From 07a3eb0b7beccc2f65038d43028f16ae1e27e13f Mon Sep 17 00:00:00 2001 From: Fernandez Ludovic Date: Thu, 26 Feb 2026 08:04:20 +0100 Subject: [PATCH] refactor: minor changes --- challenge/dns01/dns_challenge.go | 15 ++++++++--- .../dnspersist01/dns_persist_challenge.go | 26 ++++++++++--------- 2 files changed, 26 insertions(+), 15 deletions(-) diff --git a/challenge/dns01/dns_challenge.go b/challenge/dns01/dns_challenge.go index 584088505..9c6252a8c 100644 --- a/challenge/dns01/dns_challenge.go +++ b/challenge/dns01/dns_challenge.go @@ -15,6 +15,7 @@ import ( "github.com/go-acme/lego/v5/challenge" "github.com/go-acme/lego/v5/internal/wait" "github.com/go-acme/lego/v5/log" + "github.com/miekg/dns" ) const ( @@ -28,7 +29,7 @@ const ( DefaultTTL = 120 ) -const prefix = "_acme-challenge" +const challengeLabel = "_acme-challenge" type ValidateFunc func(ctx context.Context, core *api.Core, domain string, chlng acme.Challenge) error @@ -62,6 +63,7 @@ func NewChallenge(core *api.Core, validate ValidateFunc, provider challenge.Prov // It does not validate record propagation or do anything at all with the ACME server. func (c *Challenge) PreSolve(ctx context.Context, authz acme.Authorization) error { domain := challenge.GetTargetedDomain(authz) + log.Info("dns01: preparing to solve the challenge.", log.DomainAttr(domain)) chlng, err := challenge.FindChallenge(challenge.DNS01, authz) @@ -89,6 +91,7 @@ func (c *Challenge) PreSolve(ctx context.Context, authz acme.Authorization) erro func (c *Challenge) Solve(ctx context.Context, authz acme.Authorization) error { domain := challenge.GetTargetedDomain(authz) + log.Info("dns01: trying to solve the challenge.", log.DomainAttr(domain)) chlng, err := challenge.FindChallenge(challenge.DNS01, authz) @@ -202,13 +205,13 @@ func GetChallengeInfo(ctx context.Context, domain, keyAuth string) ChallengeInfo ok, _ := strconv.ParseBool(os.Getenv("LEGO_DISABLE_CNAME_SUPPORT")) - fqdn := fmt.Sprintf("%s.%s.", prefix, domain) + fqdn := getAuthorizationDomainName(domain) return ChallengeInfo{ Value: value, FQDN: getChallengeFQDN(ctx, fqdn, false), EffectiveFQDN: getChallengeFQDN(ctx, fqdn, !ok), - Prefix: prefix, + Prefix: challengeLabel, } } @@ -219,3 +222,9 @@ func getChallengeFQDN(ctx context.Context, fqdn string, followCNAME bool) string return DefaultClient().lookupCNAME(ctx, fqdn) } + +// getAuthorizationDomainName returns the fully qualified DNS label +// used by the dns-01 challenge for the given domain. +func getAuthorizationDomainName(domain string) string { + return dns.Fqdn(challengeLabel + "." + domain) +} diff --git a/challenge/dnspersist01/dns_persist_challenge.go b/challenge/dnspersist01/dns_persist_challenge.go index 737d4712c..651c0dec0 100644 --- a/challenge/dnspersist01/dns_persist_challenge.go +++ b/challenge/dnspersist01/dns_persist_challenge.go @@ -21,18 +21,6 @@ const validationLabel = "_validation-persist" // ValidateFunc validates a challenge with the ACME server. type ValidateFunc func(ctx context.Context, core *api.Core, domain string, chlng acme.Challenge) error -// ChallengeInfo contains the information used to create a dns-persist-01 TXT record. -type ChallengeInfo struct { - // FQDN is the full-qualified challenge domain (i.e. `_validation-persist.[domain].`). - FQDN string - - // Value contains the TXT record value, an RFC 8659 issue-value. - Value string - - // IssuerDomainName is the normalized issuer-domain-name used in Value. - IssuerDomainName string -} - // Challenge implements the dns-persist-01 challenge. type Challenge struct { core *api.Core @@ -76,6 +64,8 @@ func (c *Challenge) Solve(ctx context.Context, authz acme.Authorization) error { return errors.New("dnspersist01: empty identifier") } + log.Info("dnspersist01: trying to solve the challenge.", log.DomainAttr(domain)) + chlng, err := challenge.FindChallenge(challenge.DNSPersist01, authz) if err != nil { return err @@ -185,6 +175,18 @@ func (c *Challenge) hasMatchingRecord(records []TXTRecord, issuerDomainName stri }) } +// ChallengeInfo contains the information used to create a dns-persist-01 TXT record. +type ChallengeInfo struct { + // FQDN is the full-qualified challenge domain (i.e. `_validation-persist.[domain].`). + FQDN string + + // Value contains the TXT record value, an RFC 8659 issue-value. + Value string + + // IssuerDomainName is the normalized issuer-domain-name used in Value. + IssuerDomainName string +} + // GetChallengeInfo returns information used to create a DNS TXT record // which can fulfill the `dns-persist-01` challenge. // Domain, issuerDomainName, and accountURI parameters are required.