You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Third-level domain name wildcard certificate verification failed, Alibaba Cloud error code: InvalidDomainName.NoExist,
The correct domain name is: example.com, but the domain name of the dns interface parameter is: api.cjh.example.com
To Reproduce
A simple Windows ACMEv2 client (WACS)
Software version 2.2.8.1635 (release, pluggable, standalone, 64-bit)
Connecting to https://acme-v02.api.letsencrypt.org/...
Connection OK!
Scheduled task looks healthy
Please report issues at https://github.com/win-acme/win-acme
N: Create certificate (default settings)
M: Create certificate (full options)
R: Run renewals (0 currently due)
A: Manage renewals (5 total)
O: More options...
Q: Quit
Please choose from the menu: N
Running in mode: Interactive, Simple
Please select which website(s) should be scanned for host names. You may
input one or more site identifiers (comma-separated) to filter by those
sites, or alternatively leave the input empty to scan *all* websites.
4: Example.AuthServer (3 bindings)
3: Example.HttpApi (2 bindings)
2: Example.Web (3 bindings)
Site identifier(s) or <Enter> to choose all: 3
1: api.cjh.example.com (Site 3)
2: *.api.cjh.example.com (Site 3)
Listed above are the bindings found on the selected site(s). By default all
of them will be included, but you may either pick specific ones by typing the
host names or identifiers (comma-separated) or filter them using one of the
options from the menu.
P: Pick bindings based on a search pattern
A: Pick *all* bindings
Binding identifiers(s) or menu option: A
1: api.cjh.example.com
2: *.api.cjh.example.com
Please pick the main host, which will be presented as the subject of the certificate: 2
1: api.cjh.example.com (Site 3)
2: *.api.cjh.example.com (Site 3)
Continue with this selection? (y*/n) - yes
Source generated using plugin IIS: *.api.cjh.example.com and 1 alternatives
Validation plugin SelfHosting not available: HTTP validation cannot be used for wildcard identifiers (e.g. *.example.com)
Validation plugin FileSystem not available: HTTP validation cannot be used for wildcard identifiers (e.g. *.example.com)
The ACME server will need to verify that you are the owner of the domain
names that you are requesting the certificate for. This happens both during
initial setup *and* for every future renewal. There are two main methods of
doing so: answering specific http requests (http-01) or create specific dns
records (dns-01). For wildcard identifiers the latter is the only option.
Various additional plugins are available from
https://github.com/win-acme/win-acme/.
1: [http] Save verification files on (network) path
2: [http] Serve verification files from memory
3: [http] Upload verification files via FTP(S)
4: [http] Upload verification files via SSH-FTP
5: [http] Upload verification files via WebDav
6: [dns] Create verification records in ALiYun DNS
7: [dns] Create verification records manually (auto-renew not possible)
8: [dns] Create verification records with acme-dns (https://github.com/joohoi/acme-dns)
9: [dns] Create verification records with your own script
10: [tls-alpn] Answer TLS verification request from win-acme
<Enter>: Abort
How would you like prove ownership for the domain(s)?: 6
Description: DNS Server Domain Name
Refer: https://api.aliyun.com/product/Alidns
Argument: dns.aliyuncs.com (press <Enter> to use this)
ALiYun Domain Server: <Enter>
Description: API ID for ALiYun.
1: Type/paste in console
2: Search in vault
Choose from the menu: 2
1: vault://json/api
2: vault://json/key
<Enter>: Cancel
Which vault secret do you want to use?: 1
Description: API Secret for ALiYun.
1: Type/paste in console
2: Search in vault
Choose from the menu: 2
1: vault://json/api
2: vault://json/key
<Enter>: Cancel
Which vault secret do you want to use?: 2
Plugin IIS generated source *.api.cjh.example.com with 2 identifiers
Plugin Single created 1 order
Cached order has status invalid, discarding
No challenge of type dns-01 available
[api.cjh.example.com] Cached authorization result: valid
[*.api.cjh.example.com] Authorizing...
[*.api.cjh.example.com] Authorizing using dns-01 validation (ALiYun)
code: 400, The specified domain name does not exist. Refresh the page and try again. request id: 14E5C602-B130-5127-9E0E-BBC27F84AEE5
Unable to add ALiYunDNS record: code: 400, The specified domain name does not exist. Refresh the page and try again. request id: 14E5C602-B130-5127-9E0E-BBC27F84AEE5
[*.api.cjh.example.com] Error preparing for challenge answer
[*.api.cjh.example.com] Deactivating pending authorization
Create certificate failed, retry? (y/n*)
Log
2024-03-04 18:32:20.504 +08:00 [DBG] [*.api.cjh.example.com] Attempting to create DNS record under _acme-challenge.api.cjh.example.com...
2024-03-04 18:32:20.899 +08:00 [ERR] Unable to add ALiYunDNS record: code: 400, The specified domain name does not exist. Refresh the page and try again. request id: 14E5C602-B130-5127-9E0E-BBC27F84AEE5
2024-03-04 18:32:20.899 +08:00 [DBG] [*.api.cjh.example.com] Failed to create record under _acme-challenge.api.cjh.example.com
2024-03-04 18:32:20.919 +08:00 [ERR] [*.api.cjh.example.com] Error preparing for challenge answer
System.Exception: [*.api.cjh.example.com] Unable to prepare for challenge answer
at PKISharp.WACS.Plugins.ValidationPlugins.DnsValidation`1.PrepareChallenge(ValidationContext context, Dns01ChallengeValidationDetails challenge)
at PKISharp.WACS.Plugins.ValidationPlugins.Validation`1.PrepareChallenge(ValidationContext context)
at PKISharp.WACS.RenewalValidator.Prepare(ValidationContext context, RunLevel runLevel)
2024-03-04 18:32:20.920 +08:00 [VRB] Starting post-validation cleanup
2024-03-04 18:32:20.921 +08:00 [DBG] DNS record cleanup finalized
2024-03-04 18:32:20.921 +08:00 [VRB] Post-validation cleanup was succesful
2024-03-04 18:32:20.923 +08:00 [INF] [*.api.cjh.example.com] Deactivating pending authorization
WouterTinus
changed the title
plugin.validation.dns.aliyun Third-level domain name wildcard certificate verification failed InvalidDomainName.NoExist
[Aliyun] third-level domain name wildcard verification failed InvalidDomainName.NoExist
Mar 6, 2024
Describe the bug
Third-level domain name wildcard certificate verification failed, Alibaba Cloud error code: InvalidDomainName.NoExist,
The correct domain name is: example.com, but the domain name of the dns interface parameter is: api.cjh.example.com
To Reproduce
Log
Platform:
Additional context
aliyun AccessKey Audit log:
Event Name:DescribeDomainRecords
Event Last Time:2024-03-04 18:32:20
Event Details:
The text was updated successfully, but these errors were encountered: