Debian
golang-github-xenolf-lego package

Multiple DNS validation providers disabled without explanation

Bug #1971029 reported by Gellis12
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
golang-github-xenolf-lego (Debian)
New
Unknown
golang-github-xenolf-lego (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

1. Ubuntu version: 22.04 LTS

2. Package version: 4.1.3-3ubuntu1

3. What I expected to happen: running lego with the `--dns cloudflare` option should request a certificate from LetsEncrypt with the Cloudflare DNS validation mode.

4. What happened: Lego failed to request a certificate, and gave the following error message: `unrecognized DNS provider: Cloudflare`

Further details:
I confirmed that the cloudflare provider is listed in the output of `lego dnshelp`

My usage scenario involved setting the `CF_DNS_API_TOKEN_FILE` and `LEGO_PATH` envvars, and the `--key-type ec384`, `--pem`, and `--dns cloudflare` flags for lego (in addition to the relevant flags for domain name and email address).

I confirmed that the issue did not persist when I cloned the upstream git repo and compiled the tool myself, which suggests that pulling in a newer upstream release is all that's required to resolve the issue. (The output of `lego -v` from my build is `lego version 5228f6dbcfa6b78bd5763f1e27e9ba9914eb98fb linux/amd64`)

Unfortunately I am not able to test whether other DNS providers supported by lego are also affected, as I only own domains through Cloudflare.

See original description
Gellis12 (gellis12)
description: updated
Revision history for this message
Gellis12 (gellis12) wrote :

Update: I tried the 4.1.3 release from the upstream GitHub page, and that version worked fine as well. So unfortunately, it must be something to do with one of the Ubuntu or Debian patches.

Revision history for this message
Gellis12 (gellis12) wrote :

Upon further review, I've found a bug report for this same issue on Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968964

The issue stems from this commit: https://salsa.debian.org/go-team/packages/golang-github-xenolf-lego/-/commit/f2a108f0528a5e0ec5038d43d7a85ec301cb1f96#8756c63497c8dc39f7773438edf53b220c773f67_3_12

The change uses the Debian rules file to selectively remove support for a significant number of DNS providers at compile time, while leaving the `lego dnshelp` output untouched, and telling users that the providers are still supported. This change was also not noted in the commit message.
The fact that this change does not seem to fix any other issues, does not add any features, removes documented features, and was not noted in the commit messages, seems to suggest that it might not have been intentionally committed. With this in mind, would it be acceptable for us to remove these changes from the Ubuntu package and add back the documented functionality from the upstream project?

Gellis12 (gellis12)
summary: - Cloudflare not recognized for DNS validation
+ Multiple DNS validation providers disabled without explanation
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in golang-github-xenolf-lego (Ubuntu):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in golang-github-xenolf-lego (Debian):
status: Unknown → New
Anthony Fok (foka)
Changed in golang-github-xenolf-lego (Debian):
importance: Unknown → Medium
Bug Watch Updater (bug-watch-updater)
Changed in golang-github-xenolf-lego (Debian):
importance: Medium → Unknown
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.