'Namespace' object has no attribute 'certbot_dns_netcup:dns_netcup_propagation_seconds'

Yasu-San commented 5 years ago

I get the following error every time the automatic certbot-task starts:

certbot[*****]: Renewal configuration file /etc/letsencrypt/renewal/domain.tld.conf (cert: domain.tld) produced an unexpected error: 'Namespace' object has no attribute 'certbot_dns_netcup:dns_netcup_propagation_seconds'. Skipping.
certbot[*****]: Renewal configuration file /etc/letsencrypt/renewal/domain2.tld.conf (cert: domain2.tld) produced an unexpected error: 'Namespace' object has no attribute 'certbot_dns_netcup:dns_netcup_propagation_seconds'. Skipping.
certbot[*****]: 0 renew failure(s), 2 parse failure(s)

Excerpt from Configuration-File:

# Options used in the renewal process
[renewalparams]
authenticator = certbot-dns-netcup:dns-netcup
certbot_dns_netcup:dns_netcup_propagation_seconds = 900

It seems like the certificates don't get automatically renewed

coldfix commented 5 years ago

Hi, what versions of certbot and certbot_dns_netcup are you running?

Yasu-San commented 5 years ago

Certbot: 0.34.2 (installed via apt) certbot-dns-netcup: 0.31.0.1 (installed via pip)

coldfix commented 5 years ago

Hi, I checked with the same versions but cannot reproduce unfortunately. I have the same renewalparameters.

Is there a more detailed log file with the full traceback?

Yasu-San commented 5 years ago

It seems like it only happens if certbot is triggered by systemd

Excerpt from letsencrypt.log:

DEBUG:certbot.main:certbot version: 0.28.0
DEBUG:certbot.main:Arguments: ['-q']
DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
DEBUG:certbot.log:Root logging level set at 30
INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f94240b3470> and installer <certbot.cli._Default object at 0x7f94240b3470>
WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/domain2.tld.conf (cert: domain2.tld) produced an unexpected error: 'Namespace' object has no attribute 'certbot_dns_netcup:dns_netcup_propagation_seconds'. Skipping.
DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 406, in handle_renewal_request
    renewal_candidate = _reconstitute(lineage_config, renewal_file)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 83, in _reconstitute
    _restore_plugin_configs(config, renewalparams)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 151, in _restore_plugin_configs
    if config_item.startswith(plugin_prefix + "_") and not cli.set_by_cli(config_item):
  File "/usr/lib/python3/dist-packages/certbot/cli.py", line 217, in set_by_cli
    if not isinstance(getattr(detector, var), _Default):
AttributeError: 'Namespace' object has no attribute 'certbot_dns_netcup:dns_netcup_propagation_seconds'

WARNING:certbot.renewal:Renewal configuration file /etc/letsencrypt/renewal/domain.tld.conf (cert: domain.tld) produced an unexpected error: 'Namespace' object has no attribute 'certbot_dns_netcup:dns_netcup_propagation_seconds'. Skipping.
DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 406, in handle_renewal_request
    renewal_candidate = _reconstitute(lineage_config, renewal_file)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 83, in _reconstitute
    _restore_plugin_configs(config, renewalparams)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 151, in _restore_plugin_configs
    if config_item.startswith(plugin_prefix + "_") and not cli.set_by_cli(config_item):
  File "/usr/lib/python3/dist-packages/certbot/cli.py", line 217, in set_by_cli
    if not isinstance(getattr(detector, var), _Default):
AttributeError: 'Namespace' object has no attribute 'certbot_dns_netcup:dns_netcup_propagation_seconds'

DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1340, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1247, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 455, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 0 renew failure(s), 2 parse failure(s)

I have no idea why the log contains the version number 0.28.0. The output of certbot --version says certbot 0.34.2

coldfix commented 5 years ago

I would guess the systemd job somehow runs an old version of certbot, e.g.:

you have a separate certbot installation that is used by your systemd jobs (e.g. in a docker container)
or: when running systemd manually, certbot may have auto-upgraded itself to the newest version, but installed those files only into the user folder which are not seen by the systemd job

Does the path (/usr/lib/python3/dist-packages/certbot) match what is used when you run certbot manually?

this version of certbot-dns-netcup requires certbot>=0.31.0.

(and btw, according to the log, the certbot installation that is being run doesn't seem to find certbot-dns-netcup either, pointing further toward a separate installation being used, or at least certbot-dns-netcup being installed e.g. at user level)

Yasu-San commented 5 years ago

You're right, there was two different versions of certbot installed and the timer only triggered the old one. Now that I removed the old version and created a new job for the new certbot-Version everything works perfectly.

Thank you for your help ;)

coldfix / certbot-dns-netcup

'Namespace' object has no attribute 'certbot_dns_netcup:dns_netcup_propagation_seconds' #5