[certbot-dns-google] Lookup zone based on validation name instead of domain #9930
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If you've set up delegation of the _acme-challenge subdomain to a validation-specific zone in Google Cloud DNS the plugin fails to find the correct zone since the current lookup is based on the domain.
E.g.
Lets say I have two zones in two separate GCP projects (Cloud DNS):
example.com
with a NS record that delegates_acme-challenge.example.com
to Zone 2._acme-challenge.example.com
.Running certbot with
--dns-google-project project-b --domain example.com
will fail to find the zone in project b.This changes the zone lookup for the Google Cloud DNS validator to the validation_name instead of the domain argument. The validation_name is usually just the domain name with the "_acme-challenge." prefix.
Pull Request Checklist
master
section ofcertbot/CHANGELOG.md
to include a description of the change being made.AUTHORS.md
if you like.