Letsencrypt renewal error due to Gandi DNS failing to be set using either API Token or PAT
-
Since I installed 9.1, I noticed 2 apps I used based on domains from Gandi were not restarting due to letsencrypt provisioning issues. Basically Cloudron can't connect to Gandi either using the legacy API token or the new PAT.
Here's the error:
Gandi DNS error [403] {"object": "HTTPForbidden", "cause": "Forbidden", "code": 403, "message": "Access was denied to this resource."} BoxError: Gandi DNS error [403] {"object": "HTTPForbidden", "cause": "Forbidden", "code": 403, "message": "Access was denied to this resource."}
This also happens when I manually try to change those values directly in the Domains interface. (I tried the Gandi CURL example with the same token, so this is clearly not an error with the token)
What can I do to fix this. I already have a customer complaining their website is down, and I seemingly can't do anything to fix this, since it's letsencrypt related.
-
R ruihildt referenced this topic
-
We have to debug this, for a start you can switch that domain over to manual and fixup the A record manually to point to the server's ip
-
Since the token works in your CURL example, can you run that from the server itself to see if there might be some IP block/allowlist issue?
@nebulon I can.
But now I have created a token which can theoretically update all domains.
But I'm starting to think it's Gandi who changed their permission model and actually, while maybe I can access through the UI to many domain where I've been added as a technical contact, it's possible that somehow that permissions still need to be added manually elsewhere.
I'll contact Gandi support next week.
-
I'm interested to know what you discover because I use Gandi too...
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login