Merge branch 'dev'

Author: infinityofspace

Readme.md

@@ -333,7 +333,6 @@ All modules used by this project are listed below:
 | [zope.interface](https://github.com/zopefoundation/zope.interface) | [ZPL-2.1](https://raw.githubusercontent.com/zopefoundation/zope.interface/master/LICENSE.txt) |
 |          [setuptools](https://github.com/pypa/setuptools)          |             [MIT](https://raw.githubusercontent.com/pypa/setuptools/main/LICENSE)             |
 |    [pkb_client](https://github.com/infinityofspace/pkb_client)     |            [MIT](https://github.com/infinityofspace/pkb_client/blob/main/License)             |
-|     [tldextract](https://github.com/john-kurkowski/tldextract)     |  [BSD 3-Clause](https://raw.githubusercontent.com/john-kurkowski/tldextract/master/LICENSE)   |
 |         [dnspython](https://github.com/rthalley/dnspython)         |           [ISC](https://raw.githubusercontent.com/rthalley/dnspython/master/LICENSE)          |
 
 Furthermore, this readme file contains embeddings of [Shields.io](https://github.com/badges/shields).

certbot_dns_porkbun/__init__.py

@@ -1 +1 @@
-__version__ = "v0.3"
+__version__ = "v0.4"

certbot_dns_porkbun/cert/client.py

@@ -1,6 +1,6 @@
 import logging
 
-import tldextract
+import dns.name
 import zope.interface
 from certbot import errors, interfaces
 from certbot.plugins import dns_common
@@ -75,6 +75,7 @@ def _setup_credentials(self) -> None:
     def _perform(self, domain: str, validation_name: str, validation: str) -> None:
         """
         Add the validation DNS TXT record to the provided Porkbun domain.
+        Moreover, it resolves the canonical name (CNAME) for the provided domain with the acme txt prefix.
 
         :param domain: the Porkbun domain for which a TXT record will be created
         :param validation_name: the value to validate the dns challenge
@@ -83,56 +84,44 @@ def _perform(self, domain: str, validation_name: str, validation: str) -> None:
         :raise PluginError: if the TXT record can not be set or something goes wrong
         """
 
-        self._domain = Authenticator._resolve_canonical_name(domain)
+        # replace wildcard in domain
+        domain = domain.replace("*", "")
+        domain = f"{ACME_TXT_PREFIX}.{domain}"
 
-        tld = tldextract.TLDExtract(suffix_list_urls=None)
-        extracted_domain = tld(self._domain)
+        propagation_seconds = self.conf("propagation_seconds")
 
-        subdomains = extracted_domain.subdomain
-        # remove wildcard from subdomains
-        subdomains = subdomains.replace("*.", "")
-        subdomains = subdomains.replace("*", "")
+        try:
+            # follow all CNAME and DNAME records
+            canonical_name = resolver.canonical_name(domain)
+
+            if domain != canonical_name.to_text().rstrip('.') and propagation_seconds < 600:
+                logging.warning("Make sure your CNAME record is propagated to all DNS servers, "
+                                "because the default CNAME TTL propagation time is 600 seconds "
+                                f"and your certbot propagation time is only {propagation_seconds}.")
+
+            self._root_domain = canonical_name.split(3)[1].to_text().rstrip('.')
+
+            acme_challenge_prefix = dns.name.Name(labels=[ACME_TXT_PREFIX])
+            if acme_challenge_prefix.fullcompare(dns.name.Name(labels=[canonical_name.labels[0]]))[0] \
+                    == dns.name.NAMERELN_EQUAL:
+                name = canonical_name.split(3)[0].to_text()
+            else:
+                name = acme_challenge_prefix.concatenate(canonical_name.split(3)[0]).to_text()
+        except (resolver.NoAnswer, resolver.NXDOMAIN):
+            canonical_name = domain
 
-        if subdomains:
-            name = f"{ACME_TXT_PREFIX}.{subdomains}"
-        else:
-            name = ACME_TXT_PREFIX
+            self._root_domain = ".".join(canonical_name.split('.')[-2:])
 
-        root_domain = f"{extracted_domain.domain}.{extracted_domain.suffix}"
+            name = ".".join(canonical_name.split('.')[:-2])
 
         try:
-            self.record_ids[validation] = self._get_porkbun_client().dns_create(root_domain,
+            self.record_ids[validation] = self._get_porkbun_client().dns_create(self._root_domain,
                                                                                 "TXT",
                                                                                 validation,
                                                                                 name=name)
         except Exception as e:
             raise errors.PluginError(e)
 
-    @staticmethod
-    def _resolve_canonical_name(domain: str) -> str:
-        """
-        Resolve canonical name (CNAME) for the provided domain with the acme txt prefix.
-
-        :param domain: the domain to resolve
-        :raise PluginError:  if something goes wrong when following CNAME
-        :return: the final resolved domain
-        """
-
-        # ipv4
-        try:
-            return resolver.resolve(f"{ACME_TXT_PREFIX}.{domain}", 'A').canonical_name.to_text().rstrip('.')
-        except resolver.NXDOMAIN as e:
-            raise errors.PluginError(e)
-        except resolver.NoAnswer as e:
-            # only logging and give a second try with ipv6
-            logging.warning(e)
-
-        # ipv6
-        try:
-            return resolver.resolve(f"{ACME_TXT_PREFIX}.{domain}", "AAAA").canonical_name.to_text().rstrip('.')
-        except (resolver.NoAnswer, resolver.NXDOMAIN) as e:
-            raise errors.PluginError(e)
-
     def _cleanup(self, domain: str, validation_name: str, validation: str) -> None:
         """
         Delete the TXT record of the provided Porkbun domain.
@@ -144,15 +133,11 @@ def _cleanup(self, domain: str, validation_name: str, validation: str) -> None:
         :raise PluginError:  if the TXT record can not be deleted or something goes wrong
         """
 
-        tld = tldextract.TLDExtract(suffix_list_urls=None)
-        extracted_domain = tld(self._domain)
-        root_domain = f"{extracted_domain.domain}.{extracted_domain.suffix}"
-
         # get the record id with the TXT record
         record_id = self.record_ids[validation]
 
         try:
-            if not self._get_porkbun_client().dns_delete(root_domain, record_id):
+            if not self._get_porkbun_client().dns_delete(self._root_domain, record_id):
                 raise errors.PluginError("TXT for domain {} was not deleted".format(domain))
         except Exception as e:
             raise errors.PluginError(e)

requirements.txt

@@ -1,5 +1,5 @@
 setuptools>=39.0.1
+zope.interface>=5.0.0
 certbot>=1.7.0
 pkb_client>=1.1
-tldextract>=3.1.0
 dnspython~=2.2

third-party-notices

@@ -326,41 +326,6 @@ SOFTWARE.
 
 ###########################################################################################
 
-###########################################################################################
-## tldextract: ##
-
-BSD 3-Clause License
-
-Copyright (c) 2020, John Kurkowski
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice, this
-   list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright notice,
-   this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its
-   contributors may be used to endorse or promote products derived from
-   this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-###########################################################################################
-
 
 ###########################################################################################
 ## dnspython: ##