regru: update authentication method #2325

tcaty · 2024-11-07T15:45:37Z

Hi! Recently I've faced an issue with obtaining certificate via dns challenge for domain hosted by provider regru. This provider has updated API, so now authentication via query params is not allowed.
You can check it with simple request from API docs:

curl -X POST "https://api.reg.ru/api/regru2/nop?password=test&username=test"

API will respod with

{
   "charset" : "utf-8",
   "error_code" : "QUERY_PARAMS_DISALLOWED",
   "error_params" : {
      "command_name" : "nop"
   },
   "error_text" : "Query string parameters are disallowed. Pass parameters in form data.",
   "messagestore" : null,
   "result" : "error"
}

But if we send creds in form data like this:

curl -X POST -F "username=test" -F "password=test" "https://api.reg.ru/api/regru2/nop"

API will respond correctly

{
   "answer" : {
      "login" : "test",
      "user_id" : 0
   },
   "charset" : "utf-8",
   "messagestore" : null,
   "result" : "success"
}

So this PR is about changing authentication method from query params to form data.

ldez · 2024-11-07T15:56:35Z

Can you run the following command and put the output of this command to a comment?

rm -rf .lego

REGRU_USERNAME=xxxxxx \
REGRU_PASSWORD=yyyyyy \
./lego -m your@email.com --dns regru -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

Note the wildcard domain is important.

tcaty · 2024-11-07T16:10:51Z

Sure, I'll provide the result after some hours

tcaty · 2024-11-08T09:36:43Z

It works, I've got certificates

REGRU_USERNAME=xxx \
REGRU_PASSWORD=yyy \
REGRU_PROPAGATION_TIMEOUT=300 \
lego -m my@email.com --dns regru --dns.resolvers ns1.reg.ru -d *.example.com -d example.com run

2024/11/08 09:29:34 No key found for account my@email.com. Generating a P256 key.
2024/11/08 09:29:34 Saved key to /.lego/accounts/acme-v02.api.letsencrypt.org/my@email.com/keys/my@email.com.key
2024/11/08 09:29:34 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
Y
2024/11/08 09:29:36 [INFO] acme: Registering account for my@email.com
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/11/08 09:29:36 [INFO] [*.example.com, example.com] acme: Obtaining bundled SAN certificate
2024/11/08 09:29:37 [INFO] [*.example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/427223100027
2024/11/08 09:29:37 [INFO] [example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/427223100037
2024/11/08 09:29:37 [INFO] [*.example.com] acme: use dns-01 solver
2024/11/08 09:29:37 [INFO] [example.com] acme: Could not find solver for: tls-alpn-01
2024/11/08 09:29:37 [INFO] [example.com] acme: Could not find solver for: http-01
2024/11/08 09:29:37 [INFO] [example.com] acme: use dns-01 solver
2024/11/08 09:29:37 [INFO] [*.example.com] acme: Preparing to solve DNS-01
2024/11/08 09:29:37 [INFO] [example.com] acme: Preparing to solve DNS-01
2024/11/08 09:29:37 [INFO] [*.example.com] acme: Trying to solve DNS-01
2024/11/08 09:29:37 [INFO] [*.example.com] acme: Checking DNS record propagation. [nameservers=ns1.reg.ru:53]
2024/11/08 09:29:39 [INFO] Wait for propagation [timeout: 5m0s, interval: 2s]
2024/11/08 09:29:40 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:29:42 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:29:44 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:29:46 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:29:58 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:00 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:12 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:14 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:16 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:18 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:20 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:22 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:24 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:26 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:28 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:31 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:33 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:35 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:37 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:39 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:41 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:43 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:55 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:57 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:30:59 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:31:01 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:31:03 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:31:15 [INFO] [*.example.com] acme: Waiting for DNS record propagation.
2024/11/08 09:31:32 [INFO] [*.example.com] The server validated our request
2024/11/08 09:31:32 [INFO] [example.com] acme: Trying to solve DNS-01
2024/11/08 09:31:32 [INFO] [example.com] acme: Checking DNS record propagation. [nameservers=ns1.reg.ru:53]
2024/11/08 09:31:34 [INFO] Wait for propagation [timeout: 5m0s, interval: 2s]
2024/11/08 09:31:40 [INFO] [example.com] The server validated our request
2024/11/08 09:31:40 [INFO] [*.example.com] acme: Cleaning DNS-01 challenge
2024/11/08 09:31:40 [INFO] [example.com] acme: Cleaning DNS-01 challenge
2024/11/08 09:31:40 [INFO] [*.example.com, example.com] acme: Validations succeeded; requesting certificates
2024/11/08 09:31:41 [INFO] [*.example.com] Server responded with a certificate.

ldez

LGTM

* volcengine: set API information within the default configuration (go-acme#2308) Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com> * limacity: fix error message (go-acme#2310) * Add DNS provider for Core-Networks (go-acme#2101) * chore: update readme generator (go-acme#2311) * chore: fix readme generator (go-acme#2312) * chore: embed templates for internal commands (go-acme#2314) * chore: improve internal release command (go-acme#2315) * fix: parse printf verbs in log line output (go-acme#2317) * Add DNS provider for Regfish (go-acme#2320) * chore: update dependencies (go-acme#2321) * selectelv2: fix non-ASCII domain (go-acme#2322) Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com> * brandit: provider deprecation (go-acme#2116) * cloudxns: provider deprecation (go-acme#2324) * chore: update issue templates * docs: use homogenous examples (go-acme#2328) * regru: update authentication method (go-acme#2325) * rfc2136: add support for tsig-keygen generated file (go-acme#2330) Co-authored-by: Dominik Menke <git@dmke.org> * Add DNS provider for Technitium (go-acme#2332) * feat: skip the TLS verification of the ACME server (go-acme#2335) * docs: add documentation for env var only options (go-acme#2337) * docs: update least privilege instructions for Cloudflare (go-acme#2339) * feat: attempt to check ARI unless explicitly disabled (go-acme#2298) Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com> * chore: domain merge simplification (go-acme#2340) * chore: update linter (go-acme#2341) * Prepare release v4.20.0 * Detach v4.20.0 * Prepare release v4.20.1 * Detach v4.20.1 * Prepare release v4.20.2 * Detach v4.20.2 * fix: HTTP server IPv6 matching (go-acme#2345) * docs: improve changelog style (go-acme#2346) * docs: fix typos --------- Co-authored-by: 刘瑞斌 <bin@fit2cloud.com> Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com> Co-authored-by: Dominik Menke <dom@digineo.de> Co-authored-by: Frederic Hemberger <fhemberger@users.noreply.github.com> Co-authored-by: Artem Chirkov <45077592+Archirk@users.noreply.github.com> Co-authored-by: Maksim Kamanin <79706809+tcaty@users.noreply.github.com> Co-authored-by: Dominik Menke <git@dmke.org> Co-authored-by: Josh McKinney <joshka@users.noreply.github.com> Co-authored-by: Samantha Frank <hello@entropy.cat>

send regru api creds in form data

52f8003

ldez added the area/dnsprovider label Nov 7, 2024

ldez changed the title ~~Change regru authentication method~~ regru: update authentication method Nov 7, 2024

ldez added the bug label Nov 7, 2024

ldez added this to the v4.20 milestone Nov 7, 2024

ldez self-requested a review November 7, 2024 15:54

ldez approved these changes Nov 8, 2024

View reviewed changes

ldez merged commit f8db554 into go-acme:master Nov 8, 2024
7 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

regru: update authentication method #2325

regru: update authentication method #2325

tcaty commented Nov 7, 2024

ldez commented Nov 7, 2024 •

edited

Loading

tcaty commented Nov 7, 2024

tcaty commented Nov 8, 2024

ldez left a comment

regru: update authentication method #2325

regru: update authentication method #2325

Conversation

tcaty commented Nov 7, 2024

ldez commented Nov 7, 2024 • edited Loading

tcaty commented Nov 7, 2024

tcaty commented Nov 8, 2024

ldez left a comment

Choose a reason for hiding this comment

ldez commented Nov 7, 2024 •

edited

Loading