Add DNS provider for RU Center

[AntonDzyk]

https://nic.ru/

[ldez]

Hello, in order for a PR adding a DNS provider to be accepted, you have to:

• add a description to your PR
• be able to maintain this provider
• have a homogeneous design with the other providers
• add tests (units)

make test

• add tests ("live")
  

  lego/providers/dns/cloudflare/cloudflare_test.go

  Lines 125 to 151 in c938de6

  	func TestLivePresent(t *testing.T) {
  	if !envTest.IsLiveTest() {
  	t.Skip("skipping live test")
  	}
  	envTest.RestoreEnv()
  	provider, err := NewDNSProvider()
  	require.NoError(t, err)
  	err = provider.Present(envTest.GetDomain(), "", "123d==")
  	require.NoError(t, err)
  	}
  	func TestLiveCleanUp(t *testing.T) {
  	if !envTest.IsLiveTest() {
  	t.Skip("skipping live test")
  	}
  	envTest.RestoreEnv()
  	provider, err := NewDNSProvider()
  	require.NoError(t, err)
  	time.Sleep(2 * time.Second)
  	err = provider.CleanUp(envTest.GetDomain(), "", "123d==")
  	require.NoError(t, err)
  	}

make test

• add a provider descriptor
• generate CLI help, documentation, and readme.

make generate-dns

• be able to do: (and put the output of this command to a comment in your PR)

rm -rf .lego

./lego -m [email protected] --dns YOUR_PROVIDER_NAME -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

Note the wildcard domain is important.

• pass the linter (golangci-lint must be installed):

make checks

• do go mod tidy

[ldez]

Your PR was far away from the design of the other implementations, so I rewrite it and add tests on the client.

You can check my previous comment to know what are the next requirements.

[ldez]

ping @AntonDzyk

[ldez]

@AntonDzyk can you provide the missing information?
#1892 (comment)

[ldez]

ping @AntonDzyk

[ldez]

I'm still waiting for feedback @AntonDzyk.

---

If a user wants to help this PR by testing it, you are welcome to do so.

How to test this PR?

1. You need Go
2. Checkout the PR:

   git clone https://github.com/AntonDzyk/lego.git
   cd lego
   git checkout master

3. Compile lego:
   • if you have make: make build
   • if you don't make make: go build -o dist/lego ./cmd/lego
4. Run the following command with your own information (email, domain, credentials):

   NICRU_USER="<your_user>" \
   NICRU_PASSWORD="<your_password>" \
   NICRU_SERVICE_ID="<service_id>" \
   NICRU_SECRET="<service_secret>" \
   NICRU_SERVICE_NAME="<service_name>" \
   ./dist/lego --dns nicru --domains "*.example.com" -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

   The wildcard domain is important
5. Before each run of the command, you should clean your local environment:

   rm -rf .lego

[livebreakz]

Please explain what are:

NICRU_SERVICE_ID="<service_id>" \
NICRU_SECRET="<service_secret>" \
NICRU_SERVICE_NAME="<service_name>" \

[ldez]

I don't know how to find the values to set because I'm not the author of this PR, but I think this is explained here: https://github.com/go-acme/lego/pull/1892/files#diff-033dbf5a6431a24266bee1b693b19c924755b239fe9109cc22a9e56732540874R17-R27

[livebreakz]

Should i edit nicru.toml to test?

[ldez]

no, this file is documentation, you should read it.

You can find information about service ID and secret https://www.nic.ru/manager/oauth.cgi?step=oauth.app_list

ENV Variable	Parameter from page	Example
NICRU_USER	Username (Number of agreement)	NNNNNNN/NIC-D
NICRU_PASSWORD	Password account
NICRU_SERVICE_ID	Application ID	hex-based, len 32
NICRU_SECRET	Identity endpoint	string len 91
NICRU_SERVICE_NAME	Service name in DNS-hosting	DPNNNNNNNNNN

NICRU_USER="NNNNNNN/NIC-D" \
NICRU_PASSWORD="xxx" \
NICRU_SERVICE_ID="yyy" \
NICRU_SECRET="zzz" \
NICRU_SERVICE_NAME="DPNNNNNNNNNN" \
./dist/lego --dns nicru --domains "*.example.com" -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

[livebreakz]

Error:

2024/11/21 16:37:04 [INFO] [gptev.ru] acme: Obtaining bundled SAN certificate
2024/11/21 16:37:05 [INFO] [gptev.ru] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172396693/15019640784
2024/11/21 16:37:05 [INFO] [gptev.ru] acme: Could not find solver for: tls-alpn-01
2024/11/21 16:37:05 [INFO] [gptev.ru] acme: Could not find solver for: http-01
2024/11/21 16:37:05 [INFO] [gptev.ru] acme: use dns-01 solver
2024/11/21 16:37:05 [INFO] [gptev.ru] acme: Preparing to solve DNS-01
2024/11/21 16:37:05 [INFO] [gptev.ru] acme: Cleaning DNS-01 challenge
2024/11/21 16:37:05 [WARN] [gptev.ru] acme: cleaning up failed: nicru: zone UUID not found for gptev.ru
2024/11/21 16:37:06 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172396693/15019640784
2024/11/21 16:37:06 Could not obtain certificates:
        error: one or more domains had a problem:
[gptev.ru] [gptev.ru] acme: error presenting token: nicru: zone UUID not found for gptev.ru

[ldez]

I added logs can you try again?

[livebreakz]

I think same result:

./dist/lego --email "[email protected]" --dns nicru --domains "gptev.ru" -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/11/21 16:49:09 No key found for account [email protected]. Generating a P256 key.
2024/11/21 16:49:09 Saved key to /mnt/c/Users/yashukovd/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2024/11/21 16:49:10 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
y
2024/11/21 16:49:13 [INFO] acme: Registering account for [email protected]
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/mnt/c/Users/yashukovd/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/11/21 16:49:14 [INFO] [gptev.ru] acme: Obtaining bundled SAN certificate
2024/11/21 16:49:14 [INFO] [gptev.ru] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172579884/15019776494
2024/11/21 16:49:14 [INFO] [gptev.ru] acme: Could not find solver for: tls-alpn-01
2024/11/21 16:49:14 [INFO] [gptev.ru] acme: Could not find solver for: http-01
2024/11/21 16:49:14 [INFO] [gptev.ru] acme: use dns-01 solver
2024/11/21 16:49:14 [INFO] [gptev.ru] acme: Preparing to solve DNS-01
2024/11/21 16:49:14 [INFO] [gptev.ru] acme: Cleaning DNS-01 challenge
2024/11/21 16:49:15 [WARN] [gptev.ru] acme: cleaning up failed: nicru: zone UUID not found for gptev.ru
2024/11/21 16:49:15 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172579884/15019776494
2024/11/21 16:49:15 Could not obtain certificates:
        error: one or more domains had a problem:
[gptev.ru] [gptev.ru] acme: error presenting token: nicru: zone UUID not found for gptev.ru

[livebreakz]

By the way i think "NICRU_SERVICE_NAME" is deprecated or something, cannot find it anywhere

[ldez]

have you pulled the branch before trying?
Because at least one new log should always appear.

[ldez]

By the way i think "NICRU_SERVICE_NAME" is deprecated or something, cannot find it anywhere

I don't think so, because it's inside the API doc: https://www.nic.ru/help/upload/file/API_DNS-hosting.pdf

[livebreakz]

Did reset and pull and repeated command

[ldez]

I added another log, this log will always be displayed.

[livebreakz]

repeated procedure
see no changes )

[ldez]

do you have a new log: checkZoneUUID: xxx?

[ldez]

Have you re-compiled lego?

[livebreakz]

2024/11/21 17:11:15 No key found for account [email protected]. Generating a P256 key.
2024/11/21 17:11:15 Saved key to /mnt/c/Users/yashukovd/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2024/11/21 17:11:16 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
y
2024/11/21 17:11:18 [INFO] acme: Registering account for [email protected]
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/mnt/c/Users/yashukovd/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/11/21 17:11:18 [INFO] [gptev.ru] acme: Obtaining bundled SAN certificate
2024/11/21 17:11:19 [INFO] [gptev.ru] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172583014/15020050544
2024/11/21 17:11:19 [INFO] [gptev.ru] acme: Could not find solver for: tls-alpn-01
2024/11/21 17:11:19 [INFO] [gptev.ru] acme: Could not find solver for: http-01
2024/11/21 17:11:19 [INFO] [gptev.ru] acme: use dns-01 solver
2024/11/21 17:11:19 [INFO] [gptev.ru] acme: Preparing to solve DNS-01
2024/11/21 17:11:19 [INFO] checkZoneUUID: gptev.ru
2024/11/21 17:11:19 [INFO] zones count: 0
2024/11/21 17:11:19 [INFO] [gptev.ru] acme: Cleaning DNS-01 challenge
2024/11/21 17:11:19 [INFO] checkZoneUUID: gptev.ru
2024/11/21 17:11:19 [INFO] zones count: 0
2024/11/21 17:11:19 [WARN] [gptev.ru] acme: cleaning up failed: nicru: zone UUID not found for gptev.ru
2024/11/21 17:11:19 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172583014/15020050544
2024/11/21 17:11:20 Could not obtain certificates:
        error: one or more domains had a problem:
[gptev.ru] [gptev.ru] acme: error presenting token: nicru: zone UUID not found for gptev.ru

[ldez]

2024/11/21 17:11:19 [INFO] checkZoneUUID: gptev.ru
2024/11/21 17:11:19 [INFO] zones count: 0

So I think your service name (NICRU_SERVICE_NAME) is not right.

[ldez]

I added an extra call, only for debugging purposes, to display all your services.

[livebreakz]

Set NICRU_SERVICE_NAME value the same as NICRU_USER value

./dist/lego --email "[email protected]" --dns nicru --domains "gptev.ru" -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/11/25 09:04:24 [INFO] [gptev.ru] acme: Obtaining bundled SAN certificate
2024/11/25 09:04:24 [INFO] [gptev.ru] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172583014/15074184644
2024/11/25 09:04:24 [INFO] [gptev.ru] acme: Could not find solver for: tls-alpn-01
2024/11/25 09:04:24 [INFO] [gptev.ru] acme: Could not find solver for: http-01
2024/11/25 09:04:24 [INFO] [gptev.ru] acme: use dns-01 solver
2024/11/25 09:04:24 [INFO] [gptev.ru] acme: Preparing to solve DNS-01
2024/11/25 09:04:24 [INFO] checkZoneUUID: gptev.ru
2024/11/25 09:04:25 [INFO] [gptev.ru] acme: Cleaning DNS-01 challenge
2024/11/25 09:04:25 [INFO] checkZoneUUID: gptev.ru
2024/11/25 09:04:25 [WARN] [gptev.ru] acme: cleaning up failed: nicru: unable to fetch dns zones: [status code=404] decode XML response:
2024/11/25 09:04:25 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172583014/15074184644
2024/11/25 09:04:25 Could not obtain certificates:
error: one or more domains had a problem:
[gptev.ru] [gptev.ru] acme: error presenting token: nicru: unable to fetch dns zones: [status code=404] decode XML response: