access_token cannot be found

gdog2u commented 1 year ago

I've tried everything I can think of to get this working. This included modifying dns_google_domains.py to dump the contents of the ConfigObj, where I can see that there is a value for "access_token", and it still did not find it.

Command I'm running

certbot certonly --authenticator 'dns-google-domains' --dns-google-domains-credentials '/var/lib/letsencrypt/dns_google_domains_credentials.ini' -d "diablo-ii.zip"

Output

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-google-domains, Installer None
Requesting a certificate for diablo-ii.zip
Performing the following challenges:
dns-01 challenge for diablo-ii.zip
Cleaning up challenges
/var/lib/letsencrypt/dns_google_domains_credentials.ini: access_token was not found in the configuration for Google Domains.

Versions

This is on Debian 5.10.179-1 (2023-05-12) x86_64 GNU/Linux and Python 3.9.2

$ pip3 show certbot certbot-dns-google-domains
Name: certbot
Version: 2.6.0
Summary: ACME client
Home-page: https://github.com/letsencrypt/letsencrypt
Author: Certbot Project
Author-email: certbot-dev@eff.org
License: Apache License 2.0
Location: /usr/local/lib/python3.9/dist-packages
Requires: josepy, parsedatetime, distro, pyrfc3339, acme, configobj, pytz, cryptography, setuptools, ConfigArgParse
Required-by: certbot-dns-google-domains
---
Name: certbot-dns-google-domains
Version: 0.1.11
Summary: Certbot DNS authenticator for Google Domains
Home-page: None
Author: Amir Omidi
Author-email: amir@aaomidi.com
License: Apache 2.0
Location: /usr/local/lib/python3.9/dist-packages
Requires: dataclasses-json, publicsuffixlist, certbot, zope.interface

Config file

My config file is at the location shown in the command, and has the following contents, per this repo's README. I have the two lines there to see if that would fix the issue, but it did not.

$ cat /var/lib/letsencrypt/dns_google_domains_credentials.ini
access_token = <api token>
dns_google_domain_access_token = <same api token>
dns_google_domains_zone = diablo-ii.zip

letsencrypt.log

The log file in total is 12kb, let me know if you want it, and which parts.

Dumping ConfigObj

$ certbot certonly  --authenticator 'dns-google-domains' --dns-google-domains-credentials '/var/lib/letsencrypt/dns_google_domains_credentials.ini' -d "diablo-ii.zip" -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-google-domains, Installer None
Requesting a certificate for diablo-ii.zip
Performing the following challenges:
dns-01 challenge for diablo-ii.zip
{'confobj': ConfigObj({'access_token': '<api token>', 'dns_google_domain_access_token': '<same api token>', 'dns_google_domains_zone': 'diablo-ii.zip'}), 'mapper': <bound method Plugin.dest of <certbot_dns_google_domains.dns_google_domains.Authenticator object at 0x7f7b96637d30>>}
Cleaning up challenges
An unexpected error occurred:
Exception: Intentionally killed here

aaomidi commented 1 year ago

I'm wondering if it's potentially a permission issue on that credentials file?

gdog2u commented 1 year ago

I was getting a warning that the credentials was world readable, but I changed the permissions to 660, and the warning went away. This error of the access token was happening before and after this change. I'm running this as root, so permissions shouldn't be a concern, right?

aaomidi commented 1 year ago

No it probably shouldn't. I mean this is odd. Like we have that command running in our unit tests and it's been issuing just fine. Hmm

aaomidi commented 1 year ago

dns_google_domain_access_token =

It should be

dns_google_domains_access_token = <same api token>

aaomidi / certbot-dns-google-domains