search

bikram990 / certbot-dns-dynu

Dynu DNS Authenticator plugin for Certbot
Apache License 2.0
12 stars 8 forks source link

Plugin legacy name certbot-dns-dynu:dns-dynu may be removed in a future version. Please use dns-dynu instead. #1

Closed thepasto closed 2 years ago

thepasto commented 2 years ago

Hi, thanks for this amazing certbot addon.

I just tried it, and it works very well. I only see a warning i reported in the subject. Plugin legacy name certbot-dns-dynu:dns-dynu may be removed in a future version. Please use dns-dynu instead.

If i try to use dns-dynu like in suggestion, it complains about next options (i.e missing credentials file path).

I don't know if this will be a problem for certbot future releases.

Thanks again

bikram990 commented 2 years ago

@thepasto Thanks for reporting the issue. You can use dns-dynu in the --authenticator parameter. However you need to keep --certbot-dns-dynu:dns-dynu-credentials parameter as it is. I've updated the README.

thepasto commented 2 years ago

Thanks for your revirew. this is what i get if i use new authenticator parameter

certbot certonly --dry-run -d "*.*******.***" --authenticator dns-dynu --certbot-dns-dynu:dns-dynu-credentials /etc/letsencrypt/dynu-credentials.ini --certbot-dns-dynu:dns-dynu-propagation-seconds 600

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Simulating a certificate request for *.*******.***
Input the path to your Absolute path to Dynu credentials file (Enter 'c' to
cancel): c
Absolute path to Dynu credentials file required to proceed.
bikram990 commented 2 years ago

@thepasto Could you Please share the logs, certbot version and file permissions on the credentials file along with the user as which you are running certbot ?

thepasto commented 2 years ago

Here they are.

2022-01-10 11:11:29,678:DEBUG:certbot._internal.main:certbot version: 1.22.0
2022-01-10 11:11:29,680:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-01-10 11:11:29,680:DEBUG:certbot._internal.main:Arguments: ['-v', '--dry-run', '-d', '*.*******.***', '--authenticator', 'dns-dynu', '--certbot-dns-dynu:dns-dynu-credentials', '/etc/letsencrypt/dynu-credentials.ini', '--certbot-dns-dynu:dns-dynu-propagation-seconds', '600']
2022-01-10 11:11:29,680:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#certbot-dns-dynu:dns-dynu,PluginEntryPoint#dns-dynu,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-01-10 11:11:29,686:DEBUG:certbot._internal.log:Root logging level set at 20
2022-01-10 11:11:29,687:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-dynu and installer None
2022-01-10 11:11:29,690:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-dynu
Description: Obtain certificates using a DNS TXT record (if you are using Dynu for DNS.)
Interfaces: Authenticator, Plugin
Entry point: dns-dynu = certbot_dns_dynu.dns_dynu:Authenticator
Initialized: <certbot_dns_dynu.dns_dynu.Authenticator object at 0x7f2cfc56ba58>
Prep: True
2022-01-10 11:11:29,691:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_dynu.dns_dynu.Authenticator object at 0x7f2cfc56ba58> and installer None
2022-01-10 11:11:29,691:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-dynu, Installer None
2022-01-10 11:11:29,696:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f2cf8ca7160>)>), contact=(), agreement='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf', status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging.api.letsencrypt.org/acme/reg/5441240', new_authzr_uri='https://acme-staging.api.letsencrypt.org/acme/new-authz', terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 70f75c6724197b981846e672bd63cd7d, Meta(creation_dt=datetime.datetime(2018, 1, 24, 23, 35, 33, tzinfo=<UTC>), creation_host='ubuntu', register_to_eff=None))>
2022-01-10 11:11:29,696:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2022-01-10 11:11:29,698:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2022-01-10 11:11:30,202:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 822
2022-01-10 11:11:30,204:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Jan 2022 10:11:30 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "KU7Ou2tsNi0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-aaron-ari/renewalInfo/",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-01-10 11:11:30,242:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-dynu and installer <certbot._internal.cli.cli_utils._Default object at 0x7f2cf85f6c50>
2022-01-10 11:11:30,248:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2022-01-10 11:11:30,279:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2022-01-10 11:11:30,280:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/*******.***/cert1.pem is signed by the certificate's issuer.
2022-01-10 11:11:30,283:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/*******.***/cert1.pem is: OCSPCertStatus.GOOD
2022-01-10 11:11:30,286:INFO:certbot._internal.renewal:Certificate not due for renewal, but simulating renewal for dry run
2022-01-10 11:11:30,286:DEBUG:certbot._internal.display.obj:Notifying user: Simulating renewal of an existing certificate for *.*******.***
2022-01-10 11:11:30,319:DEBUG:acme.client:Requesting fresh nonce
2022-01-10 11:11:30,320:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2022-01-10 11:11:30,474:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-01-10 11:11:30,475:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Jan 2022 10:11:30 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002JGU3A9QOj3034s4PsEeZB0aqraLVFs-THDIWYZHnvOU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2022-01-10 11:11:30,475:DEBUG:acme.client:Storing nonce: 0002JGU3A9QOj3034s4PsEeZB0aqraLVFs-THDIWYZHnvOU
2022-01-10 11:11:30,475:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "*.*******.***"\n    }\n  ]\n}'
2022-01-10 11:11:30,479:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvNTQ0MTI0MCIsICJub25jZSI6ICIwMDAySkdVM0E5UU9qMzAzNHM0UHNFZVpCMGFxcmFMVkZzLVRIRElXWVpIbnZPVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "aO3hVFJIG4-iJMzk-nNlJPt32oSwjiIxhs_OEWg6NTW9_uPg3tRptE6WcUqQYPr94IHq3WgHwesnI1XJ4oiwb9Q3x-LEtPkKmw97s24lxqpB-duI8moBNxFOK9exY0AAbkioC9JpaNrZRir0RxHPuUxfZMEWgf1hj6q7W6K2j6Lr4mfnM7NYFY2LUVW-y_lMRG6kBntov-YQaWLYwILB-cS--1KRFLAdTkXkvRqJy7_SNsAm4W5yLsPtvPSzttHT7Mf3sQMKoTKJgVHGl7ds0HmzobfY4uatZItOVKE1fHN1m1ZCEGqTYcoBH9bu_J7zuF_gj3kg9o0ziaA2HncZIw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIiouaXJpZGVhcHBzLnRrIgogICAgfQogIF0KfQ"
}
2022-01-10 11:11:30,654:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 349
2022-01-10 11:11:30,655:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 10 Jan 2022 10:11:30 GMT
Content-Type: application/json
Content-Length: 349
Connection: keep-alive
Boulder-Requester: 5441240
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/5441240/1492792918
Replay-Nonce: 00021NXipqnSXU9vLIdPgOqlvjt9zsRnQ3pQZlWuF6mUvGA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-01-17T09:35:55Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.*******.***"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1390853668"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/5441240/1492792918"
}
2022-01-10 11:11:30,655:DEBUG:acme.client:Storing nonce: 00021NXipqnSXU9vLIdPgOqlvjt9zsRnQ3pQZlWuF6mUvGA
2022-01-10 11:11:30,656:DEBUG:acme.client:JWS payload:
b''
2022-01-10 11:11:30,659:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1390853668:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvNTQ0MTI0MCIsICJub25jZSI6ICIwMDAyMU5YaXBxblNYVTl2TElkUGdPcWx2anQ5enNSblEzcFFabFd1RjZtVXZHQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMzkwODUzNjY4In0",
  "signature": "RNVoIj8cz3Og-IJ9b2pZ7_5uSYWfnhOC1bObX-PeR8Yb2L-FtvttruJms_x3J9OesMVjZZBH0YrZjXSayRfwlbAamwYV5nSd7owtIDSyh80j12C2NtLvzdhisVQjdYq7nSL1Ft7wy6FM9Xi5zLvK1uvNVyRodb9xyPU6INAAeNDFLkG7grjBjt1kyNSa9TeMIltUXme1OKZuzOWgGwejuXhmbHCPRzwW0w4DsOBAa9gUOahUzQJDL3isTvi64WqmQEqH0SgasEuMB2W9UTBh38ESpQFEiovvRadeph0pnCH3UB6FqiH9PwT4fu4ZEcRyHc6lE6o35zLaxWFhgRZ7mQ",
  "payload": ""
}
2022-01-10 11:11:30,818:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1390853668 HTTP/1.1" 200 392
2022-01-10 11:11:30,819:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Jan 2022 10:11:30 GMT
Content-Type: application/json
Content-Length: 392
Connection: keep-alive
Boulder-Requester: 5441240
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001A-xJzjsQH8NDY15GvfidSsftU-fk-4RZ0kT-LIJPWaA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "*.*******.***"
  },
  "status": "pending",
  "expires": "2022-01-17T09:35:55Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1390853668/SDwogg",
      "token": "YYqgq3P2Po_3YY7IibzTAgaz5wb3XC6D6ybsU2-2Ekg"
    }
  ],
  "wildcard": true
}
2022-01-10 11:11:30,819:DEBUG:acme.client:Storing nonce: 0001A-xJzjsQH8NDY15GvfidSsftU-fk-4RZ0kT-LIJPWaA
2022-01-10 11:11:30,820:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-01-10 11:11:30,820:INFO:certbot._internal.auth_handler:dns-01 challenge for *******.***
2022-01-10 11:11:36,193:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 85, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/opt/certbot/lib/python3.6/site-packages/certbot/plugins/dns_common.py", line 66, in perform
    self._setup_credentials()
  File "/opt/certbot/lib/python3.6/site-packages/certbot_dns_dynu/dns_dynu.py", line 43, in _setup_credentials
    'Absolute path to Dynu credentials file')
  File "/opt/certbot/lib/python3.6/site-packages/certbot/plugins/dns_common.py", line 160, in _configure_file
    new_value = self._prompt_for_file(label, validator)
  File "/opt/certbot/lib/python3.6/site-packages/certbot/plugins/dns_common.py", line 258, in _prompt_for_file
    raise errors.PluginError('{0} required to proceed.'.format(label))
certbot.errors.PluginError: Absolute path to Dynu credentials file required to proceed.

2022-01-10 11:11:36,194:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-01-10 11:11:36,194:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-01-10 11:11:36,194:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.6/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.6/site-packages/certbot/_internal/main.py", line 1632, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.6/site-packages/certbot/_internal/main.py", line 1491, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.6/site-packages/certbot/_internal/main.py", line 127, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/opt/certbot/lib/python3.6/site-packages/certbot/_internal/renewal.py", line 345, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/opt/certbot/lib/python3.6/site-packages/certbot/_internal/client.py", line 424, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.6/site-packages/certbot/_internal/client.py", line 476, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 85, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/opt/certbot/lib/python3.6/site-packages/certbot/plugins/dns_common.py", line 66, in perform
    self._setup_credentials()
  File "/opt/certbot/lib/python3.6/site-packages/certbot_dns_dynu/dns_dynu.py", line 43, in _setup_credentials
    'Absolute path to Dynu credentials file')
  File "/opt/certbot/lib/python3.6/site-packages/certbot/plugins/dns_common.py", line 160, in _configure_file
    new_value = self._prompt_for_file(label, validator)
  File "/opt/certbot/lib/python3.6/site-packages/certbot/plugins/dns_common.py", line 258, in _prompt_for_file
    raise errors.PluginError('{0} required to proceed.'.format(label))
certbot.errors.PluginError: Absolute path to Dynu credentials file required to proceed.
2022-01-10 11:11:36,197:ERROR:certbot._internal.log:Absolute path to Dynu credentials file required to proceed.

I'm running this command as root, files permissions are ok, everything is working with --authenticator certbot-dns-dynu:dns-dynu, anyway:

ubuntu www # ls -l /etc/letsencrypt/dynu-credentials.ini 
-rw------- 1 root root 72 Jan  5 10:49 /etc/letsencrypt/dynu-credentials.ini

Thank you

bikram990 commented 2 years ago

Apologies for wrong information in my previous comment. I was using a wrong build of certbot.

You would have to remove certbot-dns-dynu from all the arguments and even from the credentials.ini file.

Sample Credentials file:

cat ~/dynu-credentials.ini                                                                                                                                                           ─╯
dns_dynu_auth_token = xxxxxxxx

Sample command:

certbot --dry-run --authenticator dns-dynu --dns-dynu-credentials ~/dynu-credentials.ini certonly --work-dir . --logs-dir . --config-dir . --email <my_email> -d <my_subdomain>.freeddns.org --dns-dynu-propagation-seconds 600

Could you please confirm if this works for you?

thepasto commented 2 years ago

It's working, thank you so much for you time!