search

EnigmaBridge / certbot-external-auth

Certbot external DNS, HTTP, TLSSNI domain validation plugin with JSON output and scriptable hooks, with Dehydrated compatibility
Other
109 stars 15 forks source link

AttributeError: module 'acme.challenges' has no attribute 'TLSSNI01' #18

Closed AronNovak closed 4 years ago

AronNovak commented 4 years ago

Command:

certbot certonly --email aron@example.com --configurator certbot-external-auth:out --certbot-external-auth:out-public-ip-logging-ok --agree-tos  --preferred-challenges dns  -d moo.novaak.net -d mah.novaak.net -d blah.novaak.net

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator certbot-external-auth:out, Installer certbot-external-auth:out
Obtaining a new certificate
Performing the following challenges:
An unexpected error occurred:
AttributeError: module 'acme.challenges' has no attribute 'TLSSNI01'
Please see the logfiles in /var/log/letsencrypt for more details.
{"cmd": "report", "messages": []}

From the log:

2020-03-09 10:23:31,024:INFO:certbot._internal.auth_handler:Performing the following challenges:
2020-03-09 10:23:31,025:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 10, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/local/lib/python3.7/site-packages/certbot/_internal/main.py", line 1347, in main
    return config.func(config, plugins)
  File "/usr/local/lib/python3.7/site-packages/certbot/_internal/main.py", line 1233, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/local/lib/python3.7/site-packages/certbot/_internal/main.py", line 121, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/local/lib/python3.7/site-packages/certbot/_internal/client.py", line 410, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/local/lib/python3.7/site-packages/certbot/_internal/client.py", line 344, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/local/lib/python3.7/site-packages/certbot/_internal/client.py", line 391, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/local/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 62, in handle_authorizations
    achalls = self._choose_challenges(authzrs)
  File "/usr/local/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 206, in _choose_challenges
    self._get_chall_pref(authzr.body.identifier.value),
  File "/usr/local/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 221, in _get_chall_pref
    plugin_pref = self.auth.get_chall_pref(domain)
  File "/usr/local/lib/python3.7/site-packages/certbot_external_auth/plugin.py", line 219, in get_chall_pref
    return [challenges.DNS01, challenges.HTTP01, challenges.TLSSNI01]
AttributeError: module 'acme.challenges' has no attribute 'TLSSNI01'
2020-03-09 10:23:31,028:ERROR:certbot._internal.log:An unexpected error occurred:

Versions: certbot 1.3.0

certbot-external-auth 0.1.0

AronNovak commented 4 years ago

For the record, on the same system, without certbot-external-auth, I could perform the DNS challenge for some domains without any issues.

AronNovak commented 4 years ago

I was able to workaround this locally by editing /usr/local/lib/python3.7/site-packages/certbot_external_auth/plugin.py, and at line 219, removed the "TLSSNI01" item from the array, inside get_chall_pref.

AronNovak commented 4 years ago

It was already addressed in master, merely the pip package is outdated.

https://github.com/EnigmaBridge/certbot-external-auth/blob/master/certbot_external_auth/plugin.py#L211

dancvrcek commented 4 years ago

I have now pushed a new version to pypi but had to change the package name. Can you pls try

pip uninstall certbot-external-auth pip install certbot-ext-auth

... usage should be the same

akardes commented 4 years ago

Just adding this note in case someone else runs into this as well, as it was not immediately obvious to me:

Changing the package name also means that on the certbot commandline all parameters starting with --certbot-external-auth need to be changed to --certbot-ext-auth.