DNS challenge DYNU configuration

[suhrke]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

  • Describe the bug

    Hello, I wanted to use the DNS challenge plugin Dynu, and this wants to get certbot_dns_dynu:dns_dynu_auth_token = YOUR_DYNU_AUTH_TOKEN

I replaced YOUR_DYNU_AUTH_TOKEN with my own api token at dynu.com

and got only

"Internal error" and "This section requires some knowledge about Certbot and its DNS plugins. Please consult the respective plugins documentation."

In the corresponding python script inside the container /opt/certbot/lib/python3.7/site-packages/certbot_dns_dynu/dns_dynu.py I found also only the reference to the dynu auth token. I use this DNS challenge on another platform (proxmox-ve) which uses auth-token and oauth2 Client-ID/secret what works properly. So I look for a way to configure this in nginx proxy manager properly, but found not any hint.

Nginx Proxy Manager Version

To Reproduce Steps to reproduce the behavior:

1. Go to '...' dynu.com, create the subdomain/address record for the affected certificate
2. create a new proxy with this dns name
3. go to SSL
4. request a new SSL certificate with LE
5. take "Use a DNS challenge"
6. choose "dynu"
7. put yout authentication token into the configuration field like certbot_dns_dynu:dns_dynu_auth_token = MY_OWN_DYNU_AUTH_TOKEN
8. put in yout LE account email
9. choose "I agree to .."
10. optional choose "Force SSL" and "HTTP/2 support"
11. choose "Save"

Expected behavior

correct pull a certificate from letsencrypt with dns challenge provided by dynu.com

Screenshots

Operating System

ubuntu 20.04 LTS / Docker version 20.10.7, build f0df350

Additional context

[chaptergy]

Could you take a look into the logs of the npm container to see what the actual error is?

[sillydanny]

I have the same issue about the DNS challenge,

npm | [7/3/2023] [9:06:16 AM] [Nginx ] › ℹ info Reloading Nginx npm | [7/3/2023] [9:06:16 AM] [Express ] › ⚠ warning Command failed: . > > /opt/certbot/bin/activate && pip install --no-cache-dir --user certbot-dns-godaddy~=0.2.0 && deactivate npm | ERROR: Will not install to the user site because it will lack sys.path precedence to urllib3 in /opt/certbot/lib/python3.7/site-packages

[randomDrops]

Found a solution. Guess there might be a better solution. Replace the text with dns_dynu_auth_token=\<api-key\>. Of course, replace the angle-bracket with your own API-key from Dynu. Remove all the spaces on both sides of the equal sign.

[randomDrops]

Update: Remember to put 120 into the Propagation Seconds textbox. Please be patient and try a few times till it succeeds.

[DairyWeb3638077]

I get this error

Internal Error

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-29" --agree-tos --email "MY EMAIL" --domains "MY DOMAIN" --authenticator dns-dynu --dns-dynu-credentials "/etc/letsencrypt/credentials/credentials-29" --dns-dynu-propagation-seconds 120
Traceback (most recent call last):
  File "/usr/bin/certbot", line 5, in 
    from certbot.main import main
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in 
    from certbot._internal import main as internal_main
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 21, in 
    import josepy as jose
  File "/opt/certbot/lib/python3.7/site-packages/josepy/__init__.py", line 40, in 
    from josepy.json_util import (
  File "/opt/certbot/lib/python3.7/site-packages/josepy/json_util.py", line 24, in 
    from OpenSSL import crypto
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/__init__.py", line 8, in 
    from OpenSSL import crypto, SSL
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1517, in 
    class X509StoreFlags(object):
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags
    CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Socket. (node:internal/child_process:458:11)
    at Socket.emit (node:events:513:28)
    at Pipe. (node:net:301:12)

[yuriw]

I see this too in 2024 Were there any solutions found for this issue?

[st-ivan]

This seems to be fixed in NPM version 2.11. default text: dns_dynu_auth_token = YOUR_DYNU_AUTH_TOKEN Just remove "YOUR_DYNU_AUTH_TOKEN" and put your API KEY. Wait for about 1 minute and the cert will be issued.

[mrt2nbl]

Working for me even with default text (without space)

[yurii-karadzhov]

I got unrecognized arguments error:

CommandError: usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --dns-dynu-credentials /etc/letsencrypt/credentials/credentials-2 --dns-dynu-propagation-seconds 120

    at /app/lib/utils.js:16:13
    at ChildProcess.exithandler (node:child_process:410:5)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

[yurii-karadzhov]

pip install certbot-dns-dynu solves the issue