Certbot with certbot-dns-ovh fails to identify subdomain zone


I chose OVH to provide the DNS zone for home.mkrebs.de, while mkrebs.de is hosted at a different DNS provider which does not offer API access.

Now when trying to register a certificate for server.home.mkrebs.de, certbot fails, as it tries to find the zone "mkrebs.de" at OVH, while the zone is named "home.mkrebs.de".

The version of my client is: 2.7.0

On a SSH shell, I run:
sudo certbot certonly --dry-run --dns-ovh -d "server.home.mkrebs.de" --dns-ovh-credentials /etc/letsencrypt/ovh-api.ini

This produces the following output:
Unexpected error determining zone identifier for server.home.mkrebs.de: Domain mkrebs.de not found

From the source code of certbot-dns-ovh, I would assume that the plugin tries server.home.mkrebs.de, home.mkrebs.de, mkrebs.de, but I can't tell for sure. Unfortunately, I can't trace the https-traffic to see what actually is part of the communication with OVH.

I already can rule out an authorization problem, as the API user has been provided with GET /domain/zone/* privileges (plus PUT/POST/DELETE).

With the ACME plugin, this works fine - but I would love to stick with Certbot.

1 Like

@miccgn Welcome to the community

Based on the error it certainly looks like the OVH plugin looks for the root domain too. I don't read python very well so can't say for sure. The Certbot docs don't elaborate.

I suggest posting this on the Certbot github. While the Certbot devs check here occasionally you will reach them more directly at the github. One past issue there implied the plugin does in fact try to verify it can reach the root domain with the OVH credentials. Which, if confirmed, won't work for your case of course.

I don't often refer people to that github but this seems a good time for that :slight_smile:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.