Add DNS provider for Gigahost.no

[ldez]

Closes #2722

Ping @francisrath, can you run the command with your domain, email, credentials, etc. (and put the output of this command to a comment)?

make build
rm -rf .lego

GIGAHOSTNO_USERNAME="xxx" \
GIGAHOSTNO_PASSWORD="yyy" \
lego --email you@example.com --dns gigahostno -d '*.example.com' -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

Note that the wildcard domain is important.

How to test this PR?

1. You need Go
2. Check out the PR:

   git clone https://github.com/ldez/lego.git
   cd lego
   git checkout feat/dns/gigahost

3. Compile lego:
   • if you have make: make build
   • if you don't have make: go build -o dist/lego ./cmd/lego
4. Run the following command with your information (email, domain, credentials):

   GIGAHOSTNO_USERNAME="xxx" \
   GIGAHOSTNO_PASSWORD="yyy" \
   ./dist/lego --email you@example.com --dns gigahostno -d '*.example.com' -d example.com  -s https://acme-staging-v02.api.letsencrypt.org/directory run

   The wildcard domain is important
5. Before each run of the command, you should clean your local environment:

   rm -rf .lego

[ldez]

There are two companies with the same name: one in Denmark and one in Norway.

Norway (Gigahost AS, created in 2006):

• https://gigahost.no/

Denmark (Gigahost, created in 2005):

• https://gigahost.dk/
• https://gigahost.uk/
• https://gigahost.us/
• https://gigahost.de/

The two companies don't seem related.

So I will change the name from gigahost to gigahostno.

Like that, if we have to create an implementation for the company from Denmark, we can use gigahostdk.

[ldez]

I changed the authentication system: I replaced GIGAHOSTNO_TOKEN with GIGAHOSTNO_USERNAME and GIGAHOSTNO_PASSWORD.

My guess is that code is a TOTP code, so I added GIGAHOSTNO_SECRET to provide the secret used to generate the TOTP.

[francisrath]

It worked yesterday, but after the latest commits I get this:

fran@francis-9950x:~/git/lego$ ./dist/lego --email francis@cloudline.no --dns gigahostno -d '*.lego-acme-test.no' -d lego-acme-test.no -s https://acme-staging-v02.api.letsencrypt.org/directory run
2025/11/24 08:23:46 [INFO] [*.lego-acme-test.no, lego-acme-test.no] acme: Obtaining bundled SAN certificate
2025/11/24 08:23:47 [INFO] [*.lego-acme-test.no] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245304533/20390403913
2025/11/24 08:23:47 [INFO] [lego-acme-test.no] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245304533/20390403923
2025/11/24 08:23:47 [INFO] [*.lego-acme-test.no] acme: use dns-01 solver
2025/11/24 08:23:47 [INFO] [lego-acme-test.no] acme: Could not find solver for: tls-alpn-01
2025/11/24 08:23:47 [INFO] [lego-acme-test.no] acme: Could not find solver for: http-01
2025/11/24 08:23:47 [INFO] [lego-acme-test.no] acme: use dns-01 solver
2025/11/24 08:23:47 [INFO] [*.lego-acme-test.no] acme: Preparing to solve DNS-01
2025/11/24 08:23:47 [INFO] [lego-acme-test.no] acme: Preparing to solve DNS-01
2025/11/24 08:23:47 [INFO] [*.lego-acme-test.no] acme: Cleaning DNS-01 challenge
2025/11/24 08:23:48 [WARN] [*.lego-acme-test.no] acme: cleaning up failed: gigahostno: authenticate: unable to unmarshal response: [status code: 200] body: {"meta":{"status":200,"status_message":"200 OK","maintenance":false},"data":{"token":"XXXXXXXXXXXXXXXXXXXXXXXXXXX","token_expire":1764055428,"customer_id":"16030","contact_id":"15182","customer_name":"Cloudline AS","contact_username":"francis@cloudline.no","contact_access_level":"admin","customer_address":"Gr\u00f8nland 14","customer_zipcode":"5918","customer_city":"Frekhaug","customer_province":"Vestland","ga_secret":"XXXXXXXXXXXXXXXXXXXXXXXXXXXVX","ga_enabled":"1","vat":1}} error: json: cannot unmarshal number into Go struct field Token.data.token_expire of type string 
2025/11/24 08:23:48 [INFO] [lego-acme-test.no] acme: Cleaning DNS-01 challenge
2025/11/24 08:23:48 [WARN] [lego-acme-test.no] acme: cleaning up failed: gigahostno: authenticate: unable to unmarshal response: [status code: 200] body: {"meta":{"status":200,"status_message":"200 OK","maintenance":false},"data":{"token":"XXXXXXXXXXXXXXXXXXXXXXXXXXX","token_expire":1764055428,"customer_id":"16030","contact_id":"15182","customer_name":"Cloudline AS","contact_username":"francis@cloudline.no","contact_access_level":"admin","customer_address":"Gr\u00f8nland 14","customer_zipcode":"5918","customer_city":"Frekhaug","customer_province":"Vestland","ga_secret":"XXXXXXXXXXXXXXXXXXXXXXXXXXX","ga_enabled":"1","vat":1}} error: json: cannot unmarshal number into Go struct field Token.data.token_expire of type string 
2025/11/24 08:23:48 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245304533/20390403913
2025/11/24 08:23:48 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245304533/20390403923
2025/11/24 08:23:48 Could not obtain certificates:
	error: one or more domains had a problem:
[*.lego-acme-test.no] [*.lego-acme-test.no] acme: error presenting token: gigahostno: authenticate: unable to unmarshal response: [status code: 200] body: {"meta":{"status":200,"status_message":"200 OK","maintenance":false},"data":{"token":"XXXXXXXXXXXXXXXXXXXXXXXXXXX","token_expire":1764055427,"customer_id":"16030","contact_id":"15182","customer_name":"Cloudline AS","contact_username":"francis@cloudline.no","contact_access_level":"admin","customer_address":"Gr\u00f8nland 14","customer_zipcode":"5918","customer_city":"Frekhaug","customer_province":"Vestland","ga_secret":"XXXXXXXXXXXXXXXXXXXXXXXXXXXVX","ga_enabled":"1","vat":1}} error: json: cannot unmarshal number into Go struct field Token.data.token_expire of type string
[lego-acme-test.no] [lego-acme-test.no] acme: error presenting token: gigahostno: authenticate: unable to unmarshal response: [status code: 200] body: {"meta":{"status":200,"status_message":"200 OK","maintenance":false},"data":{"token":"XXXXXXXXXXXXXXXXXXXXXXXXXXX","token_expire":1764055427,"customer_id":"16030","contact_id":"15182","customer_name":"Cloudline AS","contact_username":"francis@cloudline.no","contact_access_level":"admin","customer_address":"Gr\u00f8nland 14","customer_zipcode":"5918","customer_city":"Frekhaug","customer_province":"Vestland","ga_secret":"XXXXXXXXXXXXXXXXXXXXXXXXXXXVX","ga_enabled":"1","vat":1}} error: json: cannot unmarshal number into Go struct field Token.data.token_expire of type string

(I redacted token and 2FA secret)

When I do a curl to authenticate manually this is the response format. Note that token_expire is numeric:

{
  "meta": {
    "status": 200,
    "status_message": "200 OK",
    "maintenance": false
  },
  "data": {
    "token": "XXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "token_expire": 1764055679,
    "customer_id": "16030",
    "contact_id": "15182",
    "customer_name": "Cloudline AS",
    "contact_username": "francis@cloudline.no",
    "contact_access_level": "admin",
    "customer_address": "Grønland 14",
    "customer_zipcode": "5918",
    "customer_city": "Frekhaug",
    "customer_province": "Vestland",
    "ga_secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "ga_enabled": "1",
    "vat": 1
  }
}

[ldez]

I changed the type. Can you pull and try again?

[francisrath]

More errors:

fran@francis-9950x:~/git/lego$ ./dist/lego --email francis@cloudline.no --dns gigahostno -d '*.lego-acme-test.no' -d lego-acme-test.no -s https://acme-staging-v02.api.letsencrypt.org/directory run
2025/11/24 14:47:34 No key found for account francis@cloudline.no. Generating a P256 key.
2025/11/24 14:47:34 Saved key to /home/fran/git/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/francis@cloudline.no/keys/francis@cloudline.no.key
2025/11/24 14:47:34 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf
Do you accept the TOS? Y/n
Y
2025/11/24 14:47:36 [INFO] acme: Registering account for francis@cloudline.no
!!!! HEADS UP !!!!

Your account credentials have been saved in your
configuration directory at "/home/fran/git/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from the ACME server so making regular
backups of this folder is ideal.
2025/11/24 14:47:37 [INFO] [*.lego-acme-test.no, lego-acme-test.no] acme: Obtaining bundled SAN certificate
2025/11/24 14:47:38 [INFO] [*.lego-acme-test.no] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245367003/20394414823
2025/11/24 14:47:38 [INFO] [lego-acme-test.no] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245367003/20394414833
2025/11/24 14:47:38 [INFO] [*.lego-acme-test.no] acme: use dns-01 solver
2025/11/24 14:47:38 [INFO] [lego-acme-test.no] acme: Could not find solver for: tls-alpn-01
2025/11/24 14:47:38 [INFO] [lego-acme-test.no] acme: Could not find solver for: http-01
2025/11/24 14:47:38 [INFO] [lego-acme-test.no] acme: use dns-01 solver
2025/11/24 14:47:38 [INFO] [*.lego-acme-test.no] acme: Preparing to solve DNS-01
2025/11/24 14:47:38 [INFO] [lego-acme-test.no] acme: Preparing to solve DNS-01
2025/11/24 14:47:38 [INFO] [*.lego-acme-test.no] acme: Cleaning DNS-01 challenge
2025/11/24 14:47:38 [WARN] [*.lego-acme-test.no] acme: cleaning up failed: gigahostno: get zones: unable to unmarshal response: [status code: 200] body: {"meta":{"status":200,"status_message":"200 OK","maintenance":false,"message":"200 OK"},"data":[{"zone_id":"227","cust_id":"16030","order_id":"26117","zone_name":"lego-acme-test.no","zone_type":"NATIVE","zone_active":"1","zone_protected":"1","zone_is_registered":"1","domain_registrar":"norid","domain_status":"active","domain_registered_date":"2025-11-23 15:17:38","domain_expiry_date":"2026-11-23 15:17:38","domain_updated_date":"2025-11-23 16:17:38","domain_auto_renew":"1","domain_epp_id":"LEG2175D-NORID","domain_registrant_id":"CA19777O","domain_tech_id":"GH295R","domain_auth_info":":XXXXXXXXXXXXXX","domain_locked":"0","domain_dnssec":"0","domain_dnssec_data":null,"domain_protected_email":null,"zone_created":"2025-11-23 16:17:29","zone_updated":false,"external_dns":"0","record_count":4,"zone_name_display":"lego-acme-test.no"},{"zone_id":"226","cust_id":"16030","order_id":"26114","zone_name":"teoritester.no","zone_type":"NATIVE","zone_active":"1","zone_protected":"1","zone_is_registered":"1","domain_registrar":"norid","domain_status":"active","domain_registered_date":"2025-11-23 14:15:01","domain_expiry_date":"2026-11-23 14:15:01","domain_updated_date":"2025-11-23 15:15:02","domain_auto_renew":"1","domain_epp_id":"TEO218D-NORID","domain_registrant_id":"CA19774O","domain_tech_id":"GH295R","domain_auth_info":"XXXXXXXXXXXXXX","domain_locked":"0","domain_dnssec":"0","domain_dnssec_data":null,"domain_protected_email":null,"zone_created":"2025-11-23 15:13:27","zone_updated":false,"external_dns":"0","record_count":5,"zone_name_display":"teoritester.no"},{"zone_id":"229","cust_id":"16030","order_id":"26119","zone_name":"xn--dittfrerkort-zjb.no","zone_type":"NATIVE","zone_active":"1","zone_protected":"1","zone_is_registered":"1","domain_registrar":"norid","domain_status":"active","domain_registered_date":"2014-12-01 12:40:48","domain_expiry_date":"2026-12-01 12:40:48","domain_updated_date":"2025-11-23 15:37:36","domain_auto_renew":"1","domain_epp_id":"DIT1003D-NORID","domain_registrant_id":"DCA822O","domain_tech_id":"GH295R","domain_auth_info":"XXXXXXXXXXXXXX","domain_locked":"0","domain_dnssec":"0","domain_dnssec_data":null,"domain_protected_email":null,"zone_created":"2025-11-23 16:37:15","zone_updated":false,"external_dns":"0","record_count":4,"zone_name_display":"dittf\u00f8rerkort.no"}]} error: json: cannot unmarshal bool into Go struct field Zone.data.zone_updated of type int 
2025/11/24 14:47:38 [INFO] [lego-acme-test.no] acme: Cleaning DNS-01 challenge
2025/11/24 14:47:38 [WARN] [lego-acme-test.no] acme: cleaning up failed: gigahostno: get zones: unable to unmarshal response: [status code: 200] body: {"meta":{"status":200,"status_message":"200 OK","maintenance":false,"message":"200 OK"},"data":[{"zone_id":"227","cust_id":"16030","order_id":"26117","zone_name":"lego-acme-test.no","zone_type":"NATIVE","zone_active":"1","zone_protected":"1","zone_is_registered":"1","domain_registrar":"norid","domain_status":"active","domain_registered_date":"2025-11-23 15:17:38","domain_expiry_date":"2026-11-23 15:17:38","domain_updated_date":"2025-11-23 16:17:38","domain_auto_renew":"1","domain_epp_id":"LEG2175D-NORID","domain_registrant_id":"CA19777O","domain_tech_id":"GH295R","domain_auth_info":"XXXXXXXXXXXXXXX","domain_locked":"0","domain_dnssec":"0","domain_dnssec_data":null,"domain_protected_email":null,"zone_created":"2025-11-23 16:17:29","zone_updated":false,"external_dns":"0","record_count":4,"zone_name_display":"lego-acme-test.no"},{"zone_id":"226","cust_id":"16030","order_id":"26114","zone_name":"teoritester.no","zone_type":"NATIVE","zone_active":"1","zone_protected":"1","zone_is_registered":"1","domain_registrar":"norid","domain_status":"active","domain_registered_date":"2025-11-23 14:15:01","domain_expiry_date":"2026-11-23 14:15:01","domain_updated_date":"2025-11-23 15:15:02","domain_auto_renew":"1","domain_epp_id":"TEO218D-NORID","domain_registrant_id":"CA19774O","domain_tech_id":"GH295R","domain_auth_info":"XXXXXXXXXXXXXX","domain_locked":"0","domain_dnssec":"0","domain_dnssec_data":null,"domain_protected_email":null,"zone_created":"2025-11-23 15:13:27","zone_updated":false,"external_dns":"0","record_count":5,"zone_name_display":"teoritester.no"},{"zone_id":"229","cust_id":"16030","order_id":"26119","zone_name":"xn--dittfrerkort-zjb.no","zone_type":"NATIVE","zone_active":"1","zone_protected":"1","zone_is_registered":"1","domain_registrar":"norid","domain_status":"active","domain_registered_date":"2014-12-01 12:40:48","domain_expiry_date":"2026-12-01 12:40:48","domain_updated_date":"2025-11-23 15:37:36","domain_auto_renew":"1","domain_epp_id":"DIT1003D-NORID","domain_registrant_id":"DCA822O","domain_tech_id":"GH295R","domain_auth_info":"XXXXXXXXXXXXXX","domain_locked":"0","domain_dnssec":"0","domain_dnssec_data":null,"domain_protected_email":null,"zone_created":"2025-11-23 16:37:15","zone_updated":false,"external_dns":"0","record_count":4,"zone_name_display":"dittf\u00f8rerkort.no"}]} error: json: cannot unmarshal bool into Go struct field Zone.data.zone_updated of type int 
2025/11/24 14:47:38 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245367003/20394414823
2025/11/24 14:47:38 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245367003/20394414833
2025/11/24 14:47:39 Could not obtain certificates:
	error: one or more domains had a problem:
[*.lego-acme-test.no] [*.lego-acme-test.no] acme: error presenting token: gigahostno: get zones: unable to unmarshal response: [status code: 200] body: {"meta":{"status":200,"status_message":"200 OK","maintenance":false,"message":"200 OK"},"data":[{"zone_id":"227","cust_id":"16030","order_id":"26117","zone_name":"lego-acme-test.no","zone_type":"NATIVE","zone_active":"1","zone_protected":"1","zone_is_registered":"1","domain_registrar":"norid","domain_status":"active","domain_registered_date":"2025-11-23 15:17:38","domain_expiry_date":"2026-11-23 15:17:38","domain_updated_date":"2025-11-23 16:17:38","domain_auto_renew":"1","domain_epp_id":"LEG2175D-NORID","domain_registrant_id":"CA19777O","domain_tech_id":"GH295R","domain_auth_info":"XXXXXXXXXXXXXX","domain_locked":"0","domain_dnssec":"0","domain_dnssec_data":null,"domain_protected_email":null,"zone_created":"2025-11-23 16:17:29","zone_updated":false,"external_dns":"0","record_count":4,"zone_name_display":"lego-acme-test.no"},{"zone_id":"226","cust_id":"16030","order_id":"26114","zone_name":"teoritester.no","zone_type":"NATIVE","zone_active":"1","zone_protected":"1","zone_is_registered":"1","domain_registrar":"norid","domain_status":"active","domain_registered_date":"2025-11-23 14:15:01","domain_expiry_date":"2026-11-23 14:15:01","domain_updated_date":"2025-11-23 15:15:02","domain_auto_renew":"1","domain_epp_id":"TEO218D-NORID","domain_registrant_id":"CA19774O","domain_tech_id":"GH295R","domain_auth_info":"XXXXXXXXXXXXXXX","domain_locked":"0","domain_dnssec":"0","domain_dnssec_data":null,"domain_protected_email":null,"zone_created":"2025-11-23 15:13:27","zone_updated":false,"external_dns":"0","record_count":5,"zone_name_display":"teoritester.no"},{"zone_id":"229","cust_id":"16030","order_id":"26119","zone_name":"xn--dittfrerkort-zjb.no","zone_type":"NATIVE","zone_active":"1","zone_protected":"1","zone_is_registered":"1","domain_registrar":"norid","domain_status":"active","domain_registered_date":"2014-12-01 12:40:48","domain_expiry_date":"2026-12-01 12:40:48","domain_updated_date":"2025-11-23 15:37:36","domain_auto_renew":"1","domain_epp_id":"DIT1003D-NORID","domain_registrant_id":"DCA822O","domain_tech_id":"GH295R","domain_auth_info":"XXXXXXXXXXXXXXXX","domain_locked":"0","domain_dnssec":"0","domain_dnssec_data":null,"domain_protected_email":null,"zone_created":"2025-11-23 16:37:15","zone_updated":false,"external_dns":"0","record_count":4,"zone_name_display":"dittf\u00f8rerkort.no"}]} error: json: cannot unmarshal bool into Go struct field Zone.data.zone_updated of type int
[lego-acme-test.no] [lego-acme-test.no] acme: error presenting token: gigahostno: get zones: unable to unmarshal response: [status code: 200] body: {"meta":{"status":200,"status_message":"200 OK","maintenance":false,"message":"200 OK"},"data":[{"zone_id":"227","cust_id":"16030","order_id":"26117","zone_name":"lego-acme-test.no","zone_type":"NATIVE","zone_active":"1","zone_protected":"1","zone_is_registered":"1","domain_registrar":"norid","domain_status":"active","domain_registered_date":"2025-11-23 15:17:38","domain_expiry_date":"2026-11-23 15:17:38","domain_updated_date":"2025-11-23 16:17:38","domain_auto_renew":"1","domain_epp_id":"LEG2175D-NORID","domain_registrant_id":"CA19777O","domain_tech_id":"GH295R","domain_auth_info":":xA0l(NRCnH+HHH4","domain_locked":"0","domain_dnssec":"0","domain_dnssec_data":null,"domain_protected_email":null,"zone_created":"2025-11-23 16:17:29","zone_updated":false,"external_dns":"0","record_count":4,"zone_name_display":"lego-acme-test.no"},{"zone_id":"226","cust_id":"16030","order_id":"26114","zone_name":"teoritester.no","zone_type":"NATIVE","zone_active":"1","zone_protected":"1","zone_is_registered":"1","domain_registrar":"norid","domain_status":"active","domain_registered_date":"2025-11-23 14:15:01","domain_expiry_date":"2026-11-23 14:15:01","domain_updated_date":"2025-11-23 15:15:02","domain_auto_renew":"1","domain_epp_id":"TEO218D-NORID","domain_registrant_id":"CA19774O","domain_tech_id":"GH295R","domain_auth_info":"XXXXXXXXXXXXXXX","domain_locked":"0","domain_dnssec":"0","domain_dnssec_data":null,"domain_protected_email":null,"zone_created":"2025-11-23 15:13:27","zone_updated":false,"external_dns":"0","record_count":5,"zone_name_display":"teoritester.no"},{"zone_id":"229","cust_id":"16030","order_id":"26119","zone_name":"xn--dittfrerkort-zjb.no","zone_type":"NATIVE","zone_active":"1","zone_protected":"1","zone_is_registered":"1","domain_registrar":"norid","domain_status":"active","domain_registered_date":"2014-12-01 12:40:48","domain_expiry_date":"2026-12-01 12:40:48","domain_updated_date":"2025-11-23 15:37:36","domain_auto_renew":"1","domain_epp_id":"DIT1003D-NORID","domain_registrant_id":"DCA822O","domain_tech_id":"GH295R","domain_auth_info":"XXXXXXXXXXXXXXX","domain_locked":"0","domain_dnssec":"0","domain_dnssec_data":null,"domain_protected_email":null,"zone_created":"2025-11-23 16:37:15","zone_updated":false,"external_dns":"0","record_count":4,"zone_name_display":"dittf\u00f8rerkort.no"}]} error: json: cannot unmarshal bool into Go struct field Zone.data.zone_updated of type int

[ldez]

The documentation is not accurate at all:

[ldez]

Can you pull and try again?

[francisrath]

I had a problem on the first try, but second try was OK. See below for the error I got (note; this is for a different domain). Not sure if it's just a fluke.. I tried several more times successfully with both domains.

Successful:

fran@francis-9950x:~/git/lego$ rm -rf .lego && ./dist/lego -a --email francis@cloudline.no --dns gigahostno -d '*.lego-acme-test.no' -d lego-acme-test.no -s https://acme-staging-v02.api.letsencrypt.org/directory run
2025/11/24 16:40:28 No key found for account francis@cloudline.no. Generating a P256 key.
2025/11/24 16:40:28 Saved key to /home/fran/git/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/francis@cloudline.no/keys/francis@cloudline.no.key
2025/11/24 16:40:29 [INFO] acme: Registering account for francis@cloudline.no
!!!! HEADS UP !!!!

Your account credentials have been saved in your
configuration directory at "/home/fran/git/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from the ACME server so making regular
backups of this folder is ideal.
2025/11/24 16:40:29 [INFO] [*.lego-acme-test.no, lego-acme-test.no] acme: Obtaining bundled SAN certificate
2025/11/24 16:40:30 [INFO] [*.lego-acme-test.no] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245385763/20395665573
2025/11/24 16:40:30 [INFO] [lego-acme-test.no] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245385763/20395665583
2025/11/24 16:40:30 [INFO] [*.lego-acme-test.no] acme: use dns-01 solver
2025/11/24 16:40:30 [INFO] [lego-acme-test.no] acme: Could not find solver for: tls-alpn-01
2025/11/24 16:40:30 [INFO] [lego-acme-test.no] acme: Could not find solver for: http-01
2025/11/24 16:40:30 [INFO] [lego-acme-test.no] acme: use dns-01 solver
2025/11/24 16:40:30 [INFO] [*.lego-acme-test.no] acme: Preparing to solve DNS-01
2025/11/24 16:40:30 [INFO] [lego-acme-test.no] acme: Preparing to solve DNS-01
2025/11/24 16:40:30 [INFO] [*.lego-acme-test.no] acme: Trying to solve DNS-01
2025/11/24 16:40:30 [INFO] [*.lego-acme-test.no] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2025/11/24 16:40:32 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2025/11/24 16:40:36 [INFO] [*.lego-acme-test.no] The server validated our request
2025/11/24 16:40:36 [INFO] [lego-acme-test.no] acme: Trying to solve DNS-01
2025/11/24 16:40:36 [INFO] [lego-acme-test.no] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2025/11/24 16:40:38 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2025/11/24 16:40:42 [INFO] [lego-acme-test.no] The server validated our request
2025/11/24 16:40:42 [INFO] [*.lego-acme-test.no] acme: Cleaning DNS-01 challenge
2025/11/24 16:40:42 [INFO] [lego-acme-test.no] acme: Cleaning DNS-01 challenge
2025/11/24 16:40:42 [INFO] [*.lego-acme-test.no, lego-acme-test.no] acme: Validations succeeded; requesting certificates
2025/11/24 16:40:42 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2025/11/24 16:40:43 [INFO] [*.lego-acme-test.no] Server responded with a certificate.

Failure:

fran@francis-9950x:~/git/lego$ ./dist/lego -a --email francis@cloudline.no --dns gigahostno -d '*.dittførerkort.no' -d dittførerkort.no -s https://acme-staging-v02.api.letsencrypt.org/directory run
2025/11/24 16:42:33 [INFO] [*.xn--dittfrerkort-zjb.no, xn--dittfrerkort-zjb.no] acme: Obtaining bundled SAN certificate
2025/11/24 16:42:34 [INFO] [*.xn--dittfrerkort-zjb.no] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245385763/20395689473
2025/11/24 16:42:34 [INFO] [xn--dittfrerkort-zjb.no] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245385763/20395689483
2025/11/24 16:42:34 [INFO] [*.xn--dittfrerkort-zjb.no] acme: use dns-01 solver
2025/11/24 16:42:34 [INFO] [xn--dittfrerkort-zjb.no] acme: Could not find solver for: tls-alpn-01
2025/11/24 16:42:34 [INFO] [xn--dittfrerkort-zjb.no] acme: Could not find solver for: http-01
2025/11/24 16:42:34 [INFO] [xn--dittfrerkort-zjb.no] acme: use dns-01 solver
2025/11/24 16:42:34 [INFO] [*.xn--dittfrerkort-zjb.no] acme: Preparing to solve DNS-01
2025/11/24 16:42:34 [INFO] [xn--dittfrerkort-zjb.no] acme: Preparing to solve DNS-01
2025/11/24 16:42:34 [INFO] [*.xn--dittfrerkort-zjb.no] acme: Trying to solve DNS-01
2025/11/24 16:42:34 [INFO] [*.xn--dittfrerkort-zjb.no] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2025/11/24 16:42:36 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2025/11/24 16:42:40 [INFO] [*.xn--dittfrerkort-zjb.no] The server validated our request
2025/11/24 16:42:40 [INFO] [xn--dittfrerkort-zjb.no] acme: Trying to solve DNS-01
2025/11/24 16:42:40 [INFO] [xn--dittfrerkort-zjb.no] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
2025/11/24 16:42:42 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2025/11/24 16:42:42 [INFO] [xn--dittfrerkort-zjb.no] acme: Waiting for DNS record propagation.
2025/11/24 16:42:44 [INFO] [xn--dittfrerkort-zjb.no] acme: Waiting for DNS record propagation.
2025/11/24 16:42:46 [INFO] [xn--dittfrerkort-zjb.no] acme: Waiting for DNS record propagation.
2025/11/24 16:42:48 [INFO] [xn--dittfrerkort-zjb.no] acme: Waiting for DNS record propagation.
2025/11/24 16:42:50 [INFO] [xn--dittfrerkort-zjb.no] acme: Waiting for DNS record propagation.
2025/11/24 16:42:52 [INFO] [xn--dittfrerkort-zjb.no] acme: Waiting for DNS record propagation.
2025/11/24 16:42:54 [INFO] [xn--dittfrerkort-zjb.no] acme: Waiting for DNS record propagation.
2025/11/24 16:42:56 [INFO] [xn--dittfrerkort-zjb.no] acme: Waiting for DNS record propagation.
2025/11/24 16:43:05 [INFO] [*.xn--dittfrerkort-zjb.no] acme: Cleaning DNS-01 challenge
2025/11/24 16:43:05 [INFO] [xn--dittfrerkort-zjb.no] acme: Cleaning DNS-01 challenge
2025/11/24 16:43:05 [INFO] Skipping deactivating of valid auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245385763/20395689473
2025/11/24 16:43:05 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz/245385763/20395689483
2025/11/24 16:43:05 Could not obtain certificates:
	error: one or more domains had a problem:
[xn--dittfrerkort-zjb.no] invalid authorization: acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: During secondary validation: Incorrect TXT record "JbvcMLoUB5qRMyz4jQHSX9blWr7OeggqWXPO4Sr7mcM" found at _acme-challenge.xn--dittfrerkort-zjb.no

[ldez]

The failure is related to DNS propagation.

[francisrath]

By the way, it doesn't seem like the auth token is cached. I get an email from Gigahost every login, and when I run lego repeatedly without clearing .lego folder it still logs in every time. Not sure how/where the token should be cached?

[ldez]

The tokens are never stored inside the .lego folder.
There is no persistent cache between several CLI runs.