search

adferrand / dnsrobocert

Orchestrate Certbot and Lexicon together to provide Let's Encrypt TLS certificates validated by DNS challenges
https://dnsrobocert.readthedocs.io
MIT License
553 stars 90 forks source link

There is an existing account; registration of a duplicate account with this command is currently unsupported. #100

Open GV-007 opened 4 years ago

GV-007 commented 4 years ago

After full re-staging (from test to production env), we get following error: There is an existing account; registration of a duplicate account with this command is currently unsupported. We still use the LetsEncrypt staging environment. Any solution ?

adferrand commented 4 years ago

Yes, you need to delete the existing /etc/letsencrypt folder content, or staging certs will collapse with production certs (including their config). It is something that I did not explain in the new documentation.

I just added it back: https://dnsrobocert.readthedocs.io/en/latest/miscellaneous.html#activating-staging-acme-servers

GV-007 commented 4 years ago

This seems to be solved now, many thanks ! Working for the domain certs, but still have an issue with subdomain certificates:

2020-05-07 06:01:15 7245bbf19959 dnsrobocert.core.main[1] INFO Handling the certificate for domain(s): nsoc-srv-uc1.int.nsoc.works

2020-05-07 06:01:15 7245bbf19959 dnsrobocert.core.utils[1] INFO Launching command: /usr/bin/python3 -m dnsrobocert.core.certbot certonly -n --config-dir /etc/letsencrypt --work-dir /etc/letsencrypt/workdir --logs-dir /etc/letsencrypt/logs --manual --preferred-challenges=dns --manual-auth-hook "/usr/bin/python3 -m dnsrobocert.core.hooks -t auth -c \"/tmp/tmp16xemqvm/dnsrobocert-runtime.yml\" -l \"Server nsoc-srv-uc1.int.nsoc.works\"" --manual-cleanup-hook "/usr/bin/python3 -m dnsrobocert.core.hooks -t cleanup -c \"/tmp/tmp16xemqvm/dnsrobocert-runtime.yml\" -l \"Server nsoc-srv-uc1.int.nsoc.works\"" --manual-public-ip-logging-ok --expand --deploy-hook "/usr/bin/python3 -m dnsrobocert.core.hooks -t deploy -c \"/tmp/tmp16xemqvm/dnsrobocert-runtime.yml\" -l \"Server nsoc-srv-uc1.int.nsoc.works\"" --server https://acme-v02.api.letsencrypt.org/directory --cert-name "Server nsoc-srv-uc1.int.nsoc.works" -d nsoc-srv-uc1.int.nsoc.works

----------

Saving debug log to /etc/letsencrypt/logs/letsencrypt.log

Plugins selected: Authenticator manual, Installer None

Obtaining a new certificate

Performing the following challenges:

dns-01 challenge for nsoc-srv-uc1.int.nsoc.works

Running manual-auth-hook command: /usr/bin/python3 -m dnsrobocert.core.hooks -t auth -c "/tmp/tmp16xemqvm/dnsrobocert-runtime.yml" -l "Server nsoc-srv-uc1.int.nsoc.works"

manual-auth-hook command "/usr/bin/python3 -m dnsrobocert.core.hooks -t auth -c "/tmp/tmp16xemqvm/dnsrobocert-runtime.yml" -l "Server nsoc-srv-uc1.int.nsoc.works"" returned error code 1

Error output from manual-auth-hook command python3:

2020-05-07 06:01:19 7245bbf19959 __main__[19] ERROR Error while executing the `auth` hook:

2020-05-07 06:01:19 7245bbf19959 __main__[19] ERROR No domain found

Traceback (most recent call last):

  File "/usr/lib/python3.8/site-packages/lexicon/providers/route53.py", line 128, in _authenticate

    hosted_zone = next(

StopIteration

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

  File "/usr/lib/python3.8/site-packages/dnsrobocert/core/hooks.py", line 48, in main

    globals()[parsed_args.type](dnsrobocert_config, parsed_args.lineage)

  File "/usr/lib/python3.8/site-packages/dnsrobocert/core/hooks.py", line 63, in auth

    _txt_challenge(profile, token, domain, action="create")

  File "/usr/lib/python3.8/site-packages/dnsrobocert/core/hooks.py", line 174, in _txt_challenge

    Client(lexicon_config).execute()

  File "/usr/lib/python3.8/site-packages/lexicon/client.py", line 77, in execute

    self.provider.authenticate()

  File "/usr/lib/python3.8/site-packages/lexicon/providers/base.py", line 69, in authenticate

    return self._authenticate()

  File "/usr/lib/python3.8/site-packages/lexicon/providers/route53.py", line 134, in _authenticate

    raise Exception('No domain found')

ception: No domain found

Waiting for verification...

Challenge failed for domain nsoc-srv-uc1.int.nsoc.works

dns-01 challenge for nsoc-srv-uc1.int.nsoc.works

Cleaning up challenges

Running manual-cleanup-hook command: /usr/bin/python3 -m dnsrobocert.core.hooks -t cleanup -c "/tmp/tmp16xemqvm/dnsrobocert-runtime.yml" -l "Server nsoc-srv-uc1.int.nsoc.works"

manual-cleanup-hook command "/usr/bin/python3 -m dnsrobocert.core.hooks -t cleanup -c "/tmp/tmp16xemqvm/dnsrobocert-runtime.yml" -l "Server nsoc-srv-uc1.int.nsoc.works"" returned error code 1

Error output from manual-cleanup-hook command python3:

2020-05-07 06:01:21 7245bbf19959 __main__[21] ERROR Error while executing the `cleanup` hook:

2020-05-07 06:01:21 7245bbf19959 __main__[21] ERROR No domain found

Traceback (most recent call last):

  File "/usr/lib/python3.8/site-packages/lexicon/providers/route53.py", line 128, in _authenticate

    hosted_zone = next(

StopIteration

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

  File "/usr/lib/python3.8/site-packages/dnsrobocert/core/hooks.py", line 48, in main

    globals()[parsed_args.type](dnsrobocert_config, parsed_args.lineage)

  File "/usr/lib/python3.8/site-packages/dnsrobocert/core/hooks.py", line 125, in cleanup

    _txt_challenge(profile, token, domain, action="delete")

  File "/usr/lib/python3.8/site-packages/dnsrobocert/core/hooks.py", line 174, in _txt_challenge

    Client(lexicon_config).execute()

  File "/usr/lib/python3.8/site-packages/lexicon/client.py", line 77, in execute

    self.provider.authenticate()

  File "/usr/lib/python3.8/site-packages/lexicon/providers/base.py", line 69, in authenticate

    return self._authenticate()

  File "/usr/lib/python3.8/site-packages/lexicon/providers/route53.py", line 134, in _authenticate

    raise Exception('No domain found')

ception: No domain found

Some challenges have failed.

IMPORTANT NOTES:

 - The following errors were reported by the server:

   Domain: nsoc-srv-uc1.int.nsoc.works

   Type:   dns

   Detail: DNS problem: NXDOMAIN looking up TXT for

   _acme-challenge.nsoc-srv-uc1.int.nsoc.works - check that a DNS

   record exists for this domain

----------

2020-05-07 06:01:21 7245bbf19959 dnsrobocert.core.main[1] ERROR An error occurred while processing certificate config `{'name': 'Server nsoc-srv-uc1.int.nsoc.works', 'domains': ['nsoc-srv-uc1.int.nsoc.works'], 'profile': 'AWS_route53_int'}`:

Command '['/usr/bin/python3', '-m', 'dnsrobocert.core.certbot', 'certonly', '-n', '--config-dir', '/etc/letsencrypt', '--work-dir', '/etc/letsencrypt/workdir', '--logs-dir', '/etc/letsencrypt/logs', '--manual', '--preferred-challenges=dns', '--manual-auth-hook', '/usr/bin/python3 -m dnsrobocert.core.hooks -t auth -c "/tmp/tmp16xemqvm/dnsrobocert-runtime.yml" -l "Server nsoc-srv-uc1.int.nsoc.works"', '--manual-cleanup-hook', '/usr/bin/python3 -m dnsrobocert.core.hooks -t cleanup -c "/tmp/tmp16xemqvm/dnsrobocert-runtime.yml" -l "Server nsoc-srv-uc1.int.nsoc.works"', '--manual-public-ip-logging-ok', '--expand', '--deploy-hook', '/usr/bin/python3 -m dnsrobocert.core.hooks -t deploy -c "/tmp/tmp16xemqvm/dnsrobocert-runtime.yml" -l "Server nsoc-srv-uc1.int.nsoc.works"', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--cert-name', 'Server nsoc-srv-uc1.int.nsoc.works', '-d', 'nsoc-srv-uc1.int.nsoc.works']' returned non-zero exit status 1.

2020-05-07 06:01:21 7245bbf19959 dnsrobocert.core.main[1] INFO Revoke and delete certificates if needed
adferrand commented 4 years ago

Hello! Yes, subdomains generally need that you explicitly define what is the domain associated to the zone, using the delegated_subdomain in the profile section. You can check the doc for its usage.