Provider does not support requested mode mode=default provider=azure

[Keithsc]

Hi, I am getting the following error when I try and request a cert using acme.sh/dns_acmeproxy > acmeproxy

Provider does not support requested mode mode=default provider=azure

I have created two Azure Principal account and have tried both but get the same provider error each time.

Any suggestions ?

docker run --rm -it \

--env ACMEPROXY_ENDPOINT="https://acmecert.mydomain.com:9096"
--env ACMEPROXY_USERNAME="username"
--env ACMEPROXY_PASSWORD="password"
--add-host acmecert.mydomain.com:a.b.c.d
-v "$(pwd)/out":/acme.sh
neilpang/acme.sh --issue --dns dns_acmeproxy -d test1.mydomain.com
[Wed Oct 14 09:07:58 UTC 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Oct 14 09:07:58 UTC 2020] Create account key ok.
[Wed Oct 14 09:07:58 UTC 2020] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Wed Oct 14 09:08:00 UTC 2020] Registered
[Wed Oct 14 09:08:00 UTC 2020] ACCOUNT_THUMBPRINT='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[Wed Oct 14 09:08:00 UTC 2020] Creating domain key
[Wed Oct 14 09:08:00 UTC 2020] The domain key is here: /acme.sh/test1.mydomain.com/test1.mydomain.com.key
[Wed Oct 14 09:08:00 UTC 2020] Single domain='test1.mydomain.com'
[Wed Oct 14 09:08:00 UTC 2020] Getting domain auth token for each domain
[Wed Oct 14 09:08:02 UTC 2020] Getting webroot for domain='test1.mydomain.com'
[Wed Oct 14 09:08:02 UTC 2020] Adding txt value: Uxh82oLidn8X4---------------------P9UGBefw1QoU for domain: _acme-challenge.test1.mydomain.com
[Wed Oct 14 09:08:02 UTC 2020] Using acmeproxy
[Wed Oct 14 09:08:02 UTC 2020] Error encountered during record addition
[Wed Oct 14 09:08:02 UTC 2020] Provider does not support requested mode
[Wed Oct 14 09:08:02 UTC 2020] Error add txt for domain:_acme-challenge.test1.mydomain.com
[Wed Oct 14 09:08:02 UTC 2020] Please add '--debug' or '--log' to check more details.
[Wed Oct 14 09:08:02 UTC 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

docker run -it -v $PWD/config:/etc/acmeproxy -v $PWD/logs:/var/log -p 9096:9096 acmeproxy
[Oct 14 09:06:08] DEBUG Using environment variable name=AZURE_CLIENT_ID value=xxxxx
[Oct 14 09:06:08] DEBUG Using environment variable name=AZURE_CLIENT_SECRET value=yyyyyy
[Oct 14 09:06:08] DEBUG Using environment variable name=AZURE_RESOURCE_GROUP value=zzzzzzz
[Oct 14 09:06:08] DEBUG Using environment variable name=AZURE_SUBSCRIPTION_ID value=1111222233334444
[Oct 14 09:06:08] DEBUG Using environment variable name=AZURE_TENANT_ID value=555566667778888
[Oct 14 09:06:08] DEBUG Using flag accesslog-file=/var/log/acmeproxy.log
[Oct 14 09:06:08] DEBUG Using flag allowed-domains=[mydomain.com]
[Oct 14 09:06:08] DEBUG Using flag allowed-ips=[127.0.0.1 172.16.0.0/16 172.17.0.1 1.2.3.4/32]
[Oct 14 09:06:08] DEBUG Using flag config-file=/etc/acmeproxy/config.yml
[Oct 14 09:06:08] DEBUG Using flag environment=[AZURE_CLIENT_ID=xxxxxx AZURE_CLIENT_SECRET=yyyyyy AZURE_RESOURCE_GROUP=zzzzzz AZURE_SUBSCRIPTION_ID=111222334444 AZURE_TENANT_ID=55566667777888]
[Oct 14 09:06:08] DEBUG Using flag htpasswd-file=
[Oct 14 09:06:08] DEBUG Using flag interface=acmecert.mydomain.com
[Oct 14 09:06:08] DEBUG Using flag log-forcecolors=true
[Oct 14 09:06:08] DEBUG Using flag log-forceformatting=true
[Oct 14 09:06:08] DEBUG Using flag log-level=debug
[Oct 14 09:06:08] DEBUG Using flag log-timestamp=true
[Oct 14 09:06:08] DEBUG Using flag port=9096
[Oct 14 09:06:08] DEBUG Using flag provider=azure
[Oct 14 09:06:08] DEBUG Using flag ssl=auto
[Oct 14 09:06:08] DEBUG Using flag ssl.auto.agreed=true
[Oct 14 09:06:08] DEBUG Using flag ssl.auto.ca=https://acme-v02.api.letsencrypt.org/directory
[Oct 14 09:06:08] DEBUG Using flag ssl.auto.email=[email protected]
[Oct 14 09:06:08] DEBUG Using flag ssl.auto.key-type=rsa2048
[Oct 14 09:06:08] DEBUG Using flag ssl.auto.path=/etc/acmeproxy/certmagic
[Oct 14 09:06:08] DEBUG Using flag ssl.auto.provider=azure
[Oct 14 09:06:08] DEBUG Using flag ssl.manual.cert-file=
[Oct 14 09:06:08] DEBUG Using flag ssl.manual.key-file=
[Oct 14 09:06:08] INFO Setting up server using SSL (certmagic)
[Oct 14 09:06:08] INFO Started certificate maintenance routine
[Oct 14 09:06:08] INFO Starting acmeproxy addr=:9096 endpoint=https://acmecert.mydomain.com:9096
[Oct 14 09:08:02] DEBUG present: 172.17.0.1: Received JSON payload (default mode) fqdn=_acme-challenge.test1.mydomain.com. value=Uxh82oLidjsfhuifuy4338h7qP9UGBefw1QoU
[Oct 14 09:08:02] DEBUG present: 172.17.0.1: Checking allowed domain allowedDomain=mydomain.com checkDomain=test1.mydomain.com
[Oct 14 09:08:02] DEBUG present: 172.17.0.1: Provider does not support requested mode mode=default provider=azure

[mhite]

Hitting this with the gcloud provider, too.

[andrewcchen]

From the readme:

to use acmeproxy as backend with providers from the lego package they need to implement a CreateRecord/RemoveRecord method that takes an FQDN + acme value as input. The discussion if this should be practice is on-going, see go-acme/lego#720. As an example take a look at go-acme/lego#883 of how this was implemented for the transip provider (don't worry, it's not difficult).