Commit d952255e authored by Adrien Dorsaz's avatar Adrien Dorsaz

v2: dnspython is a stub resolver, so self-check TXT record query needs to happen…

v2: dnspython is a stub resolver, so self-check TXT record query needs to happen on a non-CNAME record

This reverts ada9f449 as suggested and
explained on Github PR #1
parent a819f3c7
Pipeline #201 passed with stage
in 9 minutes and 47 seconds
......@@ -203,7 +203,7 @@ def get_crt(config, log=LOGGER):
while challenge_verified is False:
try:
log.debug('Self test (try: {0}): Check resource with value "{1}" exits on nameservers: {2}'.format(number_check_fail, keydigest64, resolver.nameservers))
for response in resolver.query("_acme-challenge.{0}.".format(domain), rdtype="TXT").rrset:
for response in resolver.query(dnsrr_domain, rdtype="TXT").rrset:
log.debug(" - Found value {0}".format(response.to_text()))
challenge_verified = challenge_verified or response.to_text() == '"{0}"'.format(keydigest64)
except dns.exception.DNSException as dnsexception:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment