Support for Strato Let'e Encrypt DNS challenge

[psychofaktory]

What provider would you like to see added to NPM? Strato

Have you checked if a certbot plugin exists? I found this here: https://github.com/Buxdehuda/strato-certbot

[chaptergy]

Unfortunately the current version of NPM only supports DNS-challenge providers which have a certbot dns plugin. The link you posted is only a manual auth hook certbot integration, which is not supported. And it seems there currently is no actual certbot dns plugin.

[psychofaktory]

For others with the same problem:

Not a certbot dns plugin, but I've got it managed to get a wildcart cert with the workaround mentioned here:

1. Setup proxy host in NPM (Nginx Proxy Manager) for both domain and wildcard subdomain

2. Setup SSL certificate for just the domain (wildcard input is currently not possible).

Up until here you should have SSL working for the domain, but not the subdomains.

3. In my case NginxProxyManager is a Docker-Container running on Unraid, so /config ist mounted to /mnt/user/appdata/NginxProxyManager

4. Copy auth-hook.py to /config/letsencrypt/renewal-hooks/deploy/

5. Make auth-hook.py executable: chmod a+x /config/letsencrypt/renewal-hooks/deploy/auth-hook.py

6. Create strato-auth.json in /config/letsencrypt/renewal-hooks/deploy/ { "username": "<username>", "password": "<password>" }

7. Replace with open("strato-auth.json") as file: in /config/letsencrypt/renewal-hooks/deploy/auth-hook.py with with open ("/config/letsencrypt/renewal-hooks/deploy/strato-auth.json") as file:

8. Change permissions: chmod 0400 /config/letsencrypt/renewal-hooks/deploy/strato-auth.json

9. Modify /config/letsencrypt/renewal/npm-.conf and update the section [renewalparams]: authenticator = manual manual_public_ip_logging_ok = True manual_auth_hook = /config/letsencrypt/renewal-hooks/deploy/auth-hook.py

10. Extend the certificate (replace <domain>): certbot certonly --manual --cert-name npm-5 --expand -d <domain>,*.<domain> --manual-auth-hook=/config/letse ncrypt/renewal-hooks/deploy/auth-hook.py

Now the cert setup in step 2. contains an wildcard-alias an can be assigned to the wildcard subdomain from step 1.

I hope this help some.

[BeSve]

10. Extend the certificate (replace <domain>): certbot certonly --manual --cert-name npm-5 --expand -d <domain>,*.<domain> --manual-auth-hook=/config/letse ncrypt/renewal-hooks/deploy/auth-hook.py

Thanks for your how to. Will this automaticly update the certificate every 90 days or have I do this manualy? Or is there a way to execute the command mentioned under 10 every n days?

Thanks a lot.

[psychofaktory]

Will this automaticly update the certificate every 90 days or have I do this manualy?

When the SSL certificate is created in step 2, NPP automatically creates a job that regularly renews the certificate.

[Substanzlos]

Hi, some things i have noticed.

(All files mentioned come from here: https://github.com/Buxdehuda/strato-certbot)

• First of, it look's like the auth-hook.py hast changed, point 7. isn't requiered anymore, with open has been removed/replaced.
• There is a new include, so you will need the file certbotstratoapi.py
• you need to install the requirements listed under requirements.txt

Okay, after this, your workaround works, but i get this error message, even so the certificate generation works:

After issuing point 8. of the workaround i get this output.

[...] Renewing an existing certificate for abc.xyz and *abc.xyz

Hook 'deploy-hook' reported error code 1 Hook 'deploy-hook' ran with error output: Traceback (most recent call last): File "/etc/letsencrypt/renewal-hooks/deploy/auth-hook.py", line 42, in main() File "/etc/letsencrypt/renewal-hooks/deploy/auth-hook.py", line 25, in main strato = CertbotStratoApi() File "/etc/letsencrypt/renewal-hooks/deploy/certbotstratoapi.py", line 17, in init self.txt_value = os.environ['CERTBOT_VALIDATION'] File "/usr/lib/python3.7/os.py", line 678, in getitem raise KeyError(key) from None KeyError: 'CERTBOT_VALIDATION'

Successfully received certificate. [...]

Any ideas?

[FlixMa]

I modified the code from the aforementioned repository to provide a regular certbot dns authentication plugin, which can be directly integrated into NPM (see here).

If you would like to give it a try, follow these instructions. The dns plugin configuration in globals/certbot-dns-plugins.js should be adjusted to include the service for Strato:

.
.
.
    //####################################################//
    strato: {
        display_name:        'Strato',
        package_name:        'certbot-dns-strato',
        version_requirement: '~=0.1.1',
        dependencies:        '',
        credentials:         `dns_strato_username = user
dns_strato_password = pass
# uncomment if domain name contains special characters
# insert domain display name as seen on your account page here
# dns_strato_domain_display_name = my-punicode-url.de`,
        full_plugin_name:    'dns-strato',
    },
.
.
.

I was successful using option 2 mentioned in the linked comment. An exemplary docker-compose.yml could be:

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: always
    ports:
      - '80:80'
      - '1080:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
      # map custom code into the container to support strato dns
      - ./custom-npm/global/certbot-dns-plugins.js:/app/global/certbot-dns-plugins.js:ro
      - ./custom-npm/frontend/dist:/app/frontend:ro

networks:
  default:
    external: true
    name: nginx-proxy-manager

Note that the code is still in an experimental stage.

[Substanzlos]

Nice work. :)

Where do i need to place the files from your repository?

[FlixMa]

Nice work. :)

Where do i need to place the files from your repository?

Thank you :-)

You don't need to touch my repository -- it is just a place for the plugin to live. The code is uploaded to PyPi so it is available from anywhere where there is python pip installed. Thus npm can grab it by itself. You just need to introduce this plugin to npm by inserting the given configuration snippet posted above and then building the npm frontend from this repository.

Once that's done, you can use the build directory and mount it into your docker container at the specific location where the prebuilt frontend was living (you basically shadow it with the new version).

Then you're good to go. In fact I have this setup up and running since my post without any issues :-)

So what you need to do:

1. clone this repository (nginx-proxy-manager, not my plugin)
2. edit globals/certbot-dns-plugins.js as shown above.
3. rebuild the npm frontend using the provided build script: sudo ./scripts/frontend-build
4. mount the new version into your container using the docker-compose.yml as shown above (make sure to adjust the paths to point your local custom build. In my case it's located in ./custom-npm/)

(-: Hope this helps

[Substanzlos]

Thank you. :)

You Pull requests got answered: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/2929#issuecomment-1553032491

I've tested the docker image, works like a charm!

Thank you so much for your work!

[Yoshi315161]

Hi guys,

i postet this also in the Pull Request but dont know if anyone sees this there:

i read this and wanted to try it out but i think i dont get it... how and what for things do i have to put in the challange textfield?

also my strato is locked with 2fa is there an example file i can use?

sorry but i dont understand the things under user and pass... and for the SSL Domain i need ".DOMAIN.COM"? or without the for wildcard?

this is the example: dns_strato_username = user dns_strato_password = pass '# uncomment if domain name contains special characters '# insert domain display name as seen on your account page here '# dns_strato_domain_display_name = my-punicode-url.de

and now how to fill it?

the last two i dont understand... do i have to remove the # and fill in something? if i do i get an error....

i testet with: '*.DOMAIN.com

dns_strato_username = NUMBERS dns_strato_password = PASSWORD dns_strato_totp_secret = BUNCH OF NUMBERS AND CARACTERS dns_strato_totp_devicename = NAME OF TOTP '# uncomment if domain name contains special characters <-- Leav this as it was '# DOMAIN.COM '# dns_strato_domain_display_name = *.DOMAIN.COM

pls help or point me a good example from someone who got it to work. it would be easier then the normal challenge then there are at time internal errors -,- (new request worked...)

thank you so much...

EDIT: have to put ' infront of # to avoid funky things...

[FlixMa]

sorry but i dont understand the things under user and pass... and for the SSL Domain i need ".DOMAIN.COM"? or without the for wildcard?

In the topmost field of the basic certificate settings it should say *.domain.com (the CN, the certificate is issued for). In the custom configuration for strato dns you only need to add your domain name, if it has special characters in it (aka punycode). If that's the case you need to enter the name in the exact same spelling as it appears on your strato domain configuration overview page (on strato.de it's called "Paketübersicht"). In my case it shows without the asterisk. Otherwise, so if you do not provide the dns_strato_domain_display_name, it is inferred from your CN.

I guess you already tried both variants, rights? If that's the case, I might have spotted an error with TFA. It might be a problem in the code of my python certbot plugin, where the credentials setup function does not include the totp keys.

Since I did not configure it yet (shame on me), this didn't come to light. Your configuration looks correct:

dns_strato_totp_secret = BUNCH OF NUMBERS AND CARACTERS dns_strato_totp_devicename = NAME OF TOTP

Please try as I explained, if you did not already do so and report back. Then I will proceed to making the adjustments in code. Cheers

[Yoshi315161]

hi ho and thx for the answer,

ok then i think its easier to work with pictures...

i testet a lot, but i always get an Error so hier my config (as i understand from your text):

and this is the error i get:

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-30" --agree-tos --email "jxxxxxxxxxx.com" --domains "*.hxxxxxxxxxx.com" --authenticator dns-strato --dns-strato-credentials "/etc/letsencrypt/credentials/credentials-30" Saving debug log to /tmp/letsencrypt-log/letsencrypt.log

`at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)`

Do i have to put something in Strato first? i own the domain but is something to do for the wildcard *.hxxxxxxx.com SSL Cert?

Thank you for your help :)

[Yoshi315161]

Do you have something new for me @FlixMa ?

[FlixMa]

I am sorry, I didn’t have time to do it as I am currently on vacation. I’ll be back in September.

[ThomasKuijper]

I tried the same @Yoshi315161, but im getting the same error. I tried both with a wildcard and a specific hostname, both gave the same childprocess error. I disabled TOTP and tried, but same problem. Maybe strato changed something.

Is there something i can look for in the debug log?

////Update

I checked some more, what i think happens, is that the url you use in your 'certbotstratoapi.py' is for strato.DE When you login with a login from another country, instead of loggin in right now, it redirects you to the login page for the correct country.

Is it an option to add the API url to the settings?

[FlixMa]

Hey all, sorry for the late reply. I did not know, that strato was serving their page in other countries than Germany. So this actually might be cause for troubles with some users.

In the recent commit I added the option to fully customise the API endpoint:

• custom_api_scheme,
• custom_api_host,
• custom_api_port and
• custom_api_path

You will probably only set the custom_api_host, but yeah, might be nice to have in the future...

I have just published a new version of the certbot strato dns challenge pypi package: Please pip install this package and test whether your TXT records show up on Strato Management Site. You can use this snippet for testing:

from certbot_dns_strato.dns_strato import _StratoApi

# change the placeholders and api host to match the one you are logging in to (e.g. '.nl' for the Netherlands).
strato = _StratoApi('your_domain_display_name', custom_api_host='www.strato.nl')
strato.login('my_username', 'my_password')

strato.set_domain_name('your_domain_name')
strato.get_package_id()
strato.get_txt_records()
strato.set_amce_record('hello', 'world')
strato.push_txt_records()

The result should look like this:

I hope the NPM auto-updates the package soon, so you'll be able to use the additional options from inside NPM. Don't forget to add the mandatory prefix in your NPM wildcard certificate configuration dns_strato_. So custom_api_host needs to be set as dns_strato_custom_api_host = www.strato.nl(e.g. for the Netherlands).

Also please let me know, if this fixes the problem for you, @Yoshi315161. And thank you @ThomasKuijper so much for investigating.

Cheers

[Yoshi315161]

Hey @FlixMa, i hope you had a good vacation. My Strato is also in Germany. I only updated the pip installation and now its working without changing anything.. AWESOME :)

now i have a wildcard with DNS Challange :D (and TOPT) Thank you so much

my config is the same like the picture above the only difference is that i deletet the last three lines.

[FlixMa]

Hey @Yoshi315161, vacation was alright; thanks for asking. Glad to hear you got it working. Then the issue might actually have been that the 2FA detection was not only broken for other countries, but also for strato.de. That is actually very likely as it was based on user-facing string matching, which of course might change more frequently than an API. I did. change that behaviour to be based on whether you provide 2FA credentials or not, to make it compatible with other languages.

Do you mind sharing how you updated the pip package inside your NPM docker container? This way others can profit as well :)

Have a nice weekend!

[Yoshi315161]

Ofcourse I can. I have portainer installed in my Docker server. So I Bash into the NPM Container and just Copied the install Bash from your link and press Enter: pip install certbot-dns-strato==0.2.0

After that I tested again in NPM and it worked.

You too :)

[Anocos]

#

So what you need to do:

1. clone this repository (nginx-proxy-manager, not my plugin)

2. edit `globals/certbot-dns-plugins.js` as shown above.

3. rebuild the npm frontend using the provided build script: `sudo ./scripts/frontend-build`

4. mount the new version into your container using the `docker-compose.yml` as shown above (make sure to adjust the paths to point your local custom build. In my case it's located in `./custom-npm/`)

Hi, when I run: sudo ./scripts/frontend-build sudo: ./scripts/frontend-build: command not found

frontend-build file does not exist

Any suggestion

[FlixMa]

The script has been moved to a subfolder: scripts/ci/frontend-build

I am not sure if it will work, though. There might have been other breaking changes since spring 2023.

But may I ask, why you want to use those steps? The plugin should already show up without any additional changes since #2929 got merged. So you probably don’t need to build it for yourself :)

[Anocos]

I have updated to the latest version 2.10.4 and I have already seen it Now I will do tests Thank you

[Anocos]

When I try to create an SSL certificate it gives an error:

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-1" --agree-tos --email "xxxx@xxxx.es" --domains "xxxxxxxxx.es" --authenticator dns-strato --dns-strato-credentials "/etc/letsencrypt/credentials/credentials-1" Saving debug log to /tmp/letsencrypt-log/letsencrypt.log at ChildProcess.exithandler (node:child_process:402:12) at ChildProcess.emit (node:events:513:28) at maybeClose (node:internal/child_process:1100:16) at Socket. (node:internal/child_process:458:11) at Socket.emit (node:events:513:28) at Pipe. (node:net:301:12)

Ofcourse I can. I have portainer installed in my Docker server. So I Bash into the NPM Container and just Copied the install Bash from your link and press Enter: pip install certbot-dns-strato==0.2.0

After that I tested again in NPM and it worked.

You too :)

I have also updated to version 0.2.0 from Portainer

[FlixMa]

Unfortunately I haven't seen this error before. You can try to have a look into the debug log. There might be useful information inside. If you are unsure if this has to do with the strato plugin itself, you might want to post a new issue.

[Anocos]

It's already solved. It is necessary to put in the Credentials File Content section: dns_strato_custom_api_host = www.strato.es

In case it helps anyone :)

[FlixMa]

I added a more descriptive configuration template to simplify onboarding for new users. See pull request #3212 for more information.

[hamiller]

looks as if this is broken again... i think the get_package_id method is not able to find the package ID.

Maybe we could get completely rid of the method - or provide an override - and read an additional config field "dns_strato_package_id"?

[Yoshi315161]

Mine is still working... Do you have updated your NPM Container? If yes, you have to update the internal: pip install certbot-dns-strato==0.2.0 again its not importet yet... sad because there were two container updates till now...

[Yoshi315161]

Now there was an update with your implementation BUT now it doesn’t work anymore…

and i can also do not update with pip because there is an error with command not found…

after i did an apt update and install pip there is an error that this Environment ist external managed… pip installation doesn‘t work… Hope you can do some cool things so we can use it again (my cert will be expired early feb…)

I also tested to new create the SSL config. But there is also an error CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log

at /app/lib/utils.js:16:13
at ChildProcess.exithandler (node:child_process:430:5)
at ChildProcess.emit (node:events:518:28)
at maybeClose (node:internal/child_process:1105:16)
at ChildProcess._handle.onexit (node:internal/child_process:305:5)

[thomas292]

Dear @FlixMa, today I updated to Nginx Proxy Manager 2.11, which includes your fix as documented in the release notes. Just got the same error as @Yoshi315161. Thank you for any help. Thomas

[thomas292]

@Yoshi315161 Just to clarify. Is there anything special you have configured on the Strato side?

[FlixMa]

Hey all, apparently Strato did change the way of accessing the individual packages. In the past this was done through an absolute package id. Now this changed to incrementing numbers per account.

Hopefully the uploaded fix 0.2.1 will account for that. The tests on my end are looking fine. Please try to update the pip package and let me know :-) Felix

[Yoshi315161]

hey @FlixMa,

i tried to bash into console and do the pip install certbot-dns-strato==0.2.1 but i got the bash: pip: command not found i think on the debian was something changed.. how to you got the update in your NPM container?

@thomas292 no i have nothing changed in strato

[dernilz]

Hey, to change the version of certbot plugin the version has to be changes in the file global/certbot-dns-plugins.json.

This can either be done temporarily in the container (exec into container, edit /app/global/certbot-dns-plugins.json, restart container) or permanently by creating a custom image that inherits from the official image (override /app/global/certbot-dns-plugins.json).

Search for this part and replace version with your desired version:

...
"strato": {
    "name": "Strato",
    "package_name": "certbot-dns-strato",
--> "version": "~=0.1.1",
    "dependencies": "",
    "credentials": "dns_strato_username = user\ndns_strato_password = pass\n# uncomment if youre using two factor authentication:\n# dns_strato_totp_devicename = 2fa_device\n# dns_strato_totp_secret = 2fa_secret\n#\n# uncomment if domain name contains special characters\n# insert domain display name as seen on your account page here\n# dns_strato_domain_display_name = my-punicode-url.de\n#\n# if youre not using strato.de or another special endpoint you can customise it below\n# you will probably only need to adjust the host, but you can also change the complete endpoint url\n# dns_strato_custom_api_scheme = https\n# dns_strato_custom_api_host = www.strato.de\n# dns_strato_custom_api_port = 443\n# dns_strato_custom_api_path = \"/apps/CustomerService\"",
    "full_plugin_name": "dns-strato"
},
...

Disclaimer: I have not explicitly tested this fix

[tbreitha]

With Version 0.2.1 it is still not working. Here is my config/request incl. error message: This is form the letsencrypt log after the request:

[KeenBockwurst]

Same here. cat global/certbot-dns-plugins.json

"strato": {
                "name": "Strato",
                "package_name": "certbot-dns-strato",
                "version": "~=0.2.1",
                "dependencies": "",
                "credentials": "dns_strato_username = user\ndns_strato_password = pass\n# uncomment if youre using two factor authentication:\n# dns_strato_totp_devicename = 2fa_device\n# dns_strato_totp_secret = 2fa_secret\n#\n# uncomment if domain name contains special characters\n# insert domain display name as seen on your account page here\n# dns_strato_domain_display_name = my-punicode-url.de\n#\n# if youre not using strato.de or another special endpoint you can customise it below\n# you will probably only need to adjust the host, but you can also change the complete endpoint url\n# dns_strato_custom_api_scheme = https\n# dns_strato_custom_api_host = www.strato.de\n# dns_strato_custom_api_port = 443\n# dns_strato_custom_api_path = \"/apps/CustomerService\"",
                "full_plugin_name": "dns-strato"

also used

 pip install certbot-dns-strato==0.2.1
Requirement already satisfied: certbot-dns-strato==0.2.1 in /opt/certbot/lib/python3.11/site-packages (0.2.1)
Requirement already satisfied: setuptools in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-strato==0.2.1) (66.1.1)
Requirement already satisfied: certbot>=2.0 in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-strato==0.2.1) (2.8.0)
Requirement already satisfied: requests in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-strato==0.2.1) (2.31.0)
Requirement already satisfied: pyotp in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-strato==0.2.1) (2.9.0)
Requirement already satisfied: acme>=2.8.0 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (2.8.0)
Requirement already satisfied: ConfigArgParse>=1.5.3 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (1.7)
Requirement already satisfied: configobj>=5.0.6 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (5.0.8)
Requirement already satisfied: cryptography>=3.2.1 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (41.0.7)
Requirement already satisfied: distro>=1.0.1 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (1.9.0)
Requirement already satisfied: josepy>=1.13.0 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (1.14.0)
Requirement already satisfied: parsedatetime>=2.4 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (2.6)
Requirement already satisfied: pyrfc3339 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (1.1)
Requirement already satisfied: pytz>=2019.3 in /opt/certbot/lib/python3.11/site-packages (from certbot>=2.0->certbot-dns-strato==0.2.1) (2023.3.post1)
Requirement already satisfied: charset-normalizer<4,>=2 in /opt/certbot/lib/python3.11/site-packages (from requests->certbot-dns-strato==0.2.1) (3.3.2)
Requirement already satisfied: idna<4,>=2.5 in /opt/certbot/lib/python3.11/site-packages (from requests->certbot-dns-strato==0.2.1) (3.6)
Requirement already satisfied: urllib3<3,>=1.21.1 in /opt/certbot/lib/python3.11/site-packages (from requests->certbot-dns-strato==0.2.1) (2.1.0)
Requirement already satisfied: certifi>=2017.4.17 in /opt/certbot/lib/python3.11/site-packages (from requests->certbot-dns-strato==0.2.1) (2023.11.17)
Requirement already satisfied: PyOpenSSL!=23.1.0,>=17.5.0 in /opt/certbot/lib/python3.11/site-packages (from acme>=2.8.0->certbot>=2.0->certbot-dns-strato==0.2.1) (23.3.0)
Requirement already satisfied: six in /opt/certbot/lib/python3.11/site-packages (from configobj>=5.0.6->certbot>=2.0->certbot-dns-strato==0.2.1) (1.16.0)
Requirement already satisfied: cffi>=1.12 in /opt/certbot/lib/python3.11/site-packages (from cryptography>=3.2.1->certbot>=2.0->certbot-dns-strato==0.2.1) (1.16.0)
Requirement already satisfied: pycparser in /opt/certbot/lib/python3.11/site-packages (from cffi>=1.12->cryptography>=3.2.1->certbot>=2.0->certbot-dns-strato==0.2.1) (2.21)

Only get internal error

[tbreitha]

I got it working now with the latest NPM in Docker:

1. exec in to the container
2. apt update
3. apt install pip
4. apt install nano
5. pip install certbot-dns-strato==0.2.1
6. nano certbot-dns-plugins.json
7. change the version from Strato 0.1.1 to 0,2.1 and save it
8. restart the container
9. Request a new Wildcard within NPM

10. 

Hope that helps Cheers Tom

[KeenBockwurst]

@tbreitha Did again what you posted just to be sure, but i get instantly internal error without anything else :/

[tbreitha]

@KeenBockwurst Did again what you posted just to be sure, but i get instantly internal error without anything else :/

Strange, i did it twice now, on my system and friends system. It worked just fine.

[KeenBockwurst]

Update: It worked with one certificat. The next one seems to timed out and after that one instantly internal errors :/

[FlixMa]

This is very odd behaviour I haven’t seen so far. Maybe you have two colliding renewals at the same time? If so try to only renew once the othe process did finish.

[ponchoboob]

Hi, thank you for your plugin. When I first tried, i didn't work and I tried it manually with certbot the see how all this stuff actually works and it worked. There is a little issue with reading the password. Passwords beginning with '#' are not working. Guess it is interpreted as commentary. With updateing to version0.2.1 of your plugin it finally worked here for me, but the issue with passwords starting with # is still there.

kind regards, robert

[FlixMa]

the issue with passwords starting with # is still there.

Please try using quotes around it like so dns_strato_password = "#mysupersecretpassword". Otherwise I guess the only option to get it working is to change the password to not include such problematic characters.

[Yoshi315161]

I got it working now with the latest NPM in Docker:

1. exec in to the container
2. apt update
3. apt install pip
4. apt install nano
5. pip install certbot-dns-strato==0.2.1

how do you get pip install cert...... to work? i only get this error...

[nevyen]

Which username and password are used?

The one to login into my account or the one which is used to login into dyndns?

[ponchoboob]

Hi, just use your credentials that you use to login on the strato service portal. Or to take your words, the "one to login into my account"...

kind regards.

[ponchoboob]

Update: It worked with one certificat. The next one seems to timed out and after that one instantly internal errors :/

Try setting the propagation time to 60 seconds or longer. When manually using Certbot with the DNS-01 challenge, you will see a message instructing you to wait for a specified amount of time after entering the provided key (challenge) into the CNAME field. Another possible issue could be the plugin itself. Since it employs web scraping techniques to log into your account and automate tasks, the webpage may not fully load. As a result, the plugin might not be able to locate the required HTML/CSS tags. Generally, most websites do not appreciate being scraped and have protections against it. This is why libraries such as Puppeteer (Node.js) offer proxy settings, as well as delay and wait mechanisms for web scraping.

kind regards.

[Cookiecollecto]

I got it working now with the latest NPM in Docker:

Hope that helps Cheers Tom

Thank you so mutch! Its working again.

[Yoshi315161]

I got it working now with the latest NPM in Docker: Hope that helps Cheers Tom

Thank you so mutch! Its working again.

Can you explain how? I am stuck at the point with pip install… i always got an error…

[Cookiecollecto]

I got it working now with the latest NPM in Docker: Hope that helps Cheers Tom

Thank you so mutch! Its working again.

Can you explain how? I am stuck at the point with pip install… i always got an error…

I followed the instructions step by step, and it worked in the end. I had no error, sry.