44934, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44936, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44946, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44952, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44962, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44966, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44976, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44988, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44990, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@44992, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45004, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45020, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45034, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45050, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45060, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45072, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45080, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45088, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45092, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45108, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45120, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45128, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45144, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@45160, key certbot.tarta.
2023-09-07T01:22:23+0200 debug: [ws.co.ls.] ACL, allowed, action update, remote 192.168.1.250@45170, key certbot.tarta.
2023-09-07T01:22:23+0200 info: [ws.co.ls.] DDNS, processing 1 updates
2023-09-07T01:22:23+0200 info: [ws.co.ls.] DDNS, finished, serial 1693863160 -> 1693863161, 0.06 seconds
2023-09-07T01:22:23+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action update, remote 192.168.1.250@45178, key certbot.tarta.
2023-09-07T01:22:23+0200 info: [nabijaczleweli.xyz.] DDNS, processing 1 updates
2023-09-07T01:22:23+0200 info: [nabijaczleweli.xyz.] DDNS, finished, serial 1694007348 -> 1694007349, 0.05 seconds
2023-09-07T01:22:24+0200 info: [ws.co.ls.] notify, outgoing, remote 213.239.242.238@53 TCP, serial 1693863161
2023-09-07T01:22:24+0200 debug: [ws.co.ls.] ACL, allowed, action transfer, remote 213.239.242.238@40793
2023-09-07T01:22:24+0200 info: [ws.co.ls.] IXFR, outgoing, remote 213.239.242.238@40793 TCP, started, serial 1693863160 -> 1693863161
2023-09-07T01:22:24+0200 info: [ws.co.ls.] IXFR, outgoing, remote 213.239.242.238@40793 TCP, finished, 0.00 seconds, 1 messages, 972 bytes
2023-09-07T01:22:24+0200 info: [nabijaczleweli.xyz.] notify, outgoing, remote 213.239.242.238@53 TCP, serial 1694007349
2023-09-07T01:22:24+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action transfer, remote 213.239.242.238@37879
2023-09-07T01:22:24+0200 info: [nabijaczleweli.xyz.] IXFR, outgoing, remote 213.239.242.238@37879 TCP, started, serial 1694007348 -> 1694007349
2023-09-07T01:22:24+0200 info: [nabijaczleweli.xyz.] IXFR, outgoing, remote 213.239.242.238@37879 TCP, finished, 0.00 seconds, 1 messages, 431 bytes
@nabijaczleweli
[rfc2136] Use a rudimentary cache instead of querying for every label…
4c409a2 
… of every domain every time.

After:
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46402, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46410, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46420, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46432, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46436, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46452, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46464, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46468, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46470, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@46486, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@46490, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@46506, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@46508, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action query, remote 192.168.1.250@46522, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46524, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46532, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46546, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46552, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46560, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46562, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46572, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46588, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46590, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46606, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46620, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46626, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46640, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action query, remote 192.168.1.250@46646, key certbot.tarta.
2023-09-07T01:34:21+0200 debug: [ws.co.ls.] ACL, allowed, action update, remote 192.168.1.250@46662, key certbot.tarta.
2023-09-07T01:34:21+0200 info: [ws.co.ls.] DDNS, processing 1 updates
2023-09-07T01:34:21+0200 info: [ws.co.ls.] DDNS, finished, serial 1693863161 -> 1693863162, 0.08 seconds
2023-09-07T01:34:21+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action update, remote 192.168.1.250@46668, key certbot.tarta.
2023-09-07T01:34:21+0200 info: [nabijaczleweli.xyz.] DDNS, processing 1 updates
2023-09-07T01:34:21+0200 info: [nabijaczleweli.xyz.] DDNS, finished, serial 1694007349 -> 1694007350, 0.05 seconds
2023-09-07T01:34:22+0200 info: [ws.co.ls.] notify, outgoing, remote 213.239.242.238@53 TCP, serial 1693863162
2023-09-07T01:34:22+0200 debug: [ws.co.ls.] ACL, allowed, action transfer, remote 213.239.242.238@37687
2023-09-07T01:34:22+0200 info: [ws.co.ls.] IXFR, outgoing, remote 213.239.242.238@37687 TCP, started, serial 1693863161 -> 1693863162
2023-09-07T01:34:22+0200 info: [ws.co.ls.] IXFR, outgoing, remote 213.239.242.238@37687 TCP, finished, 0.00 seconds, 1 messages, 972 bytes
2023-09-07T01:34:22+0200 info: [nabijaczleweli.xyz.] notify, outgoing, remote 213.239.242.238@53 TCP, serial 1694007350
2023-09-07T01:34:22+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action transfer, remote 213.239.242.238@41989
2023-09-07T01:34:22+0200 info: [nabijaczleweli.xyz.] IXFR, outgoing, remote 213.239.242.238@41989 TCP, started, serial 1694007349 -> 1694007350
2023-09-07T01:34:22+0200 info: [nabijaczleweli.xyz.] IXFR, outgoing, remote 213.239.242.238@41989 TCP, finished, 0.00 seconds, 1 messages, 431 bytes
2023-09-07T01:35:03+0200 debug: [ws.co.ls.] ACL, allowed, action update, remote 192.168.1.250@45800, key certbot.tarta.
2023-09-07T01:35:03+0200 info: [ws.co.ls.] DDNS, processing 1 updates
2023-09-07T01:35:03+0200 info: [ws.co.ls.] DDNS, finished, serial 1693863162 -> 1693863163, 0.08 seconds
2023-09-07T01:35:03+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action update, remote 192.168.1.250@45806, key certbot.tarta.
2023-09-07T01:35:03+0200 info: [nabijaczleweli.xyz.] DDNS, processing 1 updates
2023-09-07T01:35:03+0200 info: [nabijaczleweli.xyz.] DDNS, finished, serial 1694007350 -> 1694007351, 0.05 seconds
2023-09-07T01:35:04+0200 info: [ws.co.ls.] notify, outgoing, remote 213.239.242.238@53 TCP, serial 1693863163
2023-09-07T01:35:04+0200 debug: [ws.co.ls.] ACL, allowed, action transfer, remote 213.239.242.238@33839
2023-09-07T01:35:04+0200 info: [ws.co.ls.] IXFR, outgoing, remote 213.239.242.238@33839 TCP, started, serial 1693863162 -> 1693863163
2023-09-07T01:35:04+0200 info: [ws.co.ls.] IXFR, outgoing, remote 213.239.242.238@33839 TCP, finished, 0.00 seconds, 1 messages, 972 bytes
2023-09-07T01:35:04+0200 info: [nabijaczleweli.xyz.] notify, outgoing, remote 213.239.242.238@53 TCP, serial 1694007351
2023-09-07T01:35:04+0200 debug: [nabijaczleweli.xyz.] ACL, allowed, action transfer, remote 213.239.242.238@42663
2023-09-07T01:35:04+0200 info: [nabijaczleweli.xyz.] IXFR, outgoing, remote 213.239.242.238@42663 TCP, started, serial 1694007350 -> 1694007351
2023-09-07T01:35:04+0200 info: [nabijaczleweli.xyz.] IXFR, outgoing, remote 213.239.242.238@42663 TCP, finished, 0.00 seconds, 1 messages, 431 bytes

and

$ sudo certbot certonly --test-cert --dry-run --cert-name testussy -d testussy.nabijaczleweli.xyz,real.testussy.nabijaczleweli.xyz,a.b.c.d.e.f.g.ws.co.ls,b.c.d.e.f.g.h.ws.co.ls,c.d.e.f.g.h.ws.co.ls,d.e.f.g.h.ws.co.ls,e.f.g.h.ws.co.ls,f.g.h.ws.co.ls,g.h.ws.co.ls,h.ws.co.ls --dns-rfc2136 --dns-rfc2136-credentials /etc/letsencrypt/dns-tsig.ini --dns-rfc2136-propagation-seconds 20
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Simulating a certificate request for testussy.nabijaczleweli.xyz and 9 more domains
No authoritative SOA record found for _acme-challenge.a.b.c.d.e.f.g.ws.co.ls
No authoritative SOA record found for a.b.c.d.e.f.g.ws.co.ls
No authoritative SOA record found for b.c.d.e.f.g.ws.co.ls
No authoritative SOA record found for c.d.e.f.g.ws.co.ls
No authoritative SOA record found for d.e.f.g.ws.co.ls
No authoritative SOA record found for e.f.g.ws.co.ls
No authoritative SOA record found for f.g.ws.co.ls
No authoritative SOA record found for g.ws.co.ls
Received authoritative SOA response for ws.co.ls
No authoritative SOA record found for _acme-challenge.real.testussy.nabijaczleweli.xyz
No authoritative SOA record found for real.testussy.nabijaczleweli.xyz
No authoritative SOA record found for testussy.nabijaczleweli.xyz
Received authoritative SOA response for nabijaczleweli.xyz
No authoritative SOA record found for _acme-challenge.testussy.nabijaczleweli.xyz
No authoritative SOA record found for _acme-challenge.b.c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for b.c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for d.e.f.g.h.ws.co.ls
No authoritative SOA record found for e.f.g.h.ws.co.ls
No authoritative SOA record found for f.g.h.ws.co.ls
No authoritative SOA record found for g.h.ws.co.ls
No authoritative SOA record found for h.ws.co.ls
No authoritative SOA record found for _acme-challenge.c.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for _acme-challenge.d.e.f.g.h.ws.co.ls
No authoritative SOA record found for _acme-challenge.e.f.g.h.ws.co.ls
No authoritative SOA record found for _acme-challenge.f.g.h.ws.co.ls
No authoritative SOA record found for _acme-challenge.g.h.ws.co.ls
No authoritative SOA record found for _acme-challenge.h.ws.co.ls
Successfully added TXT records _acme-challenge.a.b.c.d.e.f.g.ws.co.ls, _acme-challenge.b.c.d.e.f.g.h.ws.co.ls, _acme-challenge.c.d.e.f.g.h.ws.co.ls, _acme-challenge.d.e.f.g.h.ws.co.ls, _acme-challenge.e.f.g.h.ws.co.ls, _acme-challenge.f.g.h.ws.co.ls, _acme-challenge.g.h.ws.co.ls, _acme-challenge.h.ws.co.ls
Successfully added TXT records _acme-challenge.real.testussy.nabijaczleweli.xyz, _acme-challenge.testussy.nabijaczleweli.xyz
Waiting 20 seconds for DNS changes to propagate
^CSuccessfully deleted TXT record _acme-challenge.a.b.c.d.e.f.g.ws.co.ls, _acme-challenge.b.c.d.e.f.g.h.ws.co.ls, _acme-challenge.c.d.e.f.g.h.ws.co.ls, _acme-challenge.d.e.f.g.h.ws.co.ls, _acme-challenge.e.f.g.h.ws.co.ls, _acme-challenge.f.g.h.ws.co.ls, _acme-challenge.g.h.ws.co.ls, _acme-challenge.h.ws.co.ls
Successfully deleted TXT record _acme-challenge.real.testussy.nabijaczleweli.xyz, _acme-challenge.testussy.nabijaczleweli.xyz
Exiting due to user request.
@nabijaczleweli
[rfc2136] What's BIND got to do with it?
62c9b36
@nabijaczleweli
CHANGELOGify
c455bca
@nabijaczleweli
Copy link
Author

rebased

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@nabijaczleweli