search

cybercinch / certbot-dns-directadmin

certbot plugin to allow acme dns-01 authentication of a name managed in DirectAdmin
Other
9 stars 5 forks source link

Not detected by certbot #26

Open extrememicro opened 2 months ago

extrememicro commented 2 months ago

I'm testing this plugin but failed to execute it in this scenarios:

Using docker images

❯ sudo docker run -it --rm --name certbot \
     -v "${PWD}/letsencrypt/etc:/etc/letsencrypt" \
     cybercinch/certbot-dns-directadmin:v1.0.9 certonly --agree-tos \
     --authenticator dns-directadmin \
     --dns-directadmin-credentials=credentials.ini \
     --register-unsafely-without-email \
     -d "*.domain.com"
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --dns-directadmin-credentials=credentials.ini

Using latest docker image:

...
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "certonly": executable file not found in $PATH: unknown.

Tried using a venv and with pip in a test server with python 3.10

root@srv:~# pip install certbot-dns-directadmin
Collecting certbot-dns-directadmin
  Using cached certbot_dns_directadmin-1.0.6-py3-none-any.whl (10 kB)
Collecting certbot<2.0.0,>=1.8.0
  Using cached certbot-1.32.0-py3-none-any.whl (273 kB)
Collecting acme<2.0.0,>=1.32.0
  Using cached acme-1.32.0-py3-none-any.whl (50 kB)
Collecting requests>=2.20.0
  Using cached requests-2.32.1-py3-none-any.whl (63 kB)
Collecting pyrfc3339
  Using cached pyRFC3339-1.1-py2.py3-none-any.whl (5.7 kB)
Collecting requests-toolbelt>=0.3.0
  Using cached requests_toolbelt-1.0.0-py2.py3-none-any.whl (54 kB)
Collecting pytz>=2019.3
  Using cached pytz-2024.1-py2.py3-none-any.whl (505 kB)
Requirement already satisfied: setuptools>=41.6.0 in ./.direnv/python-3.10.12/lib/python3.10/site-packages (from acme<2.0.0,>=1.32.0->certbot-dns-directadmin) (59.6.0)
Collecting cryptography>=2.5.0
  Using cached cryptography-42.0.7-cp39-abi3-manylinux_2_28_x86_64.whl (3.8 MB)
Collecting josepy>=1.13.0
  Using cached josepy-1.14.0-py3-none-any.whl (32 kB)
Collecting PyOpenSSL>=17.5.0
  Using cached pyOpenSSL-24.1.0-py3-none-any.whl (56 kB)
Collecting zope.interface
  Using cached zope.interface-6.4-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (247 kB)
Collecting configobj>=5.0.6
  Using cached configobj-5.0.8-py2.py3-none-any.whl (36 kB)
Collecting ConfigArgParse>=0.9.3
  Using cached ConfigArgParse-1.7-py3-none-any.whl (25 kB)
Collecting zope.component
  Using cached zope.component-6.0-py3-none-any.whl (68 kB)
Collecting distro>=1.0.1
  Using cached distro-1.9.0-py3-none-any.whl (20 kB)
Collecting parsedatetime>=2.4
  Using cached parsedatetime-2.6-py3-none-any.whl (42 kB)
Collecting six
  Using cached six-1.16.0-py2.py3-none-any.whl (11 kB)
Collecting cffi>=1.12
  Using cached cffi-1.16.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (443 kB)
Collecting urllib3<3,>=1.21.1
  Using cached urllib3-2.2.1-py3-none-any.whl (121 kB)
Collecting certifi>=2017.4.17
  Using cached certifi-2024.2.2-py3-none-any.whl (163 kB)
Collecting charset-normalizer<4,>=2
  Using cached charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (142 kB)
Collecting idna<4,>=2.5
  Using cached idna-3.7-py3-none-any.whl (66 kB)
Collecting zope.hookable>=4.2.0
  Using cached zope.hookable-6.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (23 kB)
Collecting zope.event
  Using cached zope.event-5.0-py3-none-any.whl (6.8 kB)
Collecting pycparser
  Using cached pycparser-2.22-py3-none-any.whl (117 kB)
Installing collected packages: pytz, parsedatetime, zope.interface, zope.hookable, zope.event, urllib3, six, pyrfc3339, pycparser, idna, distro, ConfigArgParse, charset-normalizer, certifi, zope.component, requests, configobj, cffi, requests-toolbelt, cryptography, PyOpenSSL, josepy, acme, certbot, certbot-dns-directadmin
Successfully installed ConfigArgParse-1.7 PyOpenSSL-24.1.0 acme-1.32.0 certbot-1.32.0 certbot-dns-directadmin-1.0.6 certifi-2024.2.2 cffi-1.16.0 charset-normalizer-3.3.2 configobj-5.0.8 cryptography-42.0.7 distro-1.9.0 idna-3.7 josepy-1.14.0 parsedatetime-2.6 pycparser-2.22 pyrfc3339-1.1 pytz-2024.1 requests-2.32.1 requests-toolbelt-1.0.0 six-1.16.0 urllib3-2.2.1 zope.component-6.0 zope.event-5.0 zope.hookable-6.0 zope.interface-6.4
(failed reverse-i-search)`cert ': pip install ^Crtbot-dns-directadmin
root@srv:~# certbot certonly --authenticator dns-directadmin --dns-directadmin-credentials ~/.secrets/certbot/credentials.ini    -d '*.domain.com'
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --dns-directadmin-credentials /root/.secrets/certbot/credentials.ini
root@srv:~# certbot plugins
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* standalone
Description: Spin up a temporary webserver
Interfaces: Authenticator, Plugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator

* webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@srv:~#

I got a working detected plugin by certbot installing with pip version 1.0.4. I think that through the use of entry points defined in the plugin's setup.py. Since this repo is using poetry it seems that is not detected any more.

I copied manually updated directadmin.py and dns_directadmin.py but wildcard domains aren't supported right?


2024-05-21 18:10:51,452:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/root/.direnv/python-3.10.12/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot/_internal/main.py", line 1744, in main
    return config.func(config, plugins)
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot/_internal/main.py", line 1591, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot/_internal/client.py", line 530, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot/_internal/client.py", line 442, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot/_internal/client.py", line 510, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 86, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot/plugins/dns_common.py", line 76, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot_dns_directadmin/dns_directadmin.py", line 79, in _perform
    self._get_directadmin_client().add_txt_record(
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot_dns_directadmin/dns_directadmin.py", line 121, in add_txt_record
    (directadmin_zone, directadmin_name, is_pointer) = self._get_zone_and_name(
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot_dns_directadmin/dns_directadmin.py", line 175, in _get_zone_and_name
    domains = self.client.get_domain_list()
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot_dns_directadmin/directadmin.py", line 83, in get_domain_list
    r = self.make_request(
  File "/root/.direnv/python-3.10.12/lib/python3.10/site-packages/certbot_dns_directadmin/directadmin.py", line 42, in make_request
    response = urlopen(
  File "/usr/lib/python3.10/urllib/request.py", line 216, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python3.10/urllib/request.py", line 525, in open
    response = meth(req, response)
  File "/usr/lib/python3.10/urllib/request.py", line 634, in http_response
    response = self.parent.error(
  File "/usr/lib/python3.10/urllib/request.py", line 563, in error
    return self._call_chain(*args)
  File "/usr/lib/python3.10/urllib/request.py", line 496, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.10/urllib/request.py", line 643, in http_error_default
    raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 403: Forbidden
2024-05-21 18:10:51,453:ERROR:certbot._internal.log:An unexpected error occurred:

Thanks

bobvandevijver commented 1 week ago

I have the same issue, and as 1.0.4 has as bug I needed to manually patch the installed package in order to get it to work. Not sure why certbot isn't picking up plugin.

One thing I did not is that pip is installing 1.0.4 when requested without version, so somehow it knows the newer versions are not compatible with certbot...