nagachika / acmesmith-google-cloud-dns Goto Github PK
View Code? Open in Web Editor NEWacmesmith plugin implementing dns-01 using Google Cloud DNS
acmesmith plugin implementing dns-01 using Google Cloud DNS
I tried to create wildcard certificate, and found a problem.
When I tried to create wildcard certificate without SANs (SAN=X509v3 Subject Alternative Name)
by following command, it succeeded.
acmesmith order '*.yasooon2018.work'
tsuyoshi@wezen% bundle exec acmesmith order '*.yasooon2018.work'
=> Ordering a certificate for the following identifiers:
* *.yasooon2018.work
=> Generating CSR
=> Placing an order
=> Looking for required domain authorizations
* yasooon2018.work
=> Responsing to the challenges for the following identifier:
* Responder: Acmesmith::ChallengeResponders::GoogleCloudDns
* Identifiers:
- yasooon2018.work (dns-01)
=> Responding challenge dns-01 for yasooon2018.work in Acmesmith::ChallengeResponders::GoogleCloudDns
* create_change: TXT "_acme-challenge.yasooon2018.work.", "yGhh6dL7Zmgp5dgibrKNKXF1SeXo6yVkaKk0semdwh4"
* requested change: 62
* change "62" is still "pending"
* synced!
=> Checking DNS resource record
* nameservers: ["ns-cloud-c1.googledomains.com.", "ns-cloud-c2.googledomains.com.", "ns-cloud-c3.googledomains.com.", "ns-cloud-c4.googledomains.com."]
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] success: ttl=5, data="yGhh6dL7Zmgp5dgibrKNKXF1SeXo6yVkaKk0semdwh4"
* [ns-cloud-c2.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c2.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c2.googledomains.com.] success: ttl=5, data="yGhh6dL7Zmgp5dgibrKNKXF1SeXo6yVkaKk0semdwh4"
* [ns-cloud-c3.googledomains.com.] success: ttl=5, data="yGhh6dL7Zmgp5dgibrKNKXF1SeXo6yVkaKk0semdwh4"
* [ns-cloud-c4.googledomains.com.] success: ttl=5, data="yGhh6dL7Zmgp5dgibrKNKXF1SeXo6yVkaKk0semdwh4"
=> Requesting validations...
* yasooon2018.work (dns-01) ... [ ok ]
=> Waiting for the validation...
* [yasooon2018.work] status: valid
=> Cleaning the responses the challenges for the following identifier:
* Responder: Acmesmith::ChallengeResponders::GoogleCloudDns
* Identifiers:
- yasooon2018.work (dns-01)
=> Authorized!
=> Finalizing the order
* Requesting... [ ok ]
=> Certificate issued
* securing into the storage ... [ ok ]
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
fa:5f:86:13:68:ba:66:de:97:4a:bb:ce:e3:79:f7:97:0a:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Fake LE Intermediate X1
Validity
Not Before: Aug 22 17:51:40 2018 GMT
Not After : Nov 20 17:51:40 2018 GMT
Subject: CN=*.yasooon2018.work
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:6a:a0:94:43:a3:13:ac:d1:2b:22:9e:72:f3:
93:a4:5d:e2:5b:d3:68:2c:90:44:4e:33:54:41:c0:
a5:c0:5b:45:83:3e:74:dc:00:2f:bf:9c:a0:1d:be:
dc:89:20:1a:b2:59:1f:32:22:a5:27:58:77:73:0f:
c3:9a:ca:61:b5:85:da:e9:79:44:23:85:33:3e:00:
ca:f6:6f:c7:87:42:b5:9a:f0:42:24:ff:b2:b4:27:
dc:89:b2:7a:74:f8:ae:6f:80:68:07:a5:fe:a0:7b:
51:0e:ee:72:1a:81:ba:57:3d:49:bb:c9:b8:69:eb:
19:55:04:07:1a:92:67:1d:5f:5a:2e:a8:f1:b3:ea:
cf:7e:77:08:e3:c7:74:73:82:13:be:32:d1:06:1c:
d4:b1:0e:c9:8e:41:9f:e6:c3:27:40:bb:e2:ec:d8:
4c:65:16:4d:18:8f:8e:a9:b5:27:98:63:91:d5:56:
f7:9b:10:5a:dc:f5:8d:9a:96:81:5d:85:b5:e3:ee:
b2:cb:56:d9:e5:66:8b:8f:e5:3d:71:1f:c5:5f:b8:
78:eb:d8:67:e8:2c:3e:cc:e0:7d:57:ed:93:0c:1d:
f0:4c:03:20:bc:f7:a0:8a:15:69:67:32:53:0f:91:
1d:79:1c:39:21:01:a5:fc:0e:17:8a:f2:d5:db:1f:
4f:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
B5:16:48:4F:7D:A1:98:16:7E:F6:4D:2D:D6:A5:69:E5:A9:3F:11:71
X509v3 Authority Key Identifier:
keyid:C0:CC:03:46:B9:58:20:CC:5C:72:70:F3:E1:2E:CB:20:A6:F5:68:3A
Authority Information Access:
OCSP - URI:http://ocsp.stg-int-x1.letsencrypt.org
CA Issuers - URI:http://cert.stg-int-x1.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:*.yasooon2018.work
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
User Notice:
Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : DD:99:34:FC:A5:E7:24:80:C9:56:68:7D:81:34:99:08:
49:B2:49:F7:B5:69:D8:C7:BC:AB:3F:5C:C1:F3:6E:64
Timestamp : Aug 22 18:51:40.117 2018 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:41:73:07:B7:61:F0:CD:D4:50:BB:AC:04:
41:7A:B0:BB:A0:DD:E7:D1:33:FE:41:6A:A3:A3:8A:E6:
A1:4C:87:6E:02:21:00:85:80:FE:B1:23:14:65:B2:86:
04:18:3E:18:C4:B6:19:85:BF:82:7D:88:2C:E1:F8:61:
E1:A5:46:9C:C4:7C:2C
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B0:CC:83:E5:A5:F9:7D:6B:AF:7C:09:CC:28:49:04:87:
2A:C7:E8:8B:13:2C:63:50:B7:C6:FD:26:E1:6C:6C:77
Timestamp : Aug 22 18:51:40.193 2018 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:5B:21:45:FB:92:B1:E1:23:74:A3:43:98:
FF:5D:F6:EF:72:91:C6:73:3E:3D:91:32:E8:9E:8E:2B:
4B:C3:44:4F:02:21:00:A4:9A:C2:9A:AF:4F:3C:D8:0C:
A1:31:B5:6F:75:03:97:5B:6D:98:C1:04:C6:B0:F0:68:
7A:C1:E5:D5:69:70:05
Signature Algorithm: sha256WithRSAEncryption
26:b3:f5:27:e2:2e:06:dd:69:94:04:a7:c5:9e:3a:be:35:fd:
47:b2:13:c2:1a:b8:ad:b0:49:c3:b0:f4:ee:d5:d8:db:e6:0b:
fe:16:36:bd:3b:55:85:d6:7c:fd:64:ba:2c:eb:ee:0e:fa:20:
b7:06:23:5d:f1:86:c0:a8:cd:f9:00:ed:27:58:8b:8a:81:c8:
ed:1d:7e:ee:15:30:ba:9e:ce:a6:42:f9:fe:6b:7b:f5:04:46:
03:e6:f7:08:1d:ab:c2:40:c9:bd:88:aa:b5:61:01:3c:00:95:
77:bf:65:64:73:d7:ef:c5:0b:b1:e4:fc:3a:a1:63:82:ab:d3:
d5:48:d6:e7:ae:bb:24:24:0d:66:16:87:d2:8b:08:ba:41:d7:
46:2e:09:86:c3:81:4e:4b:e5:8f:e3:f8:03:64:29:fd:34:e6:
3a:16:e4:a0:04:bd:63:7b:ac:67:a7:f6:e9:69:f2:d8:dc:e9:
2f:ce:b8:66:c4:d0:d4:d5:d3:c1:06:b9:c8:08:5f:ad:42:10:
f9:7a:3e:c4:48:bb:28:c3:a3:2a:16:eb:48:a3:33:b5:bd:9e:
9c:3c:43:84:ab:36:32:49:39:bd:90:8b:62:79:95:91:36:f4:
59:98:1d:40:b0:79:f2:aa:9b:a2:18:39:b9:01:8b:7a:32:03:
b7:db:0d:b4
-----BEGIN CERTIFICATE-----
(...snip...)
-----END CERTIFICATE-----
But when I tried to create wildcard certificate with SANs by following command,
acmesmith order yasooon2018.work '*.yasooon2018.work'
it failed with this error message.
Google::Apis::ClientError: alreadyExists: The resource 'entity.change.additions[0]' named '_acme-challenge.yasooon2018.work. (TXT)' already exists
tsuyoshi@wezen% bundle exec acmesmith order yasooon2018.work '*.yasooon2018.work'
=> Ordering a certificate for the following identifiers:
* yasooon2018.work
* *.yasooon2018.work
=> Generating CSR
=> Placing an order
=> Looking for required domain authorizations
* yasooon2018.work
* yasooon2018.work
=> Responsing to the challenges for the following identifier:
* Responder: Acmesmith::ChallengeResponders::GoogleCloudDns
* Identifiers:
- yasooon2018.work (dns-01)
- yasooon2018.work (dns-01)
=> Responding challenge dns-01 for yasooon2018.work in Acmesmith::ChallengeResponders::GoogleCloudDns
* create_change: TXT "_acme-challenge.yasooon2018.work.", "9vEO-G5XR8cJ7DnOhzFriptEsYFOP8ecpQBQDju8i0A"
* requested change: 66
* change "66" is still "pending"
* synced!
=> Checking DNS resource record
* nameservers: ["ns-cloud-c1.googledomains.com.", "ns-cloud-c2.googledomains.com.", "ns-cloud-c3.googledomains.com.", "ns-cloud-c4.googledomains.com."]
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] failed: DNS result has no information for _acme-challenge.yasooon2018.work.
* [ns-cloud-c1.googledomains.com.] success: ttl=5, data="9vEO-G5XR8cJ7DnOhzFriptEsYFOP8ecpQBQDju8i0A"
* [ns-cloud-c2.googledomains.com.] success: ttl=5, data="9vEO-G5XR8cJ7DnOhzFriptEsYFOP8ecpQBQDju8i0A"
* [ns-cloud-c3.googledomains.com.] success: ttl=5, data="9vEO-G5XR8cJ7DnOhzFriptEsYFOP8ecpQBQDju8i0A"
* [ns-cloud-c4.googledomains.com.] success: ttl=5, data="9vEO-G5XR8cJ7DnOhzFriptEsYFOP8ecpQBQDju8i0A"
=> Responding challenge dns-01 for yasooon2018.work in Acmesmith::ChallengeResponders::GoogleCloudDns
* create_change: TXT "_acme-challenge.yasooon2018.work.", "GlhDWWcxnk385Kdpo2w4v3hoftSLpKYX0Jhf269-kFg"
bundler: failed to load command: acmesmith (/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/bin/acmesmith)
Google::Apis::ClientError: alreadyExists: The resource 'entity.change.additions[0]' named '_acme-challenge.yasooon2018.work. (TXT)' already exists
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/google-api-client-0.23.4/lib/google/apis/core/http_command.rb:218:in `check_status'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/google-api-client-0.23.4/lib/google/apis/core/api_command.rb:116:in `check_status'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/google-api-client-0.23.4/lib/google/apis/core/http_command.rb:183:in `process_response'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/google-api-client-0.23.4/lib/google/apis/core/http_command.rb:299:in `execute_once'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/google-api-client-0.23.4/lib/google/apis/core/http_command.rb:104:in `block (2 levels) in execute'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/retriable-3.1.2/lib/retriable.rb:61:in `block in retriable'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/retriable-3.1.2/lib/retriable.rb:56:in `times'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/retriable-3.1.2/lib/retriable.rb:56:in `retriable'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/google-api-client-0.23.4/lib/google/apis/core/http_command.rb:101:in `block in execute'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/retriable-3.1.2/lib/retriable.rb:61:in `block in retriable'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/retriable-3.1.2/lib/retriable.rb:56:in `times'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/retriable-3.1.2/lib/retriable.rb:56:in `retriable'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/google-api-client-0.23.4/lib/google/apis/core/http_command.rb:93:in `execute'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/google-api-client-0.23.4/lib/google/apis/core/base_service.rb:360:in `execute_or_queue_command'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/google-api-client-0.23.4/generated/google/apis/dns_v1/service.rb:95:in `create_change'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/acmesmith-google-cloud-dns-0.1.1/lib/acmesmith/challenge_responders/google_cloud_dns.rb:46:in `respond'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/acmesmith-2.1.0/lib/acmesmith/challenge_responders/base.rb:23:in `block in respond_all'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/acmesmith-2.1.0/lib/acmesmith/challenge_responders/base.rb:22:in `each'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/acmesmith-2.1.0/lib/acmesmith/challenge_responders/base.rb:22:in `respond_all'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/acmesmith-2.1.0/lib/acmesmith/client.rb:224:in `block in process_authorizations'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/acmesmith-2.1.0/lib/acmesmith/client.rb:214:in `each'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/acmesmith-2.1.0/lib/acmesmith/client.rb:214:in `process_authorizations'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/acmesmith-2.1.0/lib/acmesmith/client.rb:42:in `order'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/acmesmith-2.1.0/lib/acmesmith/command.rb:36:in `order'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/thor-0.20.0/lib/thor/base.rb:466:in `start'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/gems/acmesmith-2.1.0/bin/acmesmith:4:in `<top (required)>'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/bin/acmesmith:23:in `load'
/home/tsuyoshi/tmp/acmesmith-20180704/vendor/bundle/ruby/2.5.0/bin/acmesmith:23:in `<top (required)>'
other informations:
# directory: https://acme-v02.api.letsencrypt.org/directory
directory: https://acme-staging-v02.api.letsencrypt.org/directory
storage:
type: filesystem
path: keys
challenge_responders:
- google_cloud_dns:
project_id: my-project-id
private_key_json_file: /path/to/service-account-key.json
ttl: 5
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.