v4 - Renew Certificate fails when there is no challenge record to delete #913
Description
Describe the bug
For some of my certificates, renewal fails on the Dns01Authorization step with the following error:
"Orchestrator function 'RenewCertificate_Orchestrator' failed: The orchestrator function 'IssueCertificate' failed: "The activity function 'Dns01Authorization' failed: "Value cannot be null. (Parameter 'source')". See the function execution logs for additional details.". See the function execution logs for additional details."
The workaround for this, is to create an '_acme-challenge' TXT record, as the function appears to want to delete a record before issuing the new one.
It doesn't happen on every certificate, and the one I'm working on right now has an additional SAN added to it, which needs this TXT workaround.
Environment (please complete the following information):
- Certificate Type: subdomain
Example cert - admin.SUBZONE1.domain.com , admin.SUBZONE2.domain.com - Certificate Deploy Target: Key Vault
Additional context
The DNS zones in question for this cert are stored in Route 53.
I'm not an expert but given the behaviour, the issue seems to stem around line 286 in SharedActivity.cs:
await zone.DnsProvider.DeleteTxtRecordAsync(zone, acmeDnsRecordName);
It's trying to delete a record that doesn't exist. What's strange is the first zone doesn't have a pre-existing 'acme-challenge' TXT record either, but it doesn't cause an issue.
If there's any additional information or specific logs I can provide, please let me know how you want there and where to fetch them from.