ccf 大佬有话说 :
Let’s Encrypt 和 华为云的DNS 不大兼容啊
DNS验证基本上失败率>90%,换了阿狸的DNS秒过,MLGBD…
hehe 大佬有话说 :
珍爱生命,远离华为
ccf 大佬有话说 :
本帖最后由 ccf 于 2020-10-21 22:28 编辑
扫描了一下华为云的DNS,应该是不支持 echo capitalization 导致的
已发工单,需要对DNS服务器做调整,看看他们能否解决
X Fatal error: Nameserver doesn’t support echo capitalization. That’s critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn’t possible. Your name server provider must update the software.: ns1.huaweicloud-dns.cn / 43.254.0.68
X Fatal error: Nameserver doesn’t support echo capitalization. That’s critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn’t possible. Your name server provider must update the software.: ns1.huaweicloud-dns.com / 114.115.192.11
X Fatal error: Nameserver doesn’t support echo capitalization. That’s critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn’t possible. Your name server provider must update the software.: ns1.huaweicloud-dns.com / 139.9.224.17
X Fatal error: Nameserver doesn’t support echo capitalization. That’s critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn’t possible. Your name server provider must update the software.: ns1.huaweicloud-dns.net / 159.138.76.159
X Fatal error: Nameserver doesn’t support echo capitalization. That’s critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn’t possible. Your name server provider must update the software.: ns1.huaweicloud-dns.org
X Fatal error: Nameserver doesn’t support echo capitalization. That’s critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn’t possible. Your name server provider must update the software.: ns1.huaweicloud-dns.org / 159.138.17.59
X Fatal error: Nameserver doesn’t support echo capitalization. That’s critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn’t possible. Your name server provider must update the software.: ns1.huaweicloud-dns.org / 159.138.77.159
jqbaobao 大佬有话说 :
是这样,所以我每次都要切腾讯DNS
swsh007 大佬有话说 :
折腾还是qq,阿里家吧https://cdn.jsdelivr.net/gh/hishis/forum-master/public/images/patch.gif
By小酷 大佬有话说 :
华为dns有优先级设置,还有4个ns,两个国内两个国外
ccf 大佬有话说 :
本帖最后由 ccf 于 2020-10-21 11:53 编辑
By小酷 大佬有话说 : 2020-10-21 11:42
华为dns有优先级设置,还有4个ns,两个国内两个国外
其他功能是不错,我这里是单纯说Let’s的TXT验证,不管用华为国内国外,都失败
nslookup 查询没问题,但 Let’s 的查询机制不一样
https://unboundtest.com/ 这里可以测试,和 Let’s 的查询机制一样,TXT和CAA查询大概率失败,估计是DNS的兼容性有问题
By小酷 大佬有话说 :
ccf 大佬有话说 : 2020-10-21 11:51
其他功能是不错,我这里是单纯说Let’s的TXT验证,不管用华为国内国外,都失败
nslookup 查询没问题,但…
你如果有txt记录,建议全部写成一个,因为华为分开写记录集会变成轮训,写成一个才会全部显示
ccf 大佬有话说 :
By小酷 大佬有话说 : 2020-10-21 12:13
你如果有txt记录,建议全部写成一个,因为华为分开写记录集会变成轮训,写成一个才会全部显示 …
我知道他这个机制,我都是写一个记录的,
但问题是,哪怕这个记录里面只有一行TXT,https://unboundtest.com/ 这里也大概率查询失败,Let’s 就更完蛋了
而且 CAA 也是大概率查询失败
cyclists 大佬有话说 :
原来是这个原因,还以为是le不支持我的域名:lol
king51 大佬有话说 :
:'( 之前说要修的,结果现在都没修