Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BlueCat cleanup fails so no cert created #2229

Closed
3 tasks done
dittman1 opened this issue Jul 19, 2024 · 11 comments · Fixed by #2230
Closed
3 tasks done

BlueCat cleanup fails so no cert created #2229

dittman1 opened this issue Jul 19, 2024 · 11 comments · Fixed by #2230
Labels
area/dnsprovider enhancement

Comments

@dittman1
Copy link

dittman1 commented Jul 19, 2024
edited by ldez
Loading

Welcome

  • Yes, I'm using a binary release within 2 latest releases.
  • Yes, I've searched similar issues on GitHub and didn't find any.
  • Yes, I've included all information below (version, config, etc).

What did you expect to see?

Certificates created

What did you see instead?

2024/07/19 10:09:30 [INFO] [bam.abc.domain.net] acme: Cleaning DNS-01 challenge
2024/07/19 10:09:30 [WARN] [bam.abc.domain.net] acme: cleaning up failed: bluecat: deploy: unexpected status code: [status code: 500] body: "bdds1.abc.domain.net: A deployment is possibly currently being processed. Please wait until the deployment is completed, and try again.; nested exception is: \n\tjava.lang.RuntimeException: A deployment is possibly currently being processed. Please wait until the deployment is completed, and try again." 
2024/07/19 10:09:30 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/379109383177
2024/07/19 10:09:31 error: one or more domains had a problem:
[bam.abc.domain.net] [bam.abc.domain.net] acme: error presenting token: bluecat: deploy: unexpected status code: [status code: 500] body: "bdds1.abc.domain.net: A deployment is possibly currently being processed. Please wait until the deployment is completed, and try again.; nested exception is: \n\tjava.lang.RuntimeException: A deployment is possibly currently being processed. Please wait until the deployment is completed, and try again."

How do you use lego?

Binary

Reproduction steps

I run the following command:

./lego --dns="bluecat" --email="me@domain.net" --csr="bam.abc.domain.net.csr" rene

Version of lego

# ./lego --version
lego version 4.14.2 linux/amd64

Logs

# paste output here

Go environment (if applicable)

$ go version && go env
# paste output here
@dittman1 dittman1 added the bug label Jul 19, 2024
@dittman1
Copy link
Author

BlueCat Address Manager is version 9.6.0.

@ldez
Copy link
Member

ldez commented Jul 19, 2024

Hello,

java.lang.RuntimeException: A deployment is possibly currently being processed.

This error is from Bluecat: lego is written in Go, so there is no Java runtime error inside lego.

The problem seems to be in your Bluecat instance.

@dittman1
Copy link
Author

The error is saying lego is trying to do the deployment while the other deployment is still in process, is there any way to put a wait in before the deployment is attempted to test whether this is what is happening? I have the zone set to automatic deployment and it was working in May and I haven't done any updates to the BAM since. I did set the zone to not automatically deploy and it didn't make a difference.

It would be nice to have a flag to tell lego to not try to deploy for zones that are set to automatic deployment.

@dittman1
Copy link
Author

Checking the transaction history in the BAM the records are getting added and removed.

@dittman1
Copy link
Author

Sorry, I read my notes wrong, I upgraded the BAM from 9.5.1 to 9.6.0 in June, so this appears to be change in BlueCat that's causing the issue.

@ldez ldez mentioned this issue Jul 19, 2024
Merged
@ldez
Copy link
Member

ldez commented Jul 19, 2024

is there any way to put a wait in before the deployment is attempted to test whether this is what is happening?

No

It would be nice to have a flag to tell lego to not try to deploy for zones that are set to automatic deployment.

The BlueCat API is "unfriendly", so it seems complex to automate that but we can try to add an env var.
We don't have a BlueCat account, so we will need you to test it.
Can you try the PR #2230?

@ldez ldez removed the bug label Jul 19, 2024
@ldez
Copy link
Member

ldez commented Jul 19, 2024

Sorry, I read my notes wrong, I upgraded the BAM from 9.5.1 to 9.6.0 in June, so this appears to be change in BlueCat that's causing the issue.

I read this message after posting my previous message.
So it seems to be a bug of Bluecat.

@dittman1
Copy link
Author

Yes. Still would be nice to skip deployment if not necessary.

I need to learn enough Go to see what the lego code is doing, my BlueCat API work has all been in Python.

@ldez
Copy link
Member

ldez commented Jul 19, 2024
edited
Loading

I need to learn enough Go to see what the lego code is doing, my BlueCat API work has all been in Python.

I already open a PR, you just need to test it.

#2229 (comment)

@ldez
Copy link
Member

ldez commented Jul 19, 2024
edited
Loading

To test the PR:

@dittman1
Copy link
Author

That worked. Thank you.

I'm going to see if I can find out if there's a known issue with any of the APIs that are used in 9.6.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/dnsprovider enhancement
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

bluecat: skip deploy ldez/lego
2 participants
@ldez @dittman1