Question: acme-dns not listening for API

Question

Question: acme-dns not listening for API

jflamy opened this issue 3 years ago · 2 comments

[if this is not the right forum to ask, kindly redirect me]

After starting acme-dns (version pulled from the github release, untarred), it only listens to port 53.
I am therefore unable to call the API with /register to complete the creation of the CNAME records.

# sudo lsof -i -P -n | grep LISTEN | grep IPv4
systemd-r   563 systemd-resolve   13u  IPv4  18341      0t0  TCP 127.0.0.53:53 (LISTEN)
sshd        822            root    3u  IPv4  23030      0t0  TCP *:22 (LISTEN)
sshd       5721            root   10u  IPv4  54066      0t0  TCP 127.0.0.1:6010 (LISTEN)
sshd       7214            root   10u  IPv4  64930      0t0  TCP 127.0.0.1:6011 (LISTEN)
acme-dns  18125            root    5u  IPv4 143772      0t0  TCP 127.0.0.1:53 (LISTEN)

API section is standard, just changed the port to 8443


[api]
# listen ip eg. 127.0.0.1
ip = "0.0.0.0"
# disable registration endpoint
disable_registration = false
# listen port, eg. 443 for default HTTPS
port = "8443"
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
tls = "letsencryptstaging"
# only used if tls = "cert"
tls_cert_privkey = "/etc/tls/jflamy.dev/privkey.pem"
tls_cert_fullchain = "/etc/tls/jflamy.dev/fullchain.pem"
# only used if tls = "letsencrypt"
acme_cache_dir = "api-certs"
# CORS AllowOrigins, wildcards can be used
corsorigins = [
    "*"
]
# use HTTP header to get the client ip
use_header = false
# header name to pull the ip address / list of ip addresses from
header_name = "X-Forwarded-For"

There are no messages in the startup output pertaining to the API or to a misconfiguration. There seems to be a catch-22 if acme-dns is looking for a certificate for itself as indicated on the last line.

# INFO[0000] Using config file                             file=./config.cfg
INFO[0000] Connected to database
DEBU[0000] Adding new record to domain                   domain=ns.auth.jflamy.dev. recordtype=A
DEBU[0000] Adding new record to domain                   domain=auth.jflamy.dev. recordtype=NS
DEBU[0000] Adding new record to domain                   domain=auth.jflamy.dev. recordtype=SOA
INFO[0000] Listening DNS                                 addr="127.0.0.1:53" proto=udp
INFO[0000] Listening DNS                                 addr="127.0.0.1:53" proto=tcp
INFO[0000] 2022/01/25 14:15:04 [INFO][cache:0xc0000ae5f0] Started certificate maintenance routine
INFO[0000] 2022/01/25 14:15:04 [INFO][auth.jflamy.dev] Obtain certificate

The public IP address for ns.auth.jflamy.dev is correct, and port 53 is open, but I just want to register at this point...

Answer 1 · 2022-01-25T21:40:46.000Z

Changing tls to "none" and using a http port does not help either.

INFO[0000] Listening HTTP                                host="0.0.0.0:8080"
INFO[0000] Listening DNS                                 addr="127.0.0.1:53" proto=udp
INFO[0000] Listening DNS                                 addr="127.0.0.1:53" proto=tcp
INFO[0000] 2022/01/25 16:34:46 [INFO][cache:0xc0000ae5f0] Started certificate maintenance routine

curl -L http://localhost:8080/register reports "method not allowed"

Answer 2 · 2022-01-25T21:44:46.000Z

The later actually seems to indicate that the listener is up. "method not allowed" is because acme-dns only does POST requests and the default for curl is GET. "method not allowed" is an actual response from the acme-dns http listener.

I don't know why the listener failed to start in the original post though...