ACME: previous dns record will not be deleted while issue the second certificate, it makes the second fail
Bisstocuz opened this issue · 0 comments
Bisstocuz commented
Interactsh version:
Interactsh-Server v1.1.2
Current Behavior:
I have a top-level domain example.com, then I wanna use oast.example.com to resolve interactsh interactions.
If I provide a certificate with CN *.oast.example.com, the Web client app.interactsh.com cannot connect to it properly because oast.example.com is not included in *.oast.example.com for browser (Microsoft Edge 111.0.1661.62).
Expected Behavior:
- When request host is
oast.example.com, use certificate with CNoast.example.cominstead while using ACME. - Allow users to provide more certificates. (optional)
Steps To Reproduce:
- Use
oast.example.comto startinteractsh-server. - Wait ACME to obtain certificates.
- Connect it via
app.interactsh.com.
Anything else:
It seems that be related to this:
1.68135842274485e+09 info obtain acquiring lock {"identifier": "*.example.com"}
1.6813584227451315e+09 info maintenance started background certificate maintenance {"cache": "0xc0003018f0"}
1.6813584227469733e+09 info obtain lock acquired {"identifier": "*.example.com"}
1.6813584227471385e+09 info obtain obtaining certificate {"identifier": "*.example.com"}
1.68135842274761e+09 info waiting on internal rate limiter {"identifiers": ["*.example.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "admin@example.com"}
1.6813584227476232e+09 info done waiting on internal rate limiter {"identifiers": ["*.example.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "admin@example.com"}
1.6813584256117125e+09 info acme_client trying to solve challenge {"identifier": "*.example.com", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
1.6813584295660403e+09 error acme_client cleaning up solver {"identifier": "*.example.com", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for "_acme-challenge.example.com" (usually OK if presenting also failed)"}
1.681358429566284e+09 info acme_client authorization finalized {"identifier": "*.example.com", "authz_status": "valid"}
1.6813584295663383e+09 info acme_client validations succeeded; finalizing order {"order": "https://acme-v02.api.letsencrypt.org/acme/order/1052573887/175858912547"}
1.6813584313439014e+09 info acme_client successfully downloaded available certificate chains {"count": 2, "first_url": "https://acme-v02.api.letsencrypt.org/acme/cert/04270614245b3144156d4dbc7added15cec7"}
1.6813584313445919e+09 info obtain certificate obtained successfully {"identifier": "*.example.com"}
1.6813584313446202e+09 info obtain releasing lock {"identifier": "*.example.com"}
1.681358432637552e+09 info obtain acquiring lock {"identifier": "example.com"}
1.6813584326390805e+09 info obtain lock acquired {"identifier": "example.com"}
1.6813584326391814e+09 info obtain obtaining certificate {"identifier": "example.com"}
1.6813584326396532e+09 info waiting on internal rate limiter {"identifiers": ["example.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "admin@example.com"}
1.6813584326396782e+09 info done waiting on internal rate limiter {"identifiers": ["example.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "admin@example.com"}
1.6813584339377418e+09 info acme_client trying to solve challenge {"identifier": "example.com", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
1.6813584339743567e+09 error acme_client cleaning up solver {"identifier": "example.com", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for "_acme-challenge.example.com" (usually OK if presenting also failed)"}
1.6813584343696542e+09 error obtain could not get certificate from issuer {"identifier": "example.com", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[example.com] solving challenges: presenting for challenge: expected one record, got 2: [{ TXT gzMAhE4kXxD-I1AtOgZXPFzPYETwu2AK4QZ73_EcSuQ 0s 0} { TXT n5szy1XB50jmsvzll0FrqQM8NkxptcKcTpRA4kF6UqM 0s 0}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1052573887/175858936827) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
1.6813584343696938e+09 info obtain releasing lock {"identifier": "example.com"}
[ERR] Could not manage certmagic certs: example.com: obtaining certificate: [example.com] Obtain: [example.com] solving challenges: presenting for challenge: expected one record, got 2: [{ TXT gzMAhE4kXxD-I1AtOgZXPFzPYETwu2AK4QZ73_EcSuQ 0s 0} { TXT n5szy1XB50jmsvzll0FrqQM8NkxptcKcTpRA4kF6UqM 0s 0}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1052573887/175858936827) (ca=https://acme-v02.api.letsencrypt.org/directory)
[INF] Successfully Created SSL Certificate at: /root/.local/share/certmagic