Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Domain is not active, or does not belong to this user, 200 #117

Open
patoski opened this issue Aug 11, 2020 · 1 comment
Open

Domain is not active, or does not belong to this user, 200 #117

patoski opened this issue Aug 11, 2020 · 1 comment

Comments

@patoski
Copy link

patoski commented Aug 11, 2020

Thanks so much for creating dnsrobocert! I'm trying to obtain a certificate from Namesilo's API using docker. Whenever I start the container everything looks fine until it runs the manual-auth-hook command. Here's the output:

dnsrobocert | dns-01 challenge for foo.com
dnsrobocert | dns-01 challenge for foo.com
dnsrobocert | Running manual-auth-hook command: /usr/bin/python3.8 -m dnsrobocert.core.hooks -t auth -c "/tmp/tmpgmyxrree/dnsrobocert-runtime.yml" -l "foo.com"
dnsrobocert | Output from manual-auth-hook command python3.8:
dnsrobocert | Executing auth hook for domain foo.com, lineage foo.com.
dnsrobocert |
dnsrobocert | manual-auth-hook command "/usr/bin/python3.8 -m dnsrobocert.core.hooks -t auth -c "/tmp/tmpgmyxrree/dnsrobocert-runtime.yml" -l "foo.com"" returned error code 1
dnsrobocert | Error output from manual-auth-hook command python3.8:
dnsrobocert | Error while executing the auth hook:
dnsrobocert | An error occurred: Domain is not active, or does not belong to this user, 200
dnsrobocert | Traceback (most recent call last):
dnsrobocert | File "/usr/lib/python3.8/site-packages/dnsrobocert/core/hooks.py", line 42, in main
dnsrobocert | globals()[parsed_args.type](dnsrobocert_config, parsed_args.lineage)
dnsrobocert | File "/usr/lib/python3.8/site-packages/dnsrobocert/core/hooks.py", line 61, in auth
dnsrobocert | _txt_challenge(profile, token, domain, action="create")
dnsrobocert | File "/usr/lib/python3.8/site-packages/dnsrobocert/core/hooks.py", line 196, in _txt_challenge
dnsrobocert | Client(lexicon_config).execute()
dnsrobocert | File "/usr/lib/python3.8/site-packages/lexicon/client.py", line 77, in execute
dnsrobocert | self.provider.authenticate()
dnsrobocert | File "/usr/lib/python3.8/site-packages/lexicon/providers/base.py", line 69, in authenticate
dnsrobocert | return self._authenticate()
dnsrobocert | File "/usr/lib/python3.8/site-packages/lexicon/providers/namesilo.py", line 30, in _authenticate
dnsrobocert | self._get('/getDomainInfo', {'domain': self.domain})
dnsrobocert | File "/usr/lib/python3.8/site-packages/lexicon/providers/base.py", line 142, in _get
dnsrobocert | return self._request('GET', url, query_params=query_params)
dnsrobocert | File "/usr/lib/python3.8/site-packages/lexicon/providers/namesilo.py", line 148, in _request
dnsrobocert | raise Exception('An error occurred: {0}, {1}'.format(
dnsrobocert | Exception: An error occurred: Domain is not active, or does not belong to this user, 200

Dnsrobocert will quickly run the manual-auth-hook three more times (four times total) with the same error each time. Finally, dns robocert will report:

dnsrobocert    | IMPORTANT NOTES:
dnsrobocert    |  - The following errors were reported by the server:
dnsrobocert    | 
dnsrobocert    |    Domain: foo.com
dnsrobocert    |    Type:   unauthorized
dnsrobocert    |    Detail: Incorrect TXT record
dnsrobocert    |    "***" (and 3 more) found at
dnsrobocert    |    _acme-challenge.foo.com
dnsrobocert    | 
dnsrobocert    |    Domain: foo.com
dnsrobocert    |    Type:   unauthorized
dnsrobocert    |    Detail: Incorrect TXT record
dnsrobocert    |    "***" (and 3 more) found at
dnsrobocert    |    _acme-challenge.foo.com
dnsrobocert    | 
dnsrobocert    |    To fix these errors, please make sure that your domain name was
dnsrobocert    |    entered correctly and the DNS A/AAAA record(s) for that domain
dnsrobocert    |    contain(s) the right IP address.

Here are the contents of my config.yml:

acme:
  email_account: foo@bar.com
  staging: true
profiles:
- name: namesilo_profile
  provider: namesilo
  provider_options:
    auth_token: ********
  sleep_time: 1000
certificates:
- domains:
  - foo.com
  - "*.foo.com"
  profile: namesilo_profile

I've changed my API token in Namesilo and verified I'm using the correct email address. Can you help me resolve this issue please? Thanks in advance!
@adferrand
Copy link
Owner

At first sight I would bet for a token associated to the wrong account, are you totally sure that the token is correct?

If so, then it could be the namesilo provider that could have a bad behavior in the Lexicon project (which is used here to contact the DNS provider API).

Since I do not have a valid account for namesilo, you will have to test on your side. Please have a look on https://github.com/AnalogJ/lexicon to see how to install and use Lexicon directly, and try to list TXT records for instance for your domain, using the namesilo provider.

If there is some errors, you can open an issue on the Lexicon project, and we will continue the troubleshooting there with a more focused context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adferrand @patoski