zoraxy icon indicating copy to clipboard operation
zoraxy copied to clipboard
verified publisher icon tobychui

[BUG] DNS Challange fails with own domain with the DNS provider IPv64

Open steve2142 opened this issue 1 year ago • 3 comments

Describe the bug Hi, When I try to create a certificate for my own domain under the DNS provider IPv64, i get the following error. It works with a domain from IPv64, but not with my own. Dennis, the owner of IPv64 finds no error in the API, he says Zoraxy creates the TXT record but it is immediately deleted, other users with their own domain under IPv64 have the same problem. The challange works fine with proxmox or my synology.

2024/10/24 11:08:09 [INFO] [*.xxxxx.xx] acme: Cleaning DNS-01 challenge 2024/10/24 11:08:09 [WARN] [*.xxxxx.xx] acme: cleaning up failed: ipv64: error (403 Forbidden): del_record 2024/10/24 11:08:09 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxxxxxxxxx [2024-10-24 11:08:09.756247] [ACME] [system:error] Obtain certificate failed: error: one or more domains had a problem: [*.xxxxx.xx] [*.xxxxx.xx] acme: error presenting token: ipv64: error (400 Bad Request): invalid record informations

To Reproduce Steps to reproduce the behavior:

  1. Go to ACME Tool
  2. Enable DNS-Challenge
  3. Select "IPv64"
  4. See error

Expected behavior Generate a new certificate for the selected domain

Host Environment (please complete the following information):

  • Arch: x86_64
  • Device: Intel NUC10
  • OS: Debian 12 (bookworm)
  • Version: zoraxy:latest
  • Docker Version: 27.2.0

steve2142 avatar Oct 25 '24 06:10 steve2142

Same here with IPv64 and Cloudflare.

pascalprey avatar Oct 25 '24 09:10 pascalprey

Hey, I had a workaround in that I created a txt record with the _acme-challage subdomain and "never delete" as the text and it worked sometimes.

Build from source or wait for 3.1.5 where it will be fixed. You can then enter the Ipv64 name servers there.

I use Ipv64 myself, if you need help im here :D

Sickjuicy avatar Dec 27 '24 19:12 Sickjuicy

Hello, The problem still exists—I have already installed 3.2.6 on a trial basis because, according to the changelog, there is an update from LE:GO that should now be implemented.

When I request the certificate for “*.sub.domain.tld” via DNS Challenge to IPv64, it fails. I see the following TXT entry in the IPv64 dashboard: “domain.tld” with the correct content. But it should actually be: “_acme-challenge.sub,” right? Even for Wildcards?

AprovelPD avatar Sep 19 '25 12:09 AprovelPD

@AprovelPD Hey, I'll take a closer look at that, either in December or starting in January.

Sickjuicy avatar Nov 23 '25 19:11 Sickjuicy