Skip to content

oraclecloud: PATCH does not work on non-exisiting _acme-challenge TXT records #2626

@tyskjohan

Description

@tyskjohan

Welcome

  • Yes, I'm using a binary release within 2 latest releases.
  • Yes, I've searched similar issues on GitHub and didn't find any.
  • Yes, I've included all information below (version, config, etc).

What did you expect to see?

I expected LEGO to create a new TXT record for _acme-challenge in the domain I indicated, when one did not exist.
I even tried creating one from the OCI console usig clickOps, but LEGO deleted it.

What did you see instead?

No ACME challenge record created.
Manually created record deleted.

How do you use lego?

Through Terraform ACME provider

Reproduction steps

Try to create an ACME certificate from scratch with Domain challenge going to Oracle OCI.

Effective version of lego

v4.25.2

Logs

acme_certificate.my_acme_certificate: Still creating... [1m10s elapsed]
╷
│ Error: error creating certificate: error: one or more domains had a problem:
│ [*.subdomain.mydomain.org] [*.subdomain.mydomain.org] acme: error presenting token: 2 errors occurred:
│ 	* rpc error: code = Unknown desc = oraclecloud: Error returned by Dns Service. Http Status Code: 404. Error Code: NotAuthorizedOrNotFound. Opc request id: 3f98f21ef40044d2f0f0a5dcc3bbb4f5/1BBDB9D9545165EBAA5BE4B37034F0A4/0A8D85DAD8AB4FC3C6A755A485B557A8. Message: Authorization failed or requested resource not found.
│ Operation Name: PatchDomainRecords
│ Timestamp: 2025-08-22 13:58:25 +0000 GMT
│ Client Version: Oracle-GoSDK/65.95.2
│ Request Endpoint: PATCH https://dns.us-phoenix-1.oci.oraclecloud.com/20180115/zones/mydomain.org./records/_acme-challenge.subdomain.mydomain.org?compartmentId=ocid1.compartment.oc00..aaaaaaaahjmabrw2gofibdvrc7j65loechpmm7v7gv65jal27dtlvvzwxxxx
│ Troubleshooting Tips: See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_404__404_notauthorizedornotfound for more information about resolving this error.
│ Also see https://docs.oracle.com/iaas/api/#/en/dns/20180115/Records/PatchDomainRecords for details on this operation's requirements.
│ To get more info on the failing request, you can set OCI_GO_SDK_DEBUG env var to info or higher level to log the request/response details.
│ If you are unable to resolve this Dns issue, please contact Oracle support and provide them this full error message.
│ 	* error encountered while presenting token for DNS challenge: rpc error: code = Unknown desc = oraclecloud: Error returned by Dns Service. Http Status Code: 404. Error Code: NotAuthorizedOrNotFound. Opc request id: 3f98f21ef40044d2f0f0a5dcc3bbb4f5/1BBDB9D9545165EBAA5BE4B37034F0A4/0A8D85DAD8AB4FC3C6A755A485B557A8. Message: Authorization failed or requested resource not found.
│ Operation Name: PatchDomainRecords
│ Timestamp: 2025-08-22 13:58:25 +0000 GMT
│ Client Version: Oracle-GoSDK/65.95.2
│ Request Endpoint: PATCH https://dns.us-phoenix-1.oci.oraclecloud.com/20180115/zones/mydomain.org./records/_acme-challenge.subdomain.mydomain.org?compartmentId=ocid1.compartment.oc00..aaaaaaaahjmabrw2gofibdvrc7j65loechpmm7v7gv65jal27dtlvvzwxxxx
│ Troubleshooting Tips: See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_404__404_notauthorizedornotfound for more information about resolving this error.
│ Also see https://docs.oracle.com/iaas/api/#/en/dns/20180115/Records/PatchDomainRecords for details on this operation's requirements.
│ To get more info on the failing request, you can set OCI_GO_SDK_DEBUG env var to info or higher level to log the request/response details.
│ If you are unable to resolve this Dns issue, please contact Oracle support and provide them this full error message.
│ 
│ 
│ 
│ 
│   with acme_certificate.my_acme_certificate,
│   on acme.tf line 30, in resource "acme_certificate" "my_acme_certificate":
│   30: resource "acme_certificate" "my_acme_certificate" {

Go environment (if applicable)

N/A

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions