howto?

[vespino]

I would like to try this plugin (is that what it's called), but I have not idea where to begin. I downloaded the tar.gz file and extracted it to /opt/certbot-dns-directadmin but then what?

[guisea]

Hi,

So you need to install certbot and also this plugin locally. No need to download the src it is published to Pypi.

To just try it out you can use the premade docker image. See: https://hub.docker.com/r/cybercinch/certbot-dns-directadmin

Also the docs for the plugin will step through creation of credentials file and the command line parameters.

https://certbot-dns-directadmin.readthedocs.io/en/stable/index.html

On Feb 24, 2024 at 9:30 AM, <vespino @.***)> wrote:

I would like to try this plugin (is that what it's called), but I have not idea where to begin. I downloaded the tar.gz file and extracted it to /opt/certbot-dns-directadmin but then what?

— Reply to this email directly, view it on GitHub (https://github.com/cybercinch/certbot-dns-directadmin/issues/14), or unsubscribe (https://github.com/notifications/unsubscribe-auth/AA7Q3YFR3CELW3EF7E4Z4Y3YVD35BAVCNFSM6AAAAABDXJXGGCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGE2TCNZVGEYDMOI). You are receiving this because you are subscribed to this thread.Message ID: @.***>

[vespino]

So the idea behind this project/plugin is not integrating it into an existing project, but running it on the side only to create the certificates and then move them to the project?

[guisea]

Correct, it is a plugin for a standalone tool named certbot.

On Feb 24, 2024 at 9:10 PM, <vespino @.***)> wrote:

So the idea behind this project/plugin is not integrating it into an existing project, but running it on the side only to create the certificates and then move them to the project?

— Reply to this email directly, view it on GitHub (https://github.com/cybercinch/certbot-dns-directadmin/issues/14#issuecomment-1962293935), or unsubscribe (https://github.com/notifications/unsubscribe-auth/AA7Q3YFO26RPYJL4G2KME3LYVGN7NAVCNFSM6AAAAABDXJXGGCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRSGI4TGOJTGU). You are receiving this because you commented.Message ID: @.***>

[vespino]

Cheers. And what about this remark? https://github.com/cybercinch/certbot-dns-directadmin/issues/11

[guisea]

Not able to replicate. I have provisioned with latest. And this driver/plugin is integrated with SWAG a reverse proxy which provides SSL via certbot and this plugin.

[vespino]

Alright, I’ll give this a try, if it works it would help me out a lot.

[vespino]

I created a docker-compose.yml like this...

services:
  certbot-dns-directadmin:
    build: .
    image: certbot-dns-directadmin
    container_name: certbot-dns-directadmin
    ports:
      - 8080:80
      - 8081:443

...and placed the Dockerfile in the same directory:

FROM certbot/certbot:latest
RUN pip install certbot-dns-directadmin

When running sudo docker-compose up -d the container spins up, shows the following logs and stops:

Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

[vespino]

Same when I use the following docker-compose.yml:

services:
  certbot-dns-directadmin:
    image: cybercinch/certbot-dns-directadmin:latest
    container_name: certbot-dns-directadmin
    ports:
      - 8080:80
      - 8081:443

[guisea]

I have tested the docker container. It worked as it did a year ago.

docker run -it --rm --name certbot \
        -v "${PWD}/letsencrypt/etc:/etc/letsencrypt" \
        cybercinch/certbot-dns-directadmin certonly --agree-tos \
        --authenticator directadmin \
        --directadmin-credentials=/etc/letsencrypt/credentials.ini \
        --register-unsafely-without-email \
        -d test.cybercinch.co.nz

After running this in the container the files in my home directory looks like.

letsencrypt/etc/ ├── accounts │   └── acme-v02.api.letsencrypt.org │   └── directory │   └── 1df316c765e90a8a43813154cdd4992b │   ├── meta.json │   ├── private_key.json │   └── regr.json ├── archive │   └── test.cybercinch.co.nz │   ├── cert1.pem │   ├── chain1.pem │   ├── fullchain1.pem │   └── privkey1.pem ├── credentials.ini ├── csr │   ├── 0000_csr-certbot.pem │   ├── 0001_csr-certbot.pem │   └── 0002_csr-certbot.pem ├── keys │   ├── 0000_key-certbot.pem │   ├── 0001_key-certbot.pem │   └── 0002_key-certbot.pem ├── live │   ├── README │   └── test.cybercinch.co.nz │   ├── cert.pem -> ../../archive/test.cybercinch.co.nz/cert1.pem │   ├── chain.pem -> ../../archive/test.cybercinch.co.nz/chain1.pem │   ├── fullchain.pem -> ../../archive/test.cybercinch.co.nz/fullchain1.pem │   ├── privkey.pem -> ../../archive/test.cybercinch.co.nz/privkey1.pem │   └── README ├── renewal │   └── test.cybercinch.co.nz.conf └── renewal-hooks ├── deploy ├── post └── pre

You can see certificate has been issued.

I am publishing a new image soon which will work with the new identifiers when specifying an authenticator.

Also worked fine with the latest version of certbot "2.9.0".

(venv) [*****@localhost ~]$ sudo /home/*******/venv/bin/certbot certonly --debug -v --non-interactive --authenticator dns-directadmin --dns-directadmin-credentials /home/*******/le-creds.ini --dns-directadmin-propagation-seconds 120 --agree-tos --register-unsafely-without-email -d test.*******.co.nz --dry-run
[sudo] password for *****: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-directadmin, Installer None
Simulating a certificate request for test.*******.co.nz
Performing the following challenges:
dns-01 challenge for test.*******.co.nz
Successfully added TXT record for _acme-challenge.test.*******.co.nz
Waiting 120 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges
Successfully removed TXT record for _acme-challenge.test..*******..co.nz
The dry run was successful.

Credentials file looks like:

# The DirectAdmin Server url

# include the scheme and the port number (Normally 2222) can be omitted if proxied to run on standard port "443"

dns_directadmin_url = https://my.daserver.co.nz:2222
# The DirectAdmin username
dns_directadmin_username = we******
# The DirectAdmin password
dns_directadmin_password = insert-login-key-here

[guisea]

New container and PyPi package has been released. Docs have also been updated now too on readthedocs matching the new authenticator identifiers.

[vespino]

Thanks for this explanation. I think I now know what I was doing wrong, it’s not intended as a running container, but more as an executable. I will give it another go.