Traefik ACME DNS-01 gcloud重复记录
Traefik ACME DNS-01 gcloud duplicate records
我不确定这是特定于 traefik 和我的配置的问题还是错误,但是将我的提供商从 route53 移动到 gcloud 我的 acme 配置从 google.[=12 生成了 409 个重复资源错误=]
看来 acme 代码希望能够覆盖 TXT 记录,但在 gcloud 上不能。
错误看起来像:
time="2018-11-01T11:46:41Z" level=error msg="Error obtaining certificate: acme: Error -> One or more domains had a problem:\n[qa.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"VuOLZS3tfLfrOswFtV3mayqOYaz5PvQK16nJdgMdMez\"' already exists, alreadyExists\n"
time="2018-11-01T11:46:41Z" level=error msg="Unable to obtain ACME certificate for domains \"*.qa.mydomain.com,qa.mydomain.com\" : unable to generate a certificate for the domains [*.qa.mydomain.com qa.mydomain.com]: acme: Error -> One or more domains had a problem:\n[qa.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"VuOLZS3tfLfrOswFtV3mayqOYaz5PvQK16nJdgMdMez\"' already exists, alreadyExists\n"
time="2018-11-01T11:46:41Z" level=error msg="Error obtaining certificate: acme: Error -> One or more domains had a problem:\n[development.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"Jfv6orVfbwi0IdQbmpvG3qnIltMX5x56vGUpHjoBzOa\"' already exists, alreadyExists\n"
time="2018-11-01T11:46:41Z" level=error msg="Unable to obtain ACME certificate for domains \"*.development.mydomain.com,development.mydomain.com\" : unable to generate a certificate for the domains [*.development.mydomain.com development.mydomain.com]: acme: Error -> One or more domains had a problem:\n[development.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"Jfv6orVfbwi0IdQbmpvG3qnIltMX5x56vGUpHjoBzOa\"' already exists, alreadyExists\n"
极致配置:
[acme]
email = "email@mydomain.com"
storage = "/acme-certificates/acme.json"
acmeLogging = true
entryPoint = "https"
[acme.dnsChallenge]
provider = "gcloud"
[[acme.domains]]
main = "*.development.mydomain.com"
sans = ["development.mydomain.com"]
[[acme.domains]]
main = "*.qa.mydomain.com"
sans = ["qa.mydomain.com"]
当您在同一条记录上有一个裸域和一个通配符域时,就会出现此错误 - 因为它会尝试添加大多数 DNS 提供商支持的两个 TXT 记录。
但是,google 要求您删除该记录,然后添加一个包含两个 rrdata 字段的新记录,而不是两个单独的记录。
:-/
这是一个错误。 Google DNS 不 易于编程。
记录为 traefik bug,修补并关闭。
我不确定这是特定于 traefik 和我的配置的问题还是错误,但是将我的提供商从 route53 移动到 gcloud 我的 acme 配置从 google.[=12 生成了 409 个重复资源错误=]
看来 acme 代码希望能够覆盖 TXT 记录,但在 gcloud 上不能。
错误看起来像:
time="2018-11-01T11:46:41Z" level=error msg="Error obtaining certificate: acme: Error -> One or more domains had a problem:\n[qa.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"VuOLZS3tfLfrOswFtV3mayqOYaz5PvQK16nJdgMdMez\"' already exists, alreadyExists\n"
time="2018-11-01T11:46:41Z" level=error msg="Unable to obtain ACME certificate for domains \"*.qa.mydomain.com,qa.mydomain.com\" : unable to generate a certificate for the domains [*.qa.mydomain.com qa.mydomain.com]: acme: Error -> One or more domains had a problem:\n[qa.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"VuOLZS3tfLfrOswFtV3mayqOYaz5PvQK16nJdgMdMez\"' already exists, alreadyExists\n"
time="2018-11-01T11:46:41Z" level=error msg="Error obtaining certificate: acme: Error -> One or more domains had a problem:\n[development.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"Jfv6orVfbwi0IdQbmpvG3qnIltMX5x56vGUpHjoBzOa\"' already exists, alreadyExists\n"
time="2018-11-01T11:46:41Z" level=error msg="Unable to obtain ACME certificate for domains \"*.development.mydomain.com,development.mydomain.com\" : unable to generate a certificate for the domains [*.development.mydomain.com development.mydomain.com]: acme: Error -> One or more domains had a problem:\n[development.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"Jfv6orVfbwi0IdQbmpvG3qnIltMX5x56vGUpHjoBzOa\"' already exists, alreadyExists\n"
极致配置:
[acme]
email = "email@mydomain.com"
storage = "/acme-certificates/acme.json"
acmeLogging = true
entryPoint = "https"
[acme.dnsChallenge]
provider = "gcloud"
[[acme.domains]]
main = "*.development.mydomain.com"
sans = ["development.mydomain.com"]
[[acme.domains]]
main = "*.qa.mydomain.com"
sans = ["qa.mydomain.com"]
当您在同一条记录上有一个裸域和一个通配符域时,就会出现此错误 - 因为它会尝试添加大多数 DNS 提供商支持的两个 TXT 记录。
但是,google 要求您删除该记录,然后添加一个包含两个 rrdata 字段的新记录,而不是两个单独的记录。
:-/
这是一个错误。 Google DNS 不 易于编程。
记录为 traefik bug,修补并关闭。