Add DNS provider for Mittwald

[ldez]

• adds a description to your PR
• have a homogeneous design with the other providers
• add tests (units)
• add tests ("live")
• add a provider descriptor
• generate CLI help, documentation, and readme.
• be able to do: (and put the output of this command to a comment)

  make build
  rm -rf .lego
  
  MITTWALD_TOKEN=yyyy \
  ./dist/lego -m your@email.com --dns mittwald -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

  Note the wildcard domain is important.
• pass the linter
• do go mod tidy

Ping @jotimann, can you run the command (with your domain, email, and credentials)?

-> #2200 (comment)

Closes #2177

[ldez]

@jotimann do you need help to build or test the PR?

[jotimann]

@jotimann do you need help to build or test the PR?

Hey @ldez a colleague of mine used lego and requested to add mittwald as a provider. He is currently on vacation and will be back at 08.07. and will test the integration. Hopefully thats okay

[Administratoor]

Hi @ldez,
i am going to catch up here for @jotimann.
First thanks for your contribution!

After checkout and build i run the lego command. But i got an exception about a nil value on this:

line 168: d.zoneIDs[token] = zoneNew.ID

This is the full output:

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/20 09:53:54 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
Y
2024/08/20 09:54:00 [INFO] acme: Registering account for XXXXX@mittwald.de
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/root/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/08/20 09:54:00 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/20 09:54:01 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13660363233
2024/08/20 09:54:01 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13660363243
2024/08/20 09:54:01 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/20 09:54:01 [INFO] [lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/20 09:54:01 [INFO] [lego-test.de] acme: Could not find solver for: http-01
2024/08/20 09:54:01 [INFO] [lego-test.de] acme: use dns-01 solver
2024/08/20 09:54:01 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
panic: assignment to entry in nil map

goroutine 1 [running]:
github.com/go-acme/lego/v4/providers/dns/mittwald.(*DNSProvider).Present(0xc000145000, {0xc0014aaf40, 0xc}, {0xc001479c80, 0x2b}, {0xc000b98180?, 0x3?})
	github.com/go-acme/lego/v4/providers/dns/mittwald/mittwald.go:168 +0x7e5
github.com/go-acme/lego/v4/challenge/dns01.(*Challenge).PreSolve(0xc0010f8680, {{0xc0014aaf50, 0x7}, {0x0, 0xede5f7d18, 0x0}, {{0xc0014aaf38, 0x3}, {0xc0014aaf40, 0xc}}, ...})
	github.com/go-acme/lego/v4/challenge/dns01/dns_challenge.go:95 +0x27a
github.com/go-acme/lego/v4/challenge/resolver.parallelSolve({0xc0010fad50, 0x2, 0x2}, 0xc00150a5a0)
	github.com/go-acme/lego/v4/challenge/resolver/prober.go:135 +0x11e
github.com/go-acme/lego/v4/challenge/resolver.(*Prober).Solve(0xc000e9a7c8, {0xc00150e270, 0x2, 0x14?})
	github.com/go-acme/lego/v4/challenge/resolver/prober.go:84 +0x510
github.com/go-acme/lego/v4/certificate.(*Certifier).Obtain(0xc000d5b8f0, {{0xc000e423e0, 0x2, 0x2}, {0x0, 0x0}, 0x0, {0x0, 0x0, 0x0}, ...})
	github.com/go-acme/lego/v4/certificate/certificates.go:152 +0x402
github.com/go-acme/lego/v4/cmd.obtainCertificate(0xc0010e9ec0, 0xc000144ee0)
	github.com/go-acme/lego/v4/cmd/cmd_run.go:202 +0x23c
github.com/go-acme/lego/v4/cmd.run(0xc0010e9ec0)
	github.com/go-acme/lego/v4/cmd/cmd_run.go:105 +0x257
github.com/urfave/cli/v2.(*Command).Run(0xc001070c60, 0xc0010e9ec0, {0xc000bab970, 0x1, 0x1})
	github.com/urfave/cli/v2@v2.27.1/command.go:279 +0x7e2
github.com/urfave/cli/v2.(*Command).Run(0xc0010714a0, 0xc0010e8240, {0xc00013e000, 0xc, 0xc})
	github.com/urfave/cli/v2@v2.27.1/command.go:272 +0xa65
github.com/urfave/cli/v2.(*App).RunContext(0xc000e9d200, {0x3a613f0, 0x5efbac0}, {0xc00013e000, 0xc, 0xc})
	github.com/urfave/cli/v2@v2.27.1/app.go:337 +0x58b
github.com/urfave/cli/v2.(*App).Run(...)
	github.com/urfave/cli/v2@v2.27.1/app.go:311
main.main()
	github.com/go-acme/lego/v4/cmd/lego/main.go:42 +0x1c7

The _acme-challenge.DOMAIN.TLD was created and on another run the code complains about [cleaning up failed] the existence of it, because it could not identify the ID of that zone:

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/20 09:59:44 [INFO] [*.lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/20 09:59:45 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13660363233
2024/08/20 09:59:45 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/20 09:59:45 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
2024/08/20 09:59:45 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/20 09:59:45 [WARN] [*.lego-test.de] acme: cleaning up failed: mittwald: unknown zone ID for '_acme-challenge.lego-test.de.' 
2024/08/20 09:59:45 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13660363233
2024/08/20 09:59:45 Could not obtain certificates:
	error: one or more domains had a problem:
[*.lego-test.de] [*.lego-test.de] acme: error presenting token: mittwald: create DNS zone: [status code 409] VError: a zone for the domain '_acme-challenge.lego-test.de' already exists

Please let me know if i can further assist with testing or debugging.

[ldez]

I fixed the problem with the nil

[Administratoor]

I removed the TXT Record for lego-test.de for "_acme-challenge.lego-test.de" by hand
and tried again after checking out new version and build it again.

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
[...]
2024/08/20 17:42:27 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/20 17:42:27 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13665301173
2024/08/20 17:42:27 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13665301183
2024/08/20 17:42:27 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/20 17:42:27 [INFO] [lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/20 17:42:27 [INFO] [lego-test.de] acme: Could not find solver for: http-01
2024/08/20 17:42:27 [INFO] [lego-test.de] acme: use dns-01 solver
2024/08/20 17:42:27 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
2024/08/20 17:42:28 [INFO] [lego-test.de] acme: Preparing to solve DNS-01
2024/08/20 17:42:28 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/20 17:42:28 [WARN] [*.lego-test.de] acme: cleaning up failed: mittwald: unknown zone ID for '_acme-challenge.lego-test.de.' 
2024/08/20 17:42:28 [INFO] [lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/20 17:42:28 [WARN] [lego-test.de] acme: cleaning up failed: mittwald: unknown zone ID for '_acme-challenge.lego-test.de.' 
2024/08/20 17:42:28 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13665301173
2024/08/20 17:42:29 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13665301183
2024/08/20 17:42:29 Could not obtain certificates:
	error: one or more domains had a problem:
[*.lego-test.de] [*.lego-test.de] acme: error presenting token: mittwald: create DNS zone: [status code 409] VError: a zone for the domain '_acme-challenge.lego-test.de' already exists
[lego-test.de] [lego-test.de] acme: error presenting token: mittwald: create DNS zone: [status code 409] VError: a zone for the domain '_acme-challenge.lego-test.de' already exists

I made a new call for a subdomain (which not exists before) seems successful:

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d test3.lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/20 17:49:24 [INFO] [test3.lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/20 17:49:25 [INFO] [test3.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13665363683
2024/08/20 17:49:25 [INFO] [test3.lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/20 17:49:25 [INFO] [test3.lego-test.de] acme: Could not find solver for: http-01
2024/08/20 17:49:25 [INFO] [test3.lego-test.de] acme: use dns-01 solver
2024/08/20 17:49:25 [INFO] [test3.lego-test.de] acme: Preparing to solve DNS-01
2024/08/20 17:49:25 [INFO] [test3.lego-test.de] acme: Trying to solve DNS-01
2024/08/20 17:49:25 [INFO] [test3.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/20 17:49:27 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2024/08/20 17:49:27 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:29 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:32 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:34 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:36 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:38 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:40 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:42 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:44 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:46 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:48 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:50 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:52 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:54 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:56 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:49:58 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:00 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:02 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:04 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:06 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:08 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:10 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:12 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:14 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:16 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:18 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:20 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:22 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:24 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:27 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:29 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:31 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/20 17:50:37 [INFO] [test3.lego-test.de] The server validated our request
2024/08/20 17:50:37 [INFO] [test3.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/20 17:50:38 [INFO] [test3.lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/20 17:50:38 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/20 17:50:43 [INFO] [test3.lego-test.de] Server responded with a certificate.

Maybe this is helpful?

[ldez]

I have 2 problems:

• how to add a TXT record for a domain without creating a zone
• how to remove a TXT record

Currently:

1. I list domains and browse them to find the project ID by using the auth zone (SOA).
2. Then I use the project ID to find all zones.
3. Then I browse the zone to get the zone ID by using the auth zone (SOA).

After that, I want to add a TXT record, so I need the zone ID and a TXT record (https://api.mittwald.de/v2/docs/#/Domain/dns-update-record-set).
But, the API doesn't have a field to handle the subdomain (the subdomain is obtained by splitting the zone from the domain).

So I tried to create a zone to handle the subdomain, but it seems this was not the right approach.

I didn't find how to delete a record, the API documentation doesn't provide clear information about that, so I just tried to delete the zone I created before.

Can you help me find the right to use the API?

[jotimann]

How to add a TXT record for a domain without creating a zone:

If i understand u correct u wanna create a txt record for e.g. _acme-challenge.test.domain.tld. You only can set a txt record for _acme-challenge.test.domain.tld if you have the a zone for the subdomain. So you first need to create the zone _acme-challenge.test.domain and then set an txt record for it.

How to remove a TXT record

to delete a txt record you must use the https://api.mittwald.de/v2/docs/#/Domain/dns-update-record-set and set it to {}. At the moment it is only possible to delete the whole zone

[ldez]

At the moment it is only possible to delete the whole zone

This means it is not possible to add several TXT entries and use them as expected.

So, the challenges for several domains/subdomains should be done sequentially, not in parallel.
In conclusion, it will be slow when using several domains/subdomains (i.e. wildcard).

So, an error will appear when trying to remove TXT records when there are several domains/subdomains (i.e. wildcard), this error will be ignored but it will appear in the logs.

I modified the implementation based on your feedback, it should work now.

[Administratoor]

Here are some testruns, it's confusing... Maybe some leftovers kicked in, but what i found (replicatable) is that it seems to only fail on first runs. second or subsequent runs succeed! Please have a look on the collected logs.

On the first run i get:

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
[...]
2024/08/26 16:15:54 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 16:15:55 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744243633
2024/08/26 16:15:55 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744243643
2024/08/26 16:15:55 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/26 16:15:55 [INFO] [lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/26 16:15:55 [INFO] [lego-test.de] acme: Could not find solver for: http-01
2024/08/26 16:15:55 [INFO] [lego-test.de] acme: use dns-01 solver
2024/08/26 16:15:55 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:15:55 [INFO] [lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:15:56 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:15:56 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:15:58 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:15:58 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:00 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:02 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:04 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:06 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:08 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:10 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:12 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:14 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:16 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:18 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:20 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:22 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:24 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:26 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:28 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:30 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:32 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:34 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:36 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:39 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:41 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:43 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:45 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:47 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:49 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:51 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:53 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:55 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:57 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:16:59 [INFO] [lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:16:59 [INFO] [lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:17:01 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:17:01 [INFO] [lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:17:03 [INFO] [lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:17:09 [INFO] [lego-test.de] The server validated our request
2024/08/26 16:17:09 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:17:09 [INFO] [lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:17:09 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744243633
2024/08/26 16:17:09 [INFO] Skipping deactivating of valid auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744243643
2024/08/26 16:17:09 Could not obtain certificates:
	error: one or more domains had a problem:
[*.lego-test.de] propagation: time limit exceeded: last error: NS ns01.agenturserver.it. returned NXDOMAIN for _acme-challenge.lego-test.de.

As you can see above, there was a timeout waiting for dns record propagation. And when running the same again:

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/26 16:18:02 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 16:18:03 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744243643
2024/08/26 16:18:03 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744259913
2024/08/26 16:18:03 [INFO] [lego-test.de] acme: authorization already valid; skipping challenge
2024/08/26 16:18:03 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/26 16:18:03 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:18:03 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:18:03 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:18:05 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:18:09 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:18:09 [INFO] Skipping deactivating of valid auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744243643
2024/08/26 16:18:09 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744259913
2024/08/26 16:18:09 Could not obtain certificates:
	error: one or more domains had a problem:
[*.lego-test.de] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: During secondary validation: Incorrect TXT record "zuPqRO-gAwApOHurro2mv_-0F-RFa72hlXC5Upd254w" found at _acme-challenge.lego-test.de

Some time later the same command seems to be succesful:

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/26 16:29:16 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 16:29:17 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744243643
2024/08/26 16:29:17 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744372913
2024/08/26 16:29:17 [INFO] [lego-test.de] acme: authorization already valid; skipping challenge
2024/08/26 16:29:17 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/26 16:29:17 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:29:18 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:29:18 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:29:20 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:29:24 [INFO] [*.lego-test.de] The server validated our request
2024/08/26 16:29:24 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:29:24 [INFO] [*.lego-test.de, lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/26 16:29:24 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/26 16:29:28 [INFO] [*.lego-test.de] Server responded with a certificate.

Replicating above error

rm -rf .lego

Do you have an idea why this problem occurs? I could replicate the issue when i delete the .lego folder and run the same command again, as you can see here, (first it runs in timeout, some time later success):

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
[...]
2024/08/26 16:31:40 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 16:31:41 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744395483
2024/08/26 16:31:41 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744395493
2024/08/26 16:31:41 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/26 16:31:41 [INFO] [lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/26 16:31:41 [INFO] [lego-test.de] acme: Could not find solver for: http-01
2024/08/26 16:31:41 [INFO] [lego-test.de] acme: use dns-01 solver
2024/08/26 16:31:41 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:31:41 [INFO] [lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:31:41 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:31:41 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:31:43 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:31:44 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:31:46 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:31:48 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:31:50 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:31:52 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:31:54 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:31:56 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:31:58 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:00 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:02 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:04 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:06 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:08 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:11 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:13 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:15 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:17 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:19 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:21 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:23 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:25 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:27 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:29 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:31 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:33 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:35 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:37 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:39 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:41 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:43 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:32:45 [INFO] [lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:32:45 [INFO] [lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:32:47 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:32:51 [INFO] [lego-test.de] The server validated our request
2024/08/26 16:32:51 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:32:51 [INFO] [lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:32:52 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744395483
2024/08/26 16:32:52 [INFO] Skipping deactivating of valid auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744395493
2024/08/26 16:32:52 Could not obtain certificates:
	error: one or more domains had a problem:
[*.lego-test.de] propagation: time limit exceeded: last error: NS ns01.agenturserver.it. did not return the expected TXT record [fqdn: _acme-challenge.lego-test.de., value: XODJCGFJE0emzoauSGvTgKFo99VuL1cgUqFwX5H2UsE]: 0Q09YzWPD6uPNFaYrd-pZqSrhqLL99R3n36iPg3bKBs

[WAIT 2min]

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/26 16:34:44 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 16:34:44 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744395493
2024/08/26 16:34:44 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744421043
2024/08/26 16:34:44 [INFO] [lego-test.de] acme: authorization already valid; skipping challenge
2024/08/26 16:34:44 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/26 16:34:44 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:34:45 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:34:45 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:34:47 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:34:52 [INFO] [*.lego-test.de] The server validated our request
2024/08/26 16:34:52 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:34:52 [INFO] [*.lego-test.de, lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/26 16:34:52 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/26 16:34:54 [INFO] [*.lego-test.de] Server responded with a certificate.

1=> FAIL | 2=> success

I tested for subdomains too. The first try fails every time and second or more are successful. (While waiting for dns record propagation i could see the correct created TXT records in the customer-center.)

Here are the logs for 3 test-subdomains.

test1.lego-test.de

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d test1.lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/26 16:48:34 [INFO] [test1.lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 16:48:35 [INFO] [test1.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744558593
2024/08/26 16:48:35 [INFO] [test1.lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/26 16:48:35 [INFO] [test1.lego-test.de] acme: Could not find solver for: http-01
2024/08/26 16:48:35 [INFO] [test1.lego-test.de] acme: use dns-01 solver
2024/08/26 16:48:35 [INFO] [test1.lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.test1.lego-test.de lego-test.de
test1.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:48:35 [INFO] [test1.lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:48:35 [INFO] [test1.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:48:37 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:48:38 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:48:40 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:48:42 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:48:44 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:48:46 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:48:48 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:48:50 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:48:52 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:48:54 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:48:56 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:48:58 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:00 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:02 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:04 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:06 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:08 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:10 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:12 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:14 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:16 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:18 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:20 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:22 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:24 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:27 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:29 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:31 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:33 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:35 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:37 [INFO] [test1.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:49:39 [INFO] [test1.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:49:39 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744558593
2024/08/26 16:49:39 Could not obtain certificates:
	error: one or more domains had a problem:
[test1.lego-test.de] propagation: time limit exceeded: last error: NS ns01.agenturserver.it. returned NXDOMAIN for _acme-challenge.test1.lego-test.de.



./dist/lego -m XXXXX@mittwald.de --dns mittwald -d test1.lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/26 16:50:05 [INFO] [test1.lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 16:50:06 [INFO] [test1.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744573573
2024/08/26 16:50:06 [INFO] [test1.lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/26 16:50:06 [INFO] [test1.lego-test.de] acme: Could not find solver for: http-01
2024/08/26 16:50:06 [INFO] [test1.lego-test.de] acme: use dns-01 solver
2024/08/26 16:50:06 [INFO] [test1.lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.test1.lego-test.de lego-test.de
test1.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:50:06 [INFO] [test1.lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:50:06 [INFO] [test1.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:50:08 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:50:15 [INFO] [test1.lego-test.de] The server validated our request
2024/08/26 16:50:15 [INFO] [test1.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:50:15 [INFO] [test1.lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/26 16:50:16 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/26 16:50:18 [INFO] [test1.lego-test.de] Server responded with a certificate.

test2.lego-test.de

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d test2.lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/26 16:50:52 [INFO] [test2.lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 16:50:53 [INFO] [test2.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744583903
2024/08/26 16:50:53 [INFO] [test2.lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/26 16:50:53 [INFO] [test2.lego-test.de] acme: Could not find solver for: http-01
2024/08/26 16:50:53 [INFO] [test2.lego-test.de] acme: use dns-01 solver
2024/08/26 16:50:53 [INFO] [test2.lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.test2.lego-test.de lego-test.de
test2.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:50:54 [INFO] [test2.lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:50:54 [INFO] [test2.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:50:56 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:50:56 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:50:58 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:00 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:02 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:04 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:06 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:08 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:10 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:12 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:14 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:16 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:18 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:20 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:22 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:24 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:26 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:28 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:30 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:32 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:35 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:37 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:39 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:41 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:43 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:45 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:47 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:49 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:51 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:53 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:55 [INFO] [test2.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:51:57 [INFO] [test2.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:51:58 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744583903
2024/08/26 16:51:58 Could not obtain certificates:
	error: one or more domains had a problem:
[test2.lego-test.de] propagation: time limit exceeded: last error: NS ns01.agenturserver.it. returned NXDOMAIN for _acme-challenge.test2.lego-test.de.



./dist/lego -m XXXXX@mittwald.de --dns mittwald -d test2.lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/26 16:52:05 [INFO] [test2.lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 16:52:05 [INFO] [test2.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744599523
2024/08/26 16:52:05 [INFO] [test2.lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/26 16:52:05 [INFO] [test2.lego-test.de] acme: Could not find solver for: http-01
2024/08/26 16:52:05 [INFO] [test2.lego-test.de] acme: use dns-01 solver
2024/08/26 16:52:05 [INFO] [test2.lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.test2.lego-test.de lego-test.de
test2.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:52:06 [INFO] [test2.lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:52:06 [INFO] [test2.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:52:08 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:52:12 [INFO] [test2.lego-test.de] The server validated our request
2024/08/26 16:52:12 [INFO] [test2.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:52:12 [INFO] [test2.lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/26 16:52:12 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/26 16:52:15 [INFO] [test2.lego-test.de] Server responded with a certificate.



./dist/lego -m XXXXX@mittwald.de --dns mittwald -d test2.lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/26 16:52:18 [INFO] [test2.lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 16:52:18 [INFO] [test2.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744599523
2024/08/26 16:52:18 [INFO] [test2.lego-test.de] acme: authorization already valid; skipping challenge
2024/08/26 16:52:18 [INFO] [test2.lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/26 16:52:18 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/26 16:52:20 [INFO] [test2.lego-test.de] Server responded with a certificate.

test3.lego-test.de

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d test3.lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/26 16:52:27 [INFO] [test3.lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 16:52:27 [INFO] [test3.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744605183
2024/08/26 16:52:27 [INFO] [test3.lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/26 16:52:27 [INFO] [test3.lego-test.de] acme: Could not find solver for: http-01
2024/08/26 16:52:27 [INFO] [test3.lego-test.de] acme: use dns-01 solver
2024/08/26 16:52:27 [INFO] [test3.lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.test3.lego-test.de lego-test.de
test3.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:52:28 [INFO] [test3.lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:52:28 [INFO] [test3.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:52:30 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:52:31 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:33 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:35 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:37 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:39 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:41 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:43 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:45 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:47 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:49 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:51 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:53 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:56 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:52:58 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:00 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:02 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:04 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:06 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:08 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:10 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:12 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:14 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:16 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:18 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:20 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:23 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:25 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:27 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:29 [INFO] [test3.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 16:53:31 [INFO] [test3.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:53:31 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744605183
2024/08/26 16:53:31 Could not obtain certificates:
	error: one or more domains had a problem:
[test3.lego-test.de] propagation: time limit exceeded: last error: NS ns01.agenturserver.it. returned NXDOMAIN for _acme-challenge.test3.lego-test.de.



./dist/lego -m XXXXX@mittwald.de --dns mittwald -d test3.lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/26 16:53:51 [INFO] [test3.lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 16:53:51 [INFO] [test3.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744622063
2024/08/26 16:53:51 [INFO] [test3.lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/26 16:53:51 [INFO] [test3.lego-test.de] acme: Could not find solver for: http-01
2024/08/26 16:53:51 [INFO] [test3.lego-test.de] acme: use dns-01 solver
2024/08/26 16:53:51 [INFO] [test3.lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.test3.lego-test.de lego-test.de
test3.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 16:53:52 [INFO] [test3.lego-test.de] acme: Trying to solve DNS-01
2024/08/26 16:53:52 [INFO] [test3.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 16:53:54 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/08/26 16:54:01 [INFO] [test3.lego-test.de] The server validated our request
2024/08/26 16:54:01 [INFO] [test3.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 16:54:02 [INFO] [test3.lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/26 16:54:02 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/26 16:54:05 [INFO] [test3.lego-test.de] Server responded with a certificate.

[ldez]

Maybe some leftovers kicked in, but what i found (replicatable) is that it seems to only fail on first runs

It's more related to DNS propagation than a number of attempts.

NS ns01.agenturserver.it. did not return the expected TXT record

This can be a propagation issue: the 2 TXT records are not propagated when we try to check them.

NS ns01.agenturserver.it. returned NXDOMAIN for _acme-challenge.test2.lego-test.de.

This means that the domain doesn't exist when checking it.

So you need to try increasing the propagation timeout MITTWALD_PROPAGATION_TIMEOUT (currently it's 2 minutes).

[Administratoor]

Ok i see and can confirm: it was the timeout, currently it was 1min. When increasing it to 3min it was successful after 69 seconds 👯

./dist/lego -m XXXXX@mittwald.de --dns mittwald -d test4.lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/26 17:21:26 [INFO] [test4.lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/26 17:21:27 [INFO] [test4.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13744914123
2024/08/26 17:21:27 [INFO] [test4.lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/26 17:21:27 [INFO] [test4.lego-test.de] acme: Could not find solver for: http-01
2024/08/26 17:21:27 [INFO] [test4.lego-test.de] acme: use dns-01 solver
2024/08/26 17:21:27 [INFO] [test4.lego-test.de] acme: Preparing to solve DNS-01
_acme-challenge.test4.lego-test.de lego-test.de
test4.lego-test.de lego-test.de
lego-test.de lego-test.de
2024/08/26 17:21:28 [INFO] [test4.lego-test.de] acme: Trying to solve DNS-01
2024/08/26 17:21:28 [INFO] [test4.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/26 17:21:30 [INFO] Wait for propagation [timeout: 3m0s, interval: 2s]
2024/08/26 17:21:30 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:32 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:34 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:36 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:38 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:40 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:42 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:44 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:46 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:48 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:50 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:52 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:54 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:56 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:21:58 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:00 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:02 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:04 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:06 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:08 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:10 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:12 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:14 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:16 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:18 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:20 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:23 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:25 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:27 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:29 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:31 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:33 [INFO] [test4.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/26 17:22:39 [INFO] [test4.lego-test.de] The server validated our request
2024/08/26 17:22:39 [INFO] [test4.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/26 17:22:39 [INFO] [test4.lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/26 17:22:39 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/26 17:22:41 [INFO] [test4.lego-test.de] Server responded with a certificate.

Do you need something else?

[ldez]

I need the logs of a working run with a wildcard as in the issue description (-d *.example.com -d example.com).
It should be the same domain but one with wildcard and one without.

[ldez]

Maybe my latest comment was not clear: can you run again the command from the issue description?
I changed the default timeout, to follow your feedback.

After that, if it's working, everything will be OK 🎉

[Administratoor]

Thank you for your effort on this. I appreciate it!
From my point of view, there still is a problem.
When issuing for both -d *.lego-test.de -d lego-test.de at the same time there is no success. (on the first run)
What i found is, that on the first run it solves for lego-test.de and on the second run it solves for *.lego-test.de

$ ./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/27 21:18:24 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
Y
2024/08/27 21:18:26 [INFO] acme: Registering account for XXXXX@mittwald.de
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/root/admin-kram/docker/lego/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/08/27 21:18:26 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/27 21:18:27 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13760865093
2024/08/27 21:18:27 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13760865103
2024/08/27 21:18:27 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/27 21:18:27 [INFO] [lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/27 21:18:27 [INFO] [lego-test.de] acme: Could not find solver for: http-01
2024/08/27 21:18:27 [INFO] [lego-test.de] acme: use dns-01 solver
2024/08/27 21:18:27 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
2024/08/27 21:18:28 [INFO] [lego-test.de] acme: Preparing to solve DNS-01
2024/08/27 21:18:29 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/27 21:18:29 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/27 21:18:31 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2024/08/27 21:18:31 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:18:33 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
...
2024/08/27 21:20:28 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:20:30 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:20:32 [INFO] [lego-test.de] acme: Trying to solve DNS-01
2024/08/27 21:20:32 [INFO] [lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/27 21:20:34 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2024/08/27 21:20:41 [INFO] [lego-test.de] The server validated our request
2024/08/27 21:20:41 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/27 21:20:42 [INFO] [lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/27 21:20:42 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13760865093
2024/08/27 21:20:42 [INFO] Skipping deactivating of valid auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13760865103
2024/08/27 21:20:42 Could not obtain certificates:
	error: one or more domains had a problem:
[*.lego-test.de] propagation: time limit exceeded: last error: NS ns01.agenturserver.co. did not return the expected TXT record [fqdn: _acme-challenge.lego-test.de., value: zmXhRUCAPsL_KIVXMDrxVOSzPr_nESskx8OLhfXjSes]: DXYgBpvE-SgkDV7n1MkAsv7mDOhs60aqH8GvKYYFiyY
$ ./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/27 21:21:41 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/27 21:21:42 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13760865103
2024/08/27 21:21:42 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13760891523
2024/08/27 21:21:42 [INFO] [lego-test.de] acme: authorization already valid; skipping challenge
2024/08/27 21:21:42 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/27 21:21:42 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
2024/08/27 21:21:43 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/27 21:21:43 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/27 21:21:45 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2024/08/27 21:21:49 [INFO] [*.lego-test.de] The server validated our request
2024/08/27 21:21:49 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/27 21:21:50 [INFO] [*.lego-test.de, lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/27 21:21:50 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/27 21:21:54 [INFO] [*.lego-test.de] Server responded with a certificate.

Here my tests with timeout 20s:

$ rm -rf .lego
$ export MITTWALD_PROPAGATION_TIMEOUT=20
$ ./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/27 21:42:25 No key found for account XXXXX@mittwald.de. Generating a P256 key.
2024/08/27 21:42:25 Saved key to /root/admin-kram/docker/lego/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/XXXXX@mittwald.de/keys/XXXXX@mittwald.de.key
2024/08/27 21:42:26 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
Y
2024/08/27 21:42:28 [INFO] acme: Registering account for XXXXX@mittwald.de
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/root/admin-kram/docker/lego/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/08/27 21:42:29 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/27 21:42:30 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13761086993
2024/08/27 21:42:30 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13761087003
2024/08/27 21:42:30 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/27 21:42:30 [INFO] [lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/27 21:42:30 [INFO] [lego-test.de] acme: Could not find solver for: http-01
2024/08/27 21:42:30 [INFO] [lego-test.de] acme: use dns-01 solver
2024/08/27 21:42:30 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
2024/08/27 21:42:30 [INFO] [lego-test.de] acme: Preparing to solve DNS-01
2024/08/27 21:42:31 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/27 21:42:31 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/27 21:42:33 [INFO] Wait for propagation [timeout: 20s, interval: 2s]
2024/08/27 21:42:33 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:42:35 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:42:37 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:42:39 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:42:41 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:42:43 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:42:45 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:42:47 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:42:49 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:42:51 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:42:53 [INFO] [lego-test.de] acme: Trying to solve DNS-01
2024/08/27 21:42:53 [INFO] [lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/27 21:42:55 [INFO] Wait for propagation [timeout: 20s, interval: 2s]
2024/08/27 21:42:59 [INFO] [lego-test.de] The server validated our request
2024/08/27 21:42:59 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/27 21:42:59 [INFO] [lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/27 21:42:59 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13761086993
2024/08/27 21:43:00 [INFO] Skipping deactivating of valid auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13761087003
2024/08/27 21:43:00 Could not obtain certificates:
	error: one or more domains had a problem:
[*.lego-test.de] propagation: time limit exceeded: last error: NS ns01.agenturserver.co. did not return the expected TXT record [fqdn: _acme-challenge.lego-test.de., value: cmQ4lFQWebqFFKaQkW_lB4hesXiMedbAQWO6LRhiFN4]: ul77NxdZ-7y_h4hlBu0ZvViKILdkJiq3Lr8K1r1iSAs

$ ./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/27 21:44:19 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/27 21:44:19 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13761087003
2024/08/27 21:44:19 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13761100253
2024/08/27 21:44:19 [INFO] [lego-test.de] acme: authorization already valid; skipping challenge
2024/08/27 21:44:19 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/27 21:44:19 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
2024/08/27 21:44:20 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/27 21:44:20 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/27 21:44:22 [INFO] Wait for propagation [timeout: 20s, interval: 2s]
2024/08/27 21:44:27 [INFO] [*.lego-test.de] The server validated our request
2024/08/27 21:44:27 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/27 21:44:27 [INFO] [*.lego-test.de, lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/27 21:44:27 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/27 21:44:29 [INFO] [*.lego-test.de] Server responded with a certificate.

As mentioned before i could replicate that by deleting .lego folder.
I have also tried to set MITTWALD_PROPAGATION_TIMEOUT to 10min without making any difference.

$ rm -rf .lego
$ ./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/27 21:46:48 No key found for account XXXXX@mittwald.de. Generating a P256 key.
2024/08/27 21:46:48 Saved key to /root/admin-kram/docker/lego/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/XXXXX@mittwald.de/keys/XXXXX@mittwald.de.key
2024/08/27 21:46:48 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
Y
2024/08/27 21:46:50 [INFO] acme: Registering account for XXXXX@mittwald.de
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/root/admin-kram/docker/lego/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/08/27 21:46:50 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/27 21:46:51 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13761118203
2024/08/27 21:46:51 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13761118213
2024/08/27 21:46:51 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/27 21:46:51 [INFO] [lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/27 21:46:51 [INFO] [lego-test.de] acme: Could not find solver for: http-01
2024/08/27 21:46:51 [INFO] [lego-test.de] acme: use dns-01 solver
2024/08/27 21:46:51 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
2024/08/27 21:46:51 [INFO] [lego-test.de] acme: Preparing to solve DNS-01
2024/08/27 21:46:52 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/27 21:46:52 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/27 21:46:54 [INFO] Wait for propagation [timeout: 10m0s, interval: 2s]
2024/08/27 21:46:54 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:46:56 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
...
2024/08/27 21:56:50 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:56:52 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/27 21:56:54 [INFO] [lego-test.de] acme: Trying to solve DNS-01
2024/08/27 21:56:54 [INFO] [lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/27 21:56:56 [INFO] Wait for propagation [timeout: 10m0s, interval: 2s]
2024/08/27 21:57:04 [INFO] [lego-test.de] The server validated our request
2024/08/27 21:57:04 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/27 21:57:04 [INFO] [lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/27 21:57:04 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13761118203
2024/08/27 21:57:05 [INFO] Skipping deactivating of valid auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13761118213
2024/08/27 21:57:05 Could not obtain certificates:
	error: one or more domains had a problem:
[*.lego-test.de] propagation: time limit exceeded: last error: NS ns01.agenturserver.co. did not return the expected TXT record [fqdn: _acme-challenge.lego-test.de., value: qD_8RvY6JUaTdEV6cCFTmu8RygPDf2TjfaUqKM_3nSM]: L3befxVjqhagNXolMB6Hf5cabXjP9awyRAFhl_RL-ek

$ ./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/27 22:07:39 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/27 22:07:40 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13761118213
2024/08/27 22:07:40 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13761297293
2024/08/27 22:07:40 [INFO] [lego-test.de] acme: authorization already valid; skipping challenge
2024/08/27 22:07:40 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/27 22:07:40 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
2024/08/27 22:07:41 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/27 22:07:41 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/27 22:07:43 [INFO] Wait for propagation [timeout: 10m0s, interval: 2s]
2024/08/27 22:07:49 [INFO] [*.lego-test.de] The server validated our request
2024/08/27 22:07:49 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/27 22:07:50 [INFO] [*.lego-test.de, lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/27 22:07:50 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/27 22:07:52 [INFO] [*.lego-test.de] Server responded with a certificate.

If this is the expected behavior it's ok.
What i see is that for both domains wildcard (*.lego-test.de) and without subdomain (lego-test.de) a TXT record with the name _acme-challenge.lego-test.de gets created for the domain lego-test.de.

Where can i assist you? If you want a demo we can make a videochat.

[ldez]

Can you try to set the env var LEGO_EXPERIMENTAL_DNS_TCP_ONLY=true?

If this doesn't work, I will change the challenge to a sequential approach to see if this can improve the behavior.

[Administratoor]

I tried with the env var, but nothing changed. Still 2 runs needed.

[ldez]

before switching to the sequential approach, can you try the latest commit?

[Administratoor]

before switching to the sequential approach, can you try the latest commit?

You mean this 2e0d934 one? I tried it, didn't work for me. Behavior still the same. 2 runs needed.

root@Server-Office:~/admin-kram/docker/lego/lego# git fetch origin 2e0d9348e45009af280842ec9b13ce4879697dbc
remote: Enumerating objects: 52, done.
remote: Counting objects: 100% (52/52), done.
remote: Compressing objects: 100% (31/31), done.
remote: Total 52 (delta 21), reused 47 (delta 20), pack-reused 0 (from 0)
Entpacke Objekte: 100% (52/52), 38.66 KiB | 1.55 MiB/s, fertig.
Von https://github.com/ldez/lego
 * branch              2e0d9348e45009af280842ec9b13ce4879697dbc -> FETCH_HEAD
root@Server-Office:~/admin-kram/docker/lego/lego# git checkout -b new_branch FETCH_HEAD
Zu neuem Branch 'new_branch' gewechselt
root@Server-Office:~/admin-kram/docker/lego/lego# make build
BIN_OUTPUT: dist/lego
rm -rf dist/ builds/ cover.out
Version: 2e0d9348e45009af280842ec9b13ce4879697dbc
go build -trimpath -ldflags '-X "main.version=2e0d9348e45009af280842ec9b13ce4879697dbc"' -o  dist/lego ./cmd/lego/
root@Server-Office:~/admin-kram/docker/lego/lego# rm -rf .lego
root@Server-Office:~/admin-kram/docker/lego/lego# export MITTWALD_TOKEN="REDACTED"
root@Server-Office:~/admin-kram/docker/lego/lego# ./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/30 09:20:23 No key found for account XXXXX@mittwald.de. Generating a P256 key.
2024/08/30 09:20:23 Saved key to /root/admin-kram/docker/lego/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/XXXXX@mittwald.de/keys/XXXXX@mittwald.de.key
2024/08/30 09:20:23 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
Y
2024/08/30 09:20:25 [INFO] acme: Registering account for XXXXX@mittwald.de
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/root/admin-kram/docker/lego/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/08/30 09:20:26 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/30 09:20:26 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13795734993
2024/08/30 09:20:26 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13795735003
2024/08/30 09:20:26 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/30 09:20:26 [INFO] [lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/30 09:20:26 [INFO] [lego-test.de] acme: Could not find solver for: http-01
2024/08/30 09:20:26 [INFO] [lego-test.de] acme: use dns-01 solver
2024/08/30 09:20:26 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
2024/08/30 09:20:27 [INFO] [lego-test.de] acme: Preparing to solve DNS-01
2024/08/30 09:20:28 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/30 09:20:28 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/30 09:20:30 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2024/08/30 09:20:30 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:32 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:34 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:36 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:38 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:40 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:42 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:44 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:46 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:48 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:50 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:52 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:54 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:56 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:20:58 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:00 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:02 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:04 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:06 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:08 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:10 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:12 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:14 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:16 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:18 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:20 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:22 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:24 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:27 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:29 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:31 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:33 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:35 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:37 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:39 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:41 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:43 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:45 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:47 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:49 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:51 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:53 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:55 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:21:57 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:00 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:02 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:04 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:06 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:08 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:10 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:12 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:14 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:16 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:18 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:20 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:23 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:25 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:27 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:29 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:22:31 [INFO] [lego-test.de] acme: Trying to solve DNS-01
2024/08/30 09:22:31 [INFO] [lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/30 09:22:33 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2024/08/30 09:22:39 [INFO] [lego-test.de] The server validated our request
2024/08/30 09:22:39 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/30 09:22:40 [INFO] [lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/30 09:22:40 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13795734993
2024/08/30 09:22:40 [INFO] Skipping deactivating of valid auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13795735003
2024/08/30 09:22:40 Could not obtain certificates:
	error: one or more domains had a problem:
[*.lego-test.de] propagation: time limit exceeded: last error: NS ns01.agenturserver.it. did not return the expected TXT record [fqdn: _acme-challenge.lego-test.de., value: Ip0hBkHfZp53cB6uxDcAm941t3xDQAu7dXW9i8FnCNs]: Nz_ojMLHVMS003bUumOT9LdpMGiyUnK_MxNDw_zdDy8


root@Server-Office:~/admin-kram/docker/lego/lego# ./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/30 09:23:22 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/30 09:23:23 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13795735003
2024/08/30 09:23:23 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13795762643
2024/08/30 09:23:23 [INFO] [lego-test.de] acme: authorization already valid; skipping challenge
2024/08/30 09:23:23 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/30 09:23:23 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
2024/08/30 09:23:23 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/30 09:23:23 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/30 09:23:25 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2024/08/30 09:23:25 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:23:27 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:23:29 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:23:32 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:23:34 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 09:23:42 [INFO] [*.lego-test.de] The server validated our request
2024/08/30 09:23:42 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/30 09:23:42 [INFO] [*.lego-test.de, lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/30 09:23:42 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/30 09:23:45 [INFO] [*.lego-test.de] Server responded with a certificate.

With the latest commit c8b0487 i got an error unrecognized DNS provider: mittwald because of this change.

I changed the code to a sequential approach and it works:

root@Server-Office:~/admin-kram/docker/lego/lego# ./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/30 09:51:34 No key found for account XXXXX@mittwald.de. Generating a P256 key.
2024/08/30 09:51:34 Saved key to /root/admin-kram/docker/lego/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/XXXXX@mittwald.de/keys/XXXXX@mittwald.de.key
2024/08/30 09:51:34 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
Y
2024/08/30 09:51:36 [INFO] acme: Registering account for XXXXX@mittwald.de
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/root/admin-kram/docker/lego/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/08/30 09:51:36 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/30 09:51:37 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13796034153
2024/08/30 09:51:37 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13796034163
2024/08/30 09:51:37 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/30 09:51:37 [INFO] [lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/30 09:51:37 [INFO] [lego-test.de] acme: Could not find solver for: http-01
2024/08/30 09:51:37 [INFO] [lego-test.de] acme: use dns-01 solver
2024/08/30 09:51:37 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
2024/08/30 09:51:37 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/30 09:51:37 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/30 09:51:39 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2024/08/30 09:51:45 [INFO] [*.lego-test.de] The server validated our request
2024/08/30 09:51:45 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/30 09:51:45 [INFO] sequence: wait for 1m0s
2024/08/30 09:52:45 [INFO] [lego-test.de] acme: Preparing to solve DNS-01
2024/08/30 09:52:46 [INFO] [lego-test.de] acme: Trying to solve DNS-01
2024/08/30 09:52:46 [INFO] [lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/30 09:52:48 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2024/08/30 09:52:56 [INFO] [lego-test.de] The server validated our request
2024/08/30 09:52:56 [INFO] [lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/30 09:52:56 [INFO] [*.lego-test.de, lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/30 09:52:56 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/30 09:52:59 [INFO] [*.lego-test.de] Server responded with a certificate.

Here the changes i made:

providers/dns/dns_providers.go

root@Server-Office:~/admin-kram/docker/lego/lego# git diff providers/dns/dns_providers.go 
diff --git a/providers/dns/dns_providers.go b/providers/dns/dns_providers.go
index 0bcfdee6..6a407875 100644
--- a/providers/dns/dns_providers.go
+++ b/providers/dns/dns_providers.go
@@ -83,6 +83,7 @@ import (
        "github.com/go-acme/lego/v4/providers/dns/luadns"
        "github.com/go-acme/lego/v4/providers/dns/mailinabox"
        "github.com/go-acme/lego/v4/providers/dns/metaname"
+       "github.com/go-acme/lego/v4/providers/dns/mittwald"
        "github.com/go-acme/lego/v4/providers/dns/mijnhost"
        "github.com/go-acme/lego/v4/providers/dns/mydnsjp"
        "github.com/go-acme/lego/v4/providers/dns/mythicbeasts"
@@ -301,6 +302,8 @@ func NewDNSChallengeProviderByName(name string) (challenge.Provider, error) {
                return dns01.NewDNSProviderManual()
        case "metaname":
                return metaname.NewDNSProvider()
+       case "mittwald":
+               return mittwald.NewDNSProvider()
        case "mijnhost":
                return mijnhost.NewDNSProvider()
        case "mydnsjp":

providers/dns/mittwald/mittwald.go

root@Server-Office:~/admin-kram/docker/lego/lego# git diff providers/dns/mittwald/mittwald.go 
diff --git a/providers/dns/mittwald/mittwald.go b/providers/dns/mittwald/mittwald.go
index b8a61383..1728e929 100644
--- a/providers/dns/mittwald/mittwald.go
+++ b/providers/dns/mittwald/mittwald.go
@@ -25,6 +25,7 @@ const (
        EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
        EnvPollingInterval    = envNamespace + "POLLING_INTERVAL"
        EnvHTTPTimeout        = envNamespace + "HTTP_TIMEOUT"
+       EnvSequenceInterval   = envNamespace + "SEQUENCE_INTERVAL"
 )
 
 const minTTL = 300
@@ -36,6 +37,7 @@ type Config struct {
        PropagationTimeout time.Duration
        PollingInterval    time.Duration
        HTTPClient         *http.Client
+       SequenceInterval   time.Duration
 }
 
 // NewDefaultConfig returns a default configuration for the DNSProvider.
@@ -44,6 +46,7 @@ func NewDefaultConfig() *Config {
                TTL:                env.GetOrDefaultInt(EnvTTL, minTTL),
                PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
                PollingInterval:    env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),
+               SequenceInterval:   env.GetOrDefaultSecond(EnvSequenceInterval, dns01.DefaultPropagationTimeout),
                HTTPClient: &http.Client{
                        Timeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),
                },
@@ -100,6 +103,13 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
        return d.config.PropagationTimeout, d.config.PollingInterval
 }
 
+
+// Sequential All DNS challenges for this provider will be resolved sequentially.
+// Returns the interval between each iteration.
+func (d *DNSProvider) Sequential() time.Duration {
+       return d.config.SequenceInterval
+}
+
 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
        ctx := context.Background()

providers/dns/mittwald/mittwald.toml

root@Server-Office:~/admin-kram/docker/lego/lego# git diff providers/dns/mittwald/mittwald.toml
diff --git a/providers/dns/mittwald/mittwald.toml b/providers/dns/mittwald/mittwald.toml
index e36a8b44..0d7a762a 100644
--- a/providers/dns/mittwald/mittwald.toml
+++ b/providers/dns/mittwald/mittwald.toml
@@ -15,6 +15,7 @@ lego --email you@example.com --dns mittwald --domains my.example.org run
   [Configuration.Additional]
     MITTWALD_POLLING_INTERVAL = "Time between DNS propagation check"
     MITTWALD_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
+    MITTWALD_SEQUENCE_INTERVAL = "Time between sequential requests"
     MITTWALD_TTL = "The TTL of the TXT record used for the DNS challenge"
     MITTWALD_HTTP_TIMEOUT = "API request timeout"
 

[ldez]

I updated the code with the sequential approach, can you run it again and give me the output?

[Administratoor]

Thank you very much. As you can see it works now.

$ make build
BIN_OUTPUT: dist/lego
rm -rf dist/ builds/ cover.out
Version: cf13ebea8c5b71ab7ff20d56bc0dfb486f2b7678
go build -trimpath -ldflags '-X "main.version=cf13ebea8c5b71ab7ff20d56bc0dfb486f2b7678"' -o  dist/lego ./cmd/lego/
root@Server-Office:~/admin-kram/docker/lego/lego# export MITTWALD_TOKEN="REDACTED"
root@Server-Office:~/admin-kram/docker/lego/lego# ./dist/lego -m XXXXX@mittwald.de --dns mittwald -d *.lego-test.de -d lego-test.de -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/08/30 13:07:14 No key found for account XXXXX@mittwald.de. Generating a P256 key.
2024/08/30 13:07:14 Saved key to /root/admin-kram/docker/lego/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/XXXXX@mittwald.de/keys/XXXXX@mittwald.de.key
2024/08/30 13:07:15 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
Y
2024/08/30 13:07:16 [INFO] acme: Registering account for XXXXX@mittwald.de
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/root/admin-kram/docker/lego/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/08/30 13:07:17 [INFO] [*.lego-test.de, lego-test.de] acme: Obtaining bundled SAN certificate
2024/08/30 13:07:17 [INFO] [*.lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13797909343
2024/08/30 13:07:17 [INFO] [lego-test.de] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13797909353
2024/08/30 13:07:17 [INFO] [*.lego-test.de] acme: use dns-01 solver
2024/08/30 13:07:17 [INFO] [lego-test.de] acme: Could not find solver for: tls-alpn-01
2024/08/30 13:07:17 [INFO] [lego-test.de] acme: Could not find solver for: http-01
2024/08/30 13:07:17 [INFO] [lego-test.de] acme: use dns-01 solver
2024/08/30 13:07:17 [INFO] [*.lego-test.de] acme: Preparing to solve DNS-01
2024/08/30 13:07:18 [INFO] [*.lego-test.de] acme: Trying to solve DNS-01
2024/08/30 13:07:19 [INFO] [*.lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/30 13:07:29 [INFO] Wait for propagation [timeout: 2m0s, interval: 10s]
2024/08/30 13:07:29 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 13:07:39 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 13:07:49 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 13:07:59 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 13:08:09 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 13:08:19 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 13:08:29 [INFO] [*.lego-test.de] acme: Waiting for DNS record propagation.
2024/08/30 13:08:44 [INFO] [*.lego-test.de] The server validated our request
2024/08/30 13:08:44 [INFO] [*.lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/30 13:08:44 [INFO] sequence: wait for 2m0s
2024/08/30 13:10:44 [INFO] [lego-test.de] acme: Preparing to solve DNS-01
2024/08/30 13:10:45 [INFO] [lego-test.de] acme: Trying to solve DNS-01
2024/08/30 13:10:45 [INFO] [lego-test.de] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2024/08/30 13:10:55 [INFO] Wait for propagation [timeout: 2m0s, interval: 10s]
2024/08/30 13:11:00 [INFO] [lego-test.de] The server validated our request
2024/08/30 13:11:00 [INFO] [lego-test.de] acme: Cleaning DNS-01 challenge
2024/08/30 13:11:00 [INFO] [*.lego-test.de, lego-test.de] acme: Validations succeeded; requesting certificates
2024/08/30 13:11:00 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/08/30 13:11:03 [INFO] [*.lego-test.de] Server responded with a certificate.

[ldez]

I hope you enjoyed my work, please consider donating or asking your company to do so.
This will be appreciated, thank you ❤️

https://github.com/sponsors/ldez

[dmke]

LGTM