Comments (8)
maddes-b
commented on June 5, 2024
2
Fix for current master developed and tested. Pull rquest is #351
from acme-dns.
fredcy
commented on June 5, 2024
1
I ended up not using acme-dns and so I don't have more info.
from acme-dns.
danielztolnai
commented on June 5, 2024
I am receiving the same messages. Did you manage to find out the cause?
I've never run acme-dns as root, so that can be ruled out. I built the executable from the latest source using go 1.18.1 and am running it on a fresh Ubuntu 22.04.3 using the provided systemd service. I also have tls = "letsencrypt" and I'm also using the recommended user setup.
from acme-dns.
PKizzle
commented on June 5, 2024
May I ask what you are using as an alternative?
from acme-dns.
fredcy
commented on June 5, 2024
(Probably not helpful, but...) I was planning to use acme-dns to manage certs on a private development network on a DNS sub-domain. It worked OK, but management decided to just buy a wildcard cert for that subdomain, making acme-dns moot in our case.
from acme-dns.
PKizzle
commented on June 5, 2024
Ah okay. I thought there might be a different solution to acme-dns but that does not seem to be the case then.
from acme-dns.
PKizzle
commented on June 5, 2024
For the rest that are facing the cache issue: I have found a solution but am not sure whether this is the correct patch as I have added quite a bit of source code to acme-dns. So try it out and give feedback whether it works for you. It is based on the refactoring branch.
From 003a56d677fe0cf621ea92fc9446cf45a199e277 Mon Sep 17 00:00:00 2001
From: Philipp Kolberg <[email protected]>
Date: Wed, 29 Nov 2023 22:43:49 +0100
Subject: [PATCH] Fix certmagic cache handling
---
pkg/api/api.go | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
diff --git a/pkg/api/api.go b/pkg/api/api.go
index 9fc96f6..bd75129 100644
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -4,6 +4,7 @@ import (
"context"
"crypto/tls"
"net/http"
+ "sync"
"github.com/acme-dns/acme-dns/pkg/acmedns"
@@ -14,10 +15,12 @@ import (
)
type AcmednsAPI struct {
- Config *acmedns.AcmeDnsConfig
- DB acmedns.AcmednsDB
- Logger *zap.SugaredLogger
- errChan chan error
+ Config *acmedns.AcmeDnsConfig
+ DB acmedns.AcmednsDB
+ Logger *zap.SugaredLogger
+ errChan chan error
+ magicCache *certmagic.Cache
+ magicCacheMu sync.Mutex
}
func Init(config *acmedns.AcmeDnsConfig, db acmedns.AcmednsDB, logger *zap.SugaredLogger, errChan chan error) AcmednsAPI {
@@ -137,12 +140,17 @@ func (a *AcmednsAPI) setupTLS(dnsservers []acmedns.AcmednsNS) *certmagic.Config
magicConf.Logger = a.Logger.Desugar()
magicConf.Storage = &storage
magicConf.DefaultServerName = a.Config.General.Domain
- magicCache := certmagic.NewCache(certmagic.CacheOptions{
- GetConfigForCert: func(cert certmagic.Certificate) (*certmagic.Config, error) {
- return &magicConf, nil
- },
- Logger: a.Logger.Desugar(),
- })
- magic := certmagic.New(magicCache, magicConf)
+ a.magicCacheMu.Lock()
+ if a.magicCache == nil {
+ a.magicCache = certmagic.NewCache(certmagic.CacheOptions{
+ GetConfigForCert: func(cert certmagic.Certificate) (*certmagic.Config, error) {
+ return a.setupTLS(dnsservers), nil
+ },
+ Logger: a.Logger.Desugar(),
+ })
+ }
+ certCache := a.magicCache
+ a.magicCacheMu.Unlock()
+ magic := certmagic.New(certCache, magicConf)
return magic
}
--
2.39.3 (Apple Git-145)
from acme-dns.
maddes-b
commented on June 5, 2024
I have the same issue with the current master @27e8251d11ba0a08c9b576fc04d61c1c7ba9b500
What is striking is that it creates 2 caches, but I do not know where these are coming from:
Apr 08 20:13:32 vmanager9064 acme-dns[16782]: 1.7126072127843883e+09 info maintenance started background certificate maintenance {"cache": "0xc000026800"}
Apr 08 20:13:32 vmanager9064 acme-dns[16782]: 1.7126072127844315e+09 info maintenance started background certificate maintenance {"cache": "0xc000026880"}
...
Apr 08 20:43:32 vmanager9064 acme-dns[16782]: 1.712609012784654e+09 error maintenance unable to get configuration to manage certificate; unable to renew {"identifiers": ["<snip>"], "error": "config returned for certificate [<snip>] is not nil and points to different cache; got 0xc000026800, expected 0xc000026880 (this one)"}
This issue is independent of having only a single server and account in api-certs/acme directory, or having multiple servers and/or accounts in there.
Also just updating to latest certmagic v0.20.0 did not help (GOPATH=/tmp/go-acme-dns go get -u github.com/caddyserver/[email protected]). Last bump of certmagic was #334.
On master @6ba9360156b8658dbbd652eea100c11cc098b1f8 I do not see messages for any caches, and do not get any renew errors every 10 minutes.
@joohoi Is this the reason for the other repo at https://github.com/acme-dns/acme-dns/ ? Your personal repo here for development/testing and the other one for production state ?
I found a similar issue for caddyserver/caddy#5162 (with PR caddyserver/caddy#5169 merge caddyserver/caddy@ac96455) also related how to use certmagic.
Do not know if #337 (comment) can be adapted to current master and would fix it.
Update 2024-04-11: I got a solution for the current release, currently testing all cases (renewal, revoked, etc.) plus adding some more debug log messages.
from acme-dns.
Related Issues (20)
- ACME-DNS-API not pulling a certificate for itself HOT 9
- Build fails with go 1.15
- /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found HOT 4
- auth.acme-dns.io has become unavailable HOT 1
- README adduser command wrong
- acme-dns only saves a single TXT record, not 2
- Configuration questions HOT 1
- Register endpoint with configurable subdomain HOT 3
- CAA issues when higher level domain has a CAA HOT 2
- Add `server_url` to JSON storage file
- nxdomain responses include huge timeouts HOT 2
- Is it possible to add support for Dynamic DNS subdomains
- Add support for PROXY protocol
- Please accept the PR for making registration endpoint configurable HOT 3
- Not able to generate cert for itself, no TXT record created
- Issue with Certificate Renewal from Let's Encrypt
- Build failed, error in sqlite3 dependency
- Is this project still active? HOT 4
- Acme-Dns Server Failing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-dns.