Add DNS provider for West.cn/西部数码

[ldez]

• adds a description to your PR
• have a homogeneous design with the other providers
• add tests (units)
• add tests ("live")
• add a provider descriptor
• generate CLI help, documentation, and readme.
• be able to do: (and put the output of this command to a comment)

  make build
  rm -rf .lego
  
  WESTCN_USERNAME="xxx" \
  WESTCN_PASSWORD="yyy" \
  ./dist/lego -m your_email@example.com --dns westcn -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

  Note the wildcard domain is important.
• pass the linter
• do go mod tidy

I created this PR based on the API documentation.
I did it because I wanted to learn how to play with request/response custom encoding (gb2312/GBK).

Now, I need a user to test the implementation.

How to test this PR?

1. You need Go
2. Checkout the PR:

   git clone https://github.com/ldez/lego.git
   cd lego
   git checkout xxx

3. Compile lego:
   • if you have make: make build
   • if you don't make make: go build -o dist/lego ./cmd/lego
4. Run the following command with your information (email, domain, credentials):

   WESTCN_USERNAME="xxx" \
   WESTCN_PASSWORD="yyy" \
   ./dist/lego -m your_email@example.com --dns westcn -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

   The wildcard domain is important
5. Before each run of the command, you should clean your local environment:

   rm -rf .lego

[ldez]

@liesauer I fixed the problem can you try it again?

[liesauer]

sure, i will try it again tomorrow

[liesauer]

./dist/lego -m account@my.com --dns westcn -d *.mydomain.com -d mydomain.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

this should be unexpected? there are two _acme-challenge TXT record with different values, and failed to clean up at the end.

2024/11/20 09:24:51 [INFO] [*.mydomain.com, mydomain.com] acme: Obtaining bundled SAN certificate
2024/11/20 09:24:52 [INFO] [*.mydomain.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172183513/14994866243
2024/11/20 09:24:52 [INFO] [mydomain.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172183513/14994866253
2024/11/20 09:24:52 [INFO] [*.mydomain.com] acme: use dns-01 solver
2024/11/20 09:24:52 [INFO] [mydomain.com] acme: Could not find solver for: tls-alpn-01
2024/11/20 09:24:52 [INFO] [mydomain.com] acme: Could not find solver for: http-01
2024/11/20 09:24:52 [INFO] [mydomain.com] acme: use dns-01 solver
2024/11/20 09:24:52 [INFO] [*.mydomain.com] acme: Preparing to solve DNS-01
2024/11/20 09:24:54 [INFO] [mydomain.com] acme: Preparing to solve DNS-01
2024/11/20 09:24:55 [INFO] [*.mydomain.com] acme: Trying to solve DNS-01
2024/11/20 09:24:55 [INFO] [*.mydomain.com] acme: Checking DNS record propagation. [nameservers=google-public-dns-a.google.com:53,google-public-dns-b.google.com:53]
2024/11/20 09:24:57 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/11/20 09:24:58 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:25:21 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:25:23 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:25:25 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:25:49 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:25:51 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:25:54 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:25:56 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:25:58 [INFO] [mydomain.com] acme: Trying to solve DNS-01
2024/11/20 09:26:18 [INFO] [mydomain.com] acme: Checking DNS record propagation. [nameservers=google-public-dns-a.google.com:53,google-public-dns-b.google.com:53]
2024/11/20 09:26:20 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/11/20 09:26:46 [INFO] [mydomain.com] The server validated our request
2024/11/20 09:26:46 [INFO] [*.mydomain.com] acme: Cleaning DNS-01 challenge
2024/11/20 09:26:47 [WARN] [*.mydomain.com] acme: cleaning up failed: westcn: delete record: 20102: 域名格式有误 (500)
2024/11/20 09:26:47 [INFO] [mydomain.com] acme: Cleaning DNS-01 challenge
2024/11/20 09:26:47 [WARN] [mydomain.com] acme: cleaning up failed: westcn: delete record: 20102: 域名格式有误 (500)
2024/11/20 09:26:48 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172183513/14994866243
2024/11/20 09:26:48 [INFO] Skipping deactivating of valid auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172183513/14994866253
2024/11/20 09:26:48 Could not obtain certificates:
        error: one or more domains had a problem:
[*.mydomain.com] propagation: time limit exceeded: last error: authoritative nameservers: NS ns4.myhostadmin.net.:53 did not return the expected TXT record [fqdn: _acme-challenge.mydomain.com., value: Is7yxfnQ178_T0sBNqrzrgHduWQUnlr0h7OGfppkZHw]: GOprNpytk5PHzMypBaBmNMMBsEVtzSxrdfMhRRlskPY ,cQGlWjn70_wWobx4v4mNwAMPiYX7K7achxDag97Ul-0 ,ba2Xf5TAntyo4EoB8sNZqUCd2J1VR-4oD6ZhOh5mUl4

[liesauer]

i also tried single subdomain, it works, but still failed to clean up.

2024/11/20 09:40:43 [INFO] [lego.mydomain.com] acme: Obtaining bundled SAN certificate
2024/11/20 09:40:44 [INFO] [lego.mydomain.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/172183513/14995018813
2024/11/20 09:40:44 [INFO] [lego.mydomain.com] acme: Could not find solver for: tls-alpn-01
2024/11/20 09:40:44 [INFO] [lego.mydomain.com] acme: Could not find solver for: http-01
2024/11/20 09:40:44 [INFO] [lego.mydomain.com] acme: use dns-01 solver
2024/11/20 09:40:44 [INFO] [lego.mydomain.com] acme: Preparing to solve DNS-01
2024/11/20 09:40:47 [INFO] [lego.mydomain.com] acme: Trying to solve DNS-01
2024/11/20 09:40:48 [INFO] [lego.mydomain.com] acme: Checking DNS record propagation. [nameservers=google-public-dns-a.google.com:53,google-public-dns-b.google.com:53]
2024/11/20 09:40:50 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2024/11/20 09:40:51 [INFO] [lego.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:41:14 [INFO] [lego.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:41:16 [INFO] [lego.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:41:19 [INFO] [lego.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:41:41 [INFO] [lego.mydomain.com] acme: Waiting for DNS record propagation.
2024/11/20 09:41:57 [INFO] [lego.mydomain.com] The server validated our request
2024/11/20 09:41:57 [INFO] [lego.mydomain.com] acme: Cleaning DNS-01 challenge
2024/11/20 09:41:58 [WARN] [lego.mydomain.com] acme: cleaning up failed: westcn: delete record: 20102: 域名格式有误 (500)
2024/11/20 09:41:58 [INFO] [lego.mydomain.com] acme: Validations succeeded; requesting certificates
2024/11/20 09:41:58 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/11/20 09:42:01 [INFO] [lego.mydomain.com] Server responded with a certificate.

[ldez]

@liesauer I fixed the problem with deleting the records, can you try again?

[ldez]

I also increased the propagation timeout, this will fix this problem:

[*.mydomain.com] propagation: time limit exceeded: last error: authoritative nameservers: NS ns4.myhostadmin.net.:53 did not return the expected TXT record [fqdn: _acme-challenge.mydomain.com., value: Is7yxfnQ178_T0sBNqrzrgHduWQUnlr0h7OGfppkZHw]: GOprNpytk5PHzMypBaBmNMMBsEVtzSxrdfMhRRlskPY ,cQGlWjn70_wWobx4v4mNwAMPiYX7K7achxDag97Ul-0 ,ba2Xf5TAntyo4EoB8sNZqUCd2J1VR-4oD6ZhOh5mUl4

I recommend cleaning manually all the previous TXT records _acme-challenge before running the command because lego will not delete the previous TXT records, but it will clean the new ones automatically.

[liesauer]

this fix works! but i notice that when i issuing for *.mydomain.com and mydomain.com using -d *.mydomain.com -d mydomain.com command, the certificate only shows *.mydomain.com, there is no mydomain.com, is that expected?

[liesauer]

is this should be *.mydomain.com,mydomain.com?

[liesauer]

as far as i know, *.mydomain.com only means any sub domain, no top domain included.

[ldez]

The certificates contain the 2 domains, only one is the main.
I don't know how you display the domain but your tool seems to not display the other domain (SAN).

[ldez]

You can use this tool: https://cyberchef.org/#recipe=Parse_X.509_certificate('PEM')

[liesauer]

You can use this tool: https://cyberchef.org/#recipe=Parse_X.509_certificate('PEM')

this is weird, it shows nothing about the domain infos

[liesauer]

the Subject Alternative Name does show two domains, is this fine as what it is expected?

[ldez]

SAN -> Subject Alternative Name

#2318 (comment)

[ldez]

So your certificate is right: it handles *.example.com and example.com.

Everything is OK, thanks for taking the time to test this PR 👍

[liesauer]

i see, this pr is good to go then👍