diff --git a/pkg/issuer/acme/dns/akamai/akamai.go b/pkg/issuer/acme/dns/akamai/akamai.go index 52a37c71b..31d7967b4 100644 --- a/pkg/issuer/acme/dns/akamai/akamai.go +++ b/pkg/issuer/acme/dns/akamai/akamai.go @@ -58,13 +58,21 @@ func (a *DNSProvider) Timeout() (timeout, interval time.Duration) { // Present creates a TXT record to fulfil the dns-01 challenge func (a *DNSProvider) Present(domain, token, keyAuth string) error { - fqdn, value, ttl := util.DNS01Record(domain, keyAuth) + fqdn, value, ttl, err := util.DNS01Record(domain, keyAuth) + if err != nil { + return err + } + return a.setTxtRecord(fqdn, &dns01Record{value, ttl}) } // CleanUp removes the TXT record matching the specified parameters func (a *DNSProvider) CleanUp(domain, token, keyAuth string) error { - fqdn, _, _ := util.DNS01Record(domain, keyAuth) + fqdn, _, _, err := util.DNS01Record(domain, keyAuth) + if err != nil { + return err + } + return a.setTxtRecord(fqdn, nil) } diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index d2dd9bddd..5c23dd3a0 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -69,14 +69,20 @@ func NewDNSProviderCredentials(clientID, clientSecret, subscriptionID, tenantID, // Present creates a TXT record using the specified parameters func (c *DNSProvider) Present(domain, token, keyAuth string) error { - fqdn, value, ttl := util.DNS01Record(domain, keyAuth) + fqdn, value, ttl, err := util.DNS01Record(domain, keyAuth) + if err != nil { + return err + } return c.createRecord(fqdn, value, ttl) } // CleanUp removes the TXT record matching the specified parameters func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { - fqdn, _, _ := util.DNS01Record(domain, keyAuth) + fqdn, _, _, err := util.DNS01Record(domain, keyAuth) + if err != nil { + return err + } z, err := c.getHostedZoneName(fqdn) if err != nil { diff --git a/pkg/issuer/acme/dns/clouddns/clouddns.go b/pkg/issuer/acme/dns/clouddns/clouddns.go index 5cbb09331..4a9f2c23c 100644 --- a/pkg/issuer/acme/dns/clouddns/clouddns.go +++ b/pkg/issuer/acme/dns/clouddns/clouddns.go @@ -100,7 +100,10 @@ func NewDNSProviderServiceAccountBytes(project string, saBytes []byte) (*DNSProv // Present creates a TXT record to fulfil the dns-01 challenge. func (c *DNSProvider) Present(domain, token, key string) error { - fqdn, value, ttl := util.DNS01Record(domain, key) + fqdn, value, ttl, err := util.DNS01Record(domain, key) + if err != nil { + return err + } zone, err := c.getHostedZone(fqdn) if err != nil { @@ -147,7 +150,10 @@ func (c *DNSProvider) Present(domain, token, key string) error { // CleanUp removes the TXT record matching the specified parameters. func (c *DNSProvider) CleanUp(domain, token, key string) error { - fqdn, _, _ := util.DNS01Record(domain, key) + fqdn, _, _, err := util.DNS01Record(domain, key) + if err != nil { + return err + } zone, err := c.getHostedZone(fqdn) if err != nil { diff --git a/pkg/issuer/acme/dns/cloudflare/cloudflare.go b/pkg/issuer/acme/dns/cloudflare/cloudflare.go index 476b45bc5..ec79f0029 100644 --- a/pkg/issuer/acme/dns/cloudflare/cloudflare.go +++ b/pkg/issuer/acme/dns/cloudflare/cloudflare.go @@ -56,7 +56,10 @@ func (c *DNSProvider) Timeout() (timeout, interval time.Duration) { // Present creates a TXT record to fulfil the dns-01 challenge func (c *DNSProvider) Present(domain, token, keyAuth string) error { - fqdn, value, _ := util.DNS01Record(domain, keyAuth) + fqdn, value, _, err := util.DNS01Record(domain, keyAuth) + if err != nil { + return err + } zoneID, err := c.getHostedZoneID(fqdn) if err != nil { @@ -102,7 +105,10 @@ func (c *DNSProvider) Present(domain, token, keyAuth string) error { // CleanUp removes the TXT record matching the specified parameters func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error { - fqdn, _, _ := util.DNS01Record(domain, keyAuth) + fqdn, _, _, err := util.DNS01Record(domain, keyAuth) + if err != nil { + return err + } record, err := c.findTxtRecord(fqdn) if err != nil { diff --git a/pkg/issuer/acme/dns/dns.go b/pkg/issuer/acme/dns/dns.go index b00c1f883..a8eb42d8e 100644 --- a/pkg/issuer/acme/dns/dns.go +++ b/pkg/issuer/acme/dns/dns.go @@ -69,7 +69,11 @@ func (s *Solver) Present(ctx context.Context, issuer v1alpha1.GenericIssuer, _ * } func (s *Solver) Check(ch v1alpha1.ACMEOrderChallenge) (bool, error) { - fqdn, value, ttl := util.DNS01Record(ch.Domain, ch.Key) + fqdn, value, ttl, err := util.DNS01Record(ch.Domain, ch.Key) + if err != nil { + return false, err + } + glog.Infof("Checking DNS propagation for %q using name servers: %v", ch.Domain, s.DNS01Nameservers) ok, err := util.PreCheckDNS(fqdn, value, s.DNS01Nameservers) diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index 707ce82f1..5a29687b5 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -112,14 +112,22 @@ func (*DNSProvider) Timeout() (timeout, interval time.Duration) { // Present creates a TXT record using the specified parameters func (r *DNSProvider) Present(domain, token, keyAuth string) error { - fqdn, value, _ := util.DNS01Record(domain, keyAuth) + fqdn, value, _, err := util.DNS01Record(domain, keyAuth) + if err != nil { + return err + } + value = `"` + value + `"` return r.changeRecord(route53.ChangeActionUpsert, fqdn, value, route53TTL) } // CleanUp removes the TXT record matching the specified parameters func (r *DNSProvider) CleanUp(domain, token, keyAuth string) error { - fqdn, value, _ := util.DNS01Record(domain, keyAuth) + fqdn, value, _, err := util.DNS01Record(domain, keyAuth) + if err != nil { + return err + } + value = `"` + value + `"` return r.changeRecord(route53.ChangeActionDelete, fqdn, value, route53TTL) } diff --git a/pkg/issuer/acme/dns/util/dns.go b/pkg/issuer/acme/dns/util/dns.go index 4c8699f00..7fa730f7b 100644 --- a/pkg/issuer/acme/dns/util/dns.go +++ b/pkg/issuer/acme/dns/util/dns.go @@ -8,7 +8,7 @@ import ( // DNS01Record returns a DNS record which will fulfill the `dns-01` challenge // TODO: move this into a non-generic place by resolving import cycle in dns package -func DNS01Record(domain, value string) (string, string, int) { +func DNS01Record(domain, value string) (string, string, int, error) { fqdn := fmt.Sprintf("_acme-challenge.%s.", domain) // Check if the domain has CNAME then return that