search

alexzorin / certbot-dns-multi

Certbot DNS plugin supporting multiple providers, using github.com/go-acme/lego
MIT License
52 stars 7 forks source link

Error parsing credentials configuration '/etc/letsencrypt/dns-multi.ini': Invalid line ('lego --email you@example.com --dns cloudns --domains my.example.org run') (matched as neither section nor keyword) at line 7. #13

Closed emoxam closed 3 months ago

emoxam commented 4 months ago

  1. sudo snap install certbot sudo snap install certbot-dns-multi sudo snap set certbot trust-plugin-with-root=ok sudo snap connect certbot:plugin certbot-dns-multi

  2. cat /etc/letsencrypt/dns-multi.ini (it doesn't really matter will it be real credentials or not) CLOUDNS_AUTH_ID=xxxx \ CLOUDNS_AUTH_PASSWORD=yyyy \ lego --email you@example.com --dns cloudns --domains my.example.org run

/snap/bin/certbot certonly -a dns-multi \ --dns-multi-credentials=/etc/letsencrypt/dns-multi.ini \ -d "*.integris.ru" \ --dry-run -vv

Error parsing credentials configuration '/etc/letsencrypt/dns-multi.ini': Invalid line ('lego --email you@example.com --dns cloudns --domains my.example.org run') (matched as neither section nor keyword) at line 7.

What does it mean ?

alexzorin commented 3 months ago

There shouldn't be a lego command in the dns-multi.ini file.

The only valid things to put in that file are key-value pairs, like KEY=VALUE (i.e. the first two lines).

alexzorin commented 3 months ago

And you're also missing the dns_multi_provider = line (see the README of this project).

emoxam commented 3 months ago

The link is forwarding me to this one. Is it wrong syntax ? https://go-acme.github.io/lego/dns/cloudns/

if my ini is like that cat /etc/letsencrypt/dns-multi.ini

dns_multi_provider = cloudns
CLOUDNS_AUTH_ID=redacted \
CLOUDNS_AUTH_PASSWORD=redacted \

than i have an error while running this command

/snap/bin/certbot certonly -a dns-multi \
                                        --dns-multi-credentials=/etc/letsencrypt/dns-multi.ini \
                                        -d "*.integris.ru" \
                                        --dry-run -vv
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator dns-multi and installer None
Single candidate plugin: * dns-multi
Description: Obtain certificate using any of lego's supported DNS providers
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='dns-multi', value='certbot_dns_multi._internal.dns_multi:Authenticator', group='certbot.plugins')
Initialized: <certbot_dns_multi._internal.dns_multi.Authenticator object at 0x7f754bea9370>
Prep: True
Selected authenticator <certbot_dns_multi._internal.dns_multi.Authenticator object at 0x7f754bea9370> and installer None
Plugins selected: Authenticator dns-multi, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/155999803', new_authzr_uri=None, terms_of_service=None), c6ce5a32d55094abdc7f506e776a6292, Meta(creation_dt=datetime.datetime(2024, 7, 16, 12, 23, 6, tzinfo=<UTC>), creation_host='bkc.integris.ru', register_to_eff=None))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 820
Received response:
HTTP 200
Server: nginx
Date: Wed, 17 Jul 2024 06:56:14 GMT
Content-Type: application/json
Content-Length: 820
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert",
  "xpvef0D63Z8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
Notifying user: Simulating a certificate request for *.integris.ru
Simulating a certificate request for *.integris.ru
Requesting fresh nonce
Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Wed, 17 Jul 2024 06:56:14 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: ROLR2NAwuxIQgCbCMQCM5YBHNOwqiS_sbw_DxFPQBb9dEGr0grs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

Storing nonce: ROLR2NAwuxIQgCbCMQCM5YBHNOwqiS_sbw_DxFPQBb9dEGr0grs
JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "*.integris.ru"\n    }\n  ]\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTU5OTk4MDMiLCAibm9uY2UiOiAiUk9MUjJOQXd1eElRZ0NiQ01RQ001WUJITk93cWlTX3Nid19EeEZQUUJiOWRFR3IwZ3JzIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "doiD1eiopnISsjB0Km-YZ7evyNlzJw7nHv1vrUUlqw6QemMCVkTEX1QRciFxVuPL7y7Mraw9V5cq-vcTOY4sndzEWTOW4Fn91zuuazYp7KyMX6q5-Zx1DJ8ZdNDkjuAFurteK7y5EK6tEgh0X-d-oFL2L4i3qEGQQyQqE_QHpdbFLSjJ2LlZI1Ga_gEXQvoGRwKT-0PMRMdHteocAJo8k4xP4ZgpMAQRjMwMPdnqtPViedLQRlF6ZHU_Gt9r0m1_SWNUFn2ikfSfjJ3l-HsxTX4FJBrw8BhM-jBcHJ-YTpijP3blgRQS0vK5DtWMy8BKf8IwxqmCgTNfKsyrNvBJ-A",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIiouaW50ZWdyaXMucnUiCiAgICB9CiAgXQp9"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 352
Received response:
HTTP 201
Server: nginx
Date: Wed, 17 Jul 2024 06:56:14 GMT
Content-Type: application/json
Content-Length: 352
Connection: keep-alive
Boulder-Requester: 155999803
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/155999803/17832629023
Replay-Nonce: ROLR2NAwCJEuzUXFDV7xhq-dQBqW_LrqIwt-Uc1CXGf43jjK-nI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2024-07-23T14:06:01Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.integris.ru"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13186190743"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/155999803/17832629023"
}
Storing nonce: ROLR2NAwCJEuzUXFDV7xhq-dQBqW_LrqIwt-Uc1CXGf43jjK-nI
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13186190743:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTU5OTk4MDMiLCAibm9uY2UiOiAiUk9MUjJOQXdDSkV1elVYRkRWN3hocS1kUUJxV19McnFJd3QtVWMxQ1hHZjQzampLLW5JIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzEzMTg2MTkwNzQzIn0",
  "signature": "AksMzK-Ju9HY3lP6yOgbYBJIwcCpg02NckiZBE0joIO7dnqeejWpWP8bf4Yn_FmkDG-b2XahP5ndrX9fZwdxG_CcuB0Uq_vdXzwZzIfM2T7oTUtPaG6eUQMaQSxQpWtYJsKa7tabQg6q7IC2cjR3lmvSA6I4cv_EzUHJn4-Cr2gK2kBmy7XOFkiyVe6_LfxMDPim2MEMqNcRQGUfT04Dl6wT0FX21_019YGUlZxvG8eXYL6RGY2e7bsBMkqN7wBCOshnBtG701wiu8uc37GKqRgIjM-YPAxUKv4g_9MnXQdJp2kizI3ubyZzBxjPLXDF-Lphz1jtVGC94IGZrKYAbA",
  "payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13186190743 HTTP/1.1" 200 392
Received response:
HTTP 200
Server: nginx
Date: Wed, 17 Jul 2024 06:56:14 GMT
Content-Type: application/json
Content-Length: 392
Connection: keep-alive
Boulder-Requester: 155999803
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: zuRnlMmXoUYDVlGNkGZ_dHRiUuyCwiFtaAXbQ7LFRkaSFbF5ND0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "integris.ru"
  },
  "status": "pending",
  "expires": "2024-07-23T14:06:01Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13186190743/Bc2k9w",
      "status": "pending",
      "token": "1avPDwdozr57vmcBRWkXoz001uwRQnYvWunK_kKUvbU"
    }
  ],
  "wildcard": true
}
Storing nonce: zuRnlMmXoUYDVlGNkGZ_dHRiUuyCwiFtaAXbQ7LFRkaSFbF5ND0
Performing the following challenges:
dns-01 challenge for integris.ru
Configuring lego for provider cloudns with 2 options
Asking lego to create record 77mwqjEzugUhA7TpB40RWCaksTi-xCXQMcsmwp3Ledw for domain integris.ru
Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 90, in perform
    LegoClient.present(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 161, in present
    LegoClient._raise_for_response(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 193, in _raise_for_response
    raise errors.PluginError(resp["error"])
certbot.errors.PluginError: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.

Calling registered functions
Cleaning up challenges
Asking lego to clean up record 77mwqjEzugUhA7TpB40RWCaksTi-xCXQMcsmwp3Ledw for domain integris.ru
Cleanup of integris.ru failed: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.
Cleanup error was
Traceback (most recent call last):
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 90, in perform
    LegoClient.present(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 161, in present
    LegoClient._raise_for_response(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 193, in _raise_for_response
    raise errors.PluginError(resp["error"])
certbot.errors.PluginError: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 116, in cleanup
    LegoClient.cleanup(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 176, in cleanup
    LegoClient._raise_for_response(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 193, in _raise_for_response
    raise errors.PluginError(resp["error"])
certbot.errors.PluginError: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.
Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3834/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 90, in perform
    LegoClient.present(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 161, in present
    LegoClient._raise_for_response(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 193, in _raise_for_response
    raise errors.PluginError(resp["error"])
certbot.errors.PluginError: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.
ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.
emoxam commented 3 months ago

"We have checked your account and we can see that you are on Free plan, that unfortunately does not support API access. "