Let's Encrypt DNS validation fails because it doesn't wait for zone transfers

My LetsEncrypt certs fail to renew because the script sets the DNS txt, but doesn't wait long enough for the zone to propagate through my slave servers. It would be nice if there was a configurable amount of time between when it updates the zone and when it requests the cert renewal.

Alternately, if the cert renewal fails, if it could just try again after some amount of time.

Thanks

Status: 
Fixed (pending)

Comments

That's odd, as currently Virtualmin waits for 10 seconds after applying the DNS changes to allow for propagation.

Does it take longer than this on your system?

Yeah, I'm using BuddyDNS for secondary servers and it can take a couple of minutes for all of their zones to update.

Hmm ... I'm not sure what we could do then that wouldn't make all DNS let's encrypt validation take a long time.

Well, the easiest solution would be to make the number of seconds configurable.

Good idea, we'll do that in the next Webmin release.

Thanks!

Hey there, is this going out soon? I just had my renewal fail again. This time thought, there is an error involved:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for <domain>.com
dns-01 challenge for <domain>.com
Hook command "/etc/webmin/webmin/letsencrypt-dns.pl" returned error code 1
Error output from letsencrypt-dns.pl:
Undefined subroutine &main::restart_zone called at /usr/share/webmin/webmin/letsencrypt-dns.pl line 47.

Hook command "/etc/webmin/webmin/letsencrypt-dns.pl" returned error code 1
Error output from letsencrypt-dns.pl:
Undefined subroutine &main::restart_zone called at /usr/share/webmin/webmin/letsencrypt-dns.pl line 47.

Waiting for verification...
Cleaning up challenges
Hook command "/etc/webmin/webmin/letsencrypt-cleanup.pl" returned error code 1
Error output from letsencrypt-cleanup.pl:
Undefined subroutine &main::restart_zone called at /usr/share/webmin/webmin/letsencrypt-cleanup.pl line 38.

Hook command "/etc/webmin/webmin/letsencrypt-cleanup.pl" returned error code 255
Error output from letsencrypt-cleanup.pl:
Undefined subroutine &main::restart_zone called at /usr/share/webmin/webmin/letsencrypt-cleanup.pl line 38.

Failed authorization procedure. <domain>.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.<domain>.com, <domain>.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.<domain>.com
IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: <domain>.com
   Type:   None
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.<domain>.com

   Domain: <domain>.com
   Type:   None
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.<domain>.com

OK, thanks. Do you have an estimate of when that fix and the one for my issue will be released?

Hmm... Are you sure that the new restart zone command works? It doesn't error out like the old one, but it doesn't appear to be restarting the zone.