Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

google domains Error 400: Precondition check failed., failedPrecondition #2202

Open
3 tasks done
xianfeiqiang opened this issue Jun 8, 2024 · 3 comments
Open
3 tasks done

google domains Error 400: Precondition check failed., failedPrecondition #2202

xianfeiqiang opened this issue Jun 8, 2024 · 3 comments
Labels
area/dnsprovider bug

Comments

@xianfeiqiang
Copy link

Welcome

  • Yes, I'm using a binary release within 2 latest releases.
  • Yes, I've searched similar issues on GitHub and didn't find any.
  • Yes, I've included all information below (version, config, etc).

What did you expect to see?

Actually I have been using it for more than a year, and it was working fine before. But now I find it has some problems. I am not sure if there are some changes in the google api?

What did you see instead?

Unable to complete certificate request

How do you use lego?

Docker image

Reproduction steps

docker run -t --name run_certs -e GOOGLE_DOMAINS_ACCESS_TOKEN="xxxxxxx" goacme/lego:latest --dns.disable-cp --email "xxxxx" --accept-tos --dns googledomains --domains ".xxxxx" --domains "xxxxx" --domains ".xxxxx" run

Version of lego

goacme/lego:latest

Logs

2024/06/08 08:38:57 No key found for account xxxxx.com. Generating a P256 key.
2024/06/08 08:38:57 Saved key to /.lego/accounts/acme-v02.api.letsencrypt.org/xxxxx/keys/xxxxxx.key
2024/06/08 08:38:58 [INFO] acme: Registering account for xxxxxxx
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/06/08 08:38:58 [INFO] [*.xxxx, xxxx, *.xxxxx] acme: Obtaining bundled SAN certificate
2024/06/08 08:38:59 [INFO] [*.xxxxx] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/361200360847
2024/06/08 08:38:59 [INFO] [*.xxxx] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/361200360857
2024/06/08 08:38:59 [INFO] [xxxxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/361200360867
2024/06/08 08:38:59 [INFO] [*.xxxx] acme: use dns-01 solver
2024/06/08 08:38:59 [INFO] [*.xxx] acme: use dns-01 solver
2024/06/08 08:38:59 [INFO] [xxxxxxx] acme: Could not find solver for: tls-alpn-01
2024/06/08 08:38:59 [INFO] [xxxxxxx] acme: Could not find solver for: http-01
2024/06/08 08:38:59 [INFO] [xxxxxxx] acme: use dns-01 solver
2024/06/08 08:38:59 [INFO] [*.xxxxxxx.xxxxxxx] acme: Preparing to solve DNS-01
2024/06/08 08:39:05 [INFO] [*.xxxxxxx] acme: Preparing to solve DNS-01
2024/06/08 08:39:05 [INFO] [xxxxxxx] acme: Preparing to solve DNS-01
2024/06/08 08:39:06 [INFO] [*.xxxxxxx.xxxxxxx] acme: Cleaning DNS-01 challenge
2024/06/08 08:39:06 [WARN] [*.xxxxxxx.xxxxxxx] acme: cleaning up failed: googledomains: error cleaning up challenge for domain xxxxxxx.xxxxxxx: googleapi: Error 400: Precondition check failed., failedPrecondition 
2024/06/08 08:39:06 [INFO] [*.xxxxxxx] acme: Cleaning DNS-01 challenge
2024/06/08 08:39:07 [WARN] [*.xxxxxxx] acme: cleaning up failed: googledomains: error cleaning up challenge for domain xxxxxxx: googleapi: Error 400: Precondition check failed., failedPrecondition 
2024/06/08 08:39:07 [INFO] [xxxxxxx] acme: Cleaning DNS-01 challenge
2024/06/08 08:39:07 [WARN] [xxxxxxx] acme: cleaning up failed: googledomains: error cleaning up challenge for domain xxxxxxx: googleapi: Error 400: Precondition check failed., failedPrecondition 
2024/06/08 08:39:07 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/361200360847
2024/06/08 08:39:08 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/361200360857
2024/06/08 08:39:09 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/361200360867
2024/06/08 08:39:09 Could not obtain certificates:
	error: one or more domains had a problem:
[*.xxxxxxx.xxxxxxx] [*.xxxxxxx.xxxxxxx] acme: error presenting token: googledomains: error adding challenge for domain xxxxxxx.xxxxxxx: googleapi: Error 400: Precondition check failed., failedPrecondition
[*.xxxxxxx] [*.xxxxxxx] acme: error presenting token: googledomains: error adding challenge for domain xxxxxxx: googleapi: Error 400: Precondition check failed., failedPrecondition
[xxxxxxx] [xxxxxxx] acme: error presenting token: googledomains: error adding challenge for domain xxxxxxx: googleapi: Error 400: Precondition check failed., failedPrecondition

Go environment (if applicable)

$ go version && go env
# paste output here
@ldez
Copy link
Member

ldez commented Jun 8, 2024
edited
Loading

Hello,

maybe it's related to a change to token scope inside Google Domains.
Can you check that?

Or maybe it's related to the fact Google Domains has been replaced: https://domains.google/

@xianfeiqiang
Copy link
Author

@ldez Thanks for your reply, since our domain has been migrated to SquareSpace I guess this is because they don't provide the acme api
https://www.reddit.com/r/homelab/comments/19cvviq/acme_certificate_dns_mode_squarespace/

@ldez
Copy link
Member

ldez commented Jun 8, 2024
edited
Loading

"ACME API" is not a real API: the ACME DNS challenge uses API related to adding and removing DNS records.
"ACME API" was a weird concept of the Google domains to add/remove records.

Squarespace may have a "classic" DNS API.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/dnsprovider bug
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ldez @xianfeiqiang