github-actions[bot]
commented
3 years ago Thanks for opening your first issue here! Be sure to follow the issue template!
Closed prov3it closed 3 years ago
github-actions[bot]
commented
3 years ago Thanks for opening your first issue here! Be sure to follow the issue template!
aptalca
commented
3 years ago @prov3it yeah, certbot said they'll deprecate that naming scheme for 3rd party plugins, but not sure if the plugins need to be updated for that or if it's just a certbot change. Unfortunately, I don't have the ability to test any of those plugins in question. Would you be willing to test a dev build?
prov3it
commented
3 years ago Hi @aptalca, Thats what i was thinking as well. Could be something at certbot's. I would be happy to help this swag to its next level ;-). Do know i am not a complete noob neither a very skilled docker user.
aptalca
commented
3 years ago @prov3it can you give this image a try?
lspipepr/swag:1.10.1-pkg-0d4e34ac-pr-48
it's the build from https://github.com/linuxserver/docker-swag/pull/48
prov3it
commented
3 years ago @prov3it can you give this image a try?
lspipepr/swag:1.10.1-pkg-0d4e34ac-pr-48it's the build from #48
Currently transfering a domain to transip, will test it out asap.
prov3it
commented
3 years ago Hi @aptalca
So this is what i did.
version: '3.8'
services:
letsencrypt:
image: lspipepr/swag:1.10.1-pkg-0d4e34ac-pr-48
container_name: swag
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Amsterdam
- URL=domain.tld
- EXTRA_DOMAINS=*.otherdomain.tld
- SUBDOMAINS=wildcard
- VALIDATION=dns
- DNSPLUGIN=transip
volumes:
- /mnt/usb/docker/cert/certbot/config:/config
restart: unless-stopped
labels:
- "traefik.enable=false"[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/
Brought to you by linuxserver.io
-------------------------------------
To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid: 1000
User gid: 1000
-------------------------------------
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=1000
PGID=1000
TZ=Europe/Amsterdam
URL=domain.tld
SUBDOMAINS=wildcard
EXTRA_DOMAINS=*.otherdomain.tld
ONLY_SUBDOMAINS=false
VALIDATION=dns
CERTPROVIDER=
DNSPLUGIN=transip
EMAIL=
STAGING=
Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
Wildcard cert for domain.tld will be requested
EXTRA_DOMAINS entered, processing
Extra domains processed are: -d *.otherdomain.tld
No e-mail address entered or address invalid
dns validation via transip plugin is selected
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No match found for cert-path /config/etc/letsencrypt/live/domain.tld/fullchain.pem!
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-transip, Installer None
Account registered.
Requesting a certificate for *.domain.tld and 2 more domains
Performing the following challenges:
dns-01 challenge for otherdomain.tld
dns-01 challenge for domain.tld
dns-01 challenge for domain.tld
Unsafe permissions on credentials configuration file: /config/dns-conf/transip.ini
Cleaning up challenges
Missing properties in credentials configuration file /config/dns-conf/transip.ini:
* Property "dns_transip_key_file" not found (should be RSA key file(convert with openssl rsa -in transip.key -out decrypted_key)).
* Property "dns_transip_username" not found (should be Transip username).
ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/transip.ini file.2020-12-23 12:22:52,178:DEBUG:certbot._internal.main:certbot version: 1.10.1
2020-12-23 12:22:52,178:DEBUG:certbot._internal.main:Arguments: ['--renew-by-default', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '-a', 'dns-transip', '--dns-transip-credentials', '/config/dns-conf/transip.ini', '--rsa-key-size', '4096', '--register-unsafely-without-email', '--agree-tos', '-d', '*.domain.tld', '-d', 'domain.tld', '-d', '*.otherdomain.tld']
2020-12-23 12:22:52,179:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-dns-aliyun:dns-aliyun,PluginEntryPoint#certbot-dns-cpanel:cpanel,PluginEntryPoint#certbot-dns-domeneshop:dns-domeneshop,PluginEntryPoint#certbot-dns-inwx:dns-inwx,PluginEntryPoint#certbot-dns-netcup:dns-netcup,PluginEntryPoint#certbot-dns-njalla:dns-njalla,PluginEntryPoint#certbot-dns-transip:dns-transip,PluginEntryPoint#certbot-plugin-gandi:dns,PluginEntryPoint#certbot-route53:auth,PluginEntryPoint#cpanel,PluginEntryPoint#dns,PluginEntryPoint#dns-aliyun,PluginEntryPoint#dns-cloudflare,PluginEntryPoint#dns-cloudxns,PluginEntryPoint#dns-digitalocean,PluginEntryPoint#dns-dnsimple,PluginEntryPoint#dns-dnsmadeeasy,PluginEntryPoint#dns-domeneshop,PluginEntryPoint#dns-google,PluginEntryPoint#dns-inwx,PluginEntryPoint#dns-linode,PluginEntryPoint#dns-luadns,PluginEntryPoint#dns-netcup,PluginEntryPoint#dns-njalla,PluginEntryPoint#dns-nsone,PluginEntryPoint#dns-ovh,PluginEntryPoint#dns-rfc2136,PluginEntryPoint#dns-route53,PluginEntryPoint#dns-transip,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-12-23 12:22:52,252:DEBUG:certbot._internal.log:Root logging level set at 20
2020-12-23 12:22:52,253:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-12-23 12:22:52,255:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-transip and installer None
2020-12-23 12:22:52,272:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-transip
Description: Obtain certs using a DNS TXT record (if you are using Transip for DNS).
Interfaces: IAuthenticator, IPlugin
Entry point: dns-transip = certbot_dns_transip.dns_transip:Authenticator
Initialized: <certbot_dns_transip.dns_transip.Authenticator object at 0x7f9b57a1f190>
Prep: True
2020-12-23 12:22:52,273:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_transip.dns_transip.Authenticator object at 0x7f9b57a1f190> and installer None
2020-12-23 12:22:52,273:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-transip, Installer None
2020-12-23 12:22:52,349:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/107215074', new_authzr_uri=None, terms_of_service=None), 564d1f80564162e95c2cbfea2b0f520e, Meta(creation_dt=datetime.datetime(2020, 12, 23, 11, 4, 20, tzinfo=<UTC>), creation_host='00a52d21be65', register_to_eff=None))>
2020-12-23 12:22:52,351:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-12-23 12:22:52,359:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-12-23 12:22:52,943:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2020-12-23 12:22:52,944:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 23 Dec 2020 11:23:12 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"H-K_REldppQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2020-12-23 12:22:52,946:DEBUG:certbot.display.util:Notifying user: Requesting a certificate for *.domain.tld and 2 more domains
2020-12-23 12:22:53,162:DEBUG:certbot.crypto_util:Generating RSA key (4096 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
2020-12-23 12:22:53,184:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
2020-12-23 12:22:53,186:DEBUG:acme.client:Requesting fresh nonce
2020-12-23 12:22:53,186:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-12-23 12:22:53,334:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2020-12-23 12:22:53,335:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 23 Dec 2020 11:23:12 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00040yZ4S6V4uG6EzY3syzjx_RfX3FgycKqnKqMbt1PNmpQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2020-12-23 12:22:53,335:DEBUG:acme.client:Storing nonce: 00040yZ4S6V4uG6EzY3syzjx_RfX3FgycKqnKqMbt1PNmpQ
2020-12-23 12:22:53,335:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "*.domain.tld"\n },\n {\n "type": "dns",\n "value": "domain.tld"\n },\n {\n "type": "dns",\n "value": "*.otherdomain.tld"\n }\n ]\n}'
2020-12-23 12:22:53,353:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA3MjE1MDc0IiwgIm5vbmNlIjogIjAwMDQweVo0UzZWNHVHNkV6WTNzeXpqeF9SZlgzRmd5Y0txbktxTWJ0MVBObXBRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "k_JrAoasymOiKtAH7ax5ETP0FVqISr2m7-hqt0wtcay_Bs2r6RwxwBMGPf9a350yordQao8uzCvN9bTzJeT9Pb47F4sbYnpnJfWE2hmglipI_EpPqVFNzrv-JYwJrEglefO_Mu5OZzqeni1ucrMTFBWHH2aDXx7bVM3yB8Q4i3sK3T5R1I-2jdeX-3wcZTT3to2pWO6fAEeukZibVNHWwZHRVIfFB1gK6jYguvVxKd8o1sZvCM2DXVL94i-rHZnRHUT5hzVakW6Z9SuqjeT3o8rRxvs_HlHiydqjCRbMKfY3IYQ7VCSKy0ZDEIvad10vMK_In8hnoFhGEA1dKrPYtkSSBkhgcADvsczOikz2XkY1t8R4bL-mpG8jWSnPljpKtm9E8XtAl7rpn3KJgqyl2tnyFwluQSxsECC_m-ywbfXFb5ak__7DjejRRbaVdbjqTtPxMYgV_xDtNoyfMGLvozq4t08LR6Y_aeA4itPQQN8ZJNt-gq6uGc_wQuvX5WkWrAvsFzbv336wPczMsYI2PBp07On-aSVQxiQi3cYdr-42wQFBtOzvZFQgdajywOKKAWF_Ma8h7rhO6UWXSt0karcTvk4XorPEVgvNQPDjWY6YxrgLH3VpX-9WhuSAeh7m6PflRdsxn8Q0BLUqI3OyvzbvqlBGtb7Lxo50D5ahxfQ",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIiouc2VrcmV0dWEubmwiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAic2VrcmV0dWEubmwiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAiKi5qaWlqLm5sIgogICAgfQogIF0KfQ"
}
2020-12-23 12:22:53,517:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 596
2020-12-23 12:22:53,518:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 23 Dec 2020 11:23:12 GMT
Content-Type: application/json
Content-Length: 596
Connection: keep-alive
Boulder-Requester: 107215074
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/107215074/6899035057
Replay-Nonce: 0004Nb9vCi7Ite4rgFmaj7tBdU22atfa4GTQ-AWyzNxBNWA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2020-12-30T11:04:43Z",
"identifiers": [
{
"type": "dns",
"value": "*.otherdomain.tld"
},
{
"type": "dns",
"value": "*.domain.tld"
},
{
"type": "dns",
"value": "domain.tld"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/9522922351",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/9522922352",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/9522922354"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/107215074/6899035057"
}
2020-12-23 12:22:53,518:DEBUG:acme.client:Storing nonce: 0004Nb9vCi7Ite4rgFmaj7tBdU22atfa4GTQ-AWyzNxBNWA
2020-12-23 12:22:53,519:DEBUG:acme.client:JWS payload:
b''
2020-12-23 12:22:53,536:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/9522922351:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA3MjE1MDc0IiwgIm5vbmNlIjogIjAwMDROYjl2Q2k3SXRlNHJnRm1hajd0QmRVMjJhdGZhNEdUUS1BV3l6TnhCTldBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My85NTIyOTIyMzUxIn0",
"signature": "BRWxFBe7ElomABwdkcte95rzafeym4E_-PERsSMeAdVbrjnK23Oli-7zui7LG52OafLlBrksUCiK2s1A8quhbKpcAtBYRerZUEwL7-AtaIj-WiOpd2suK9oRmHtflaWgNS2_W_4ywMSm3bHhqP8VqT_5Op2xu7r9BFnmaPJB_377vLrXGouc4dESiq9PxEUoT8PIZFzNZHwvOaSRp1N5etwp626llYgYyorx4D1ZmL2uq6caHvaZS3665pigG2XqNp6QJ0HXqSqAMRKGQPwEVfxTe56zUW_0P16wszuCExXqv3XTkpdmyv5IrcXP2UtUA5Zof5p3GFHGSCrd_YGzGESZQx0sNMmXhMLNn8OtG4_rfRC018T9HjX6gpVen8PT745H8WiLQSdmn8SP_fVEYad1kGS99RWHVgXFouZ0mJMqWaAPkWxE049KuDGksH-X4pKnG-HIZCwex9VQghTtTEIitxYSUPHb0x1vcx5VTwWXoY2K3rZLLjk89q5rIHaZwAuAEufs4hN_Eb6HJ_9425kkDogXQzCOy5JGLR-dt1sizZvZfnWTpUgjU8H8-47t2o7_AwfPOtc-r9kaTzfMCTJXLMRzpJ0KWTzcBUCyjGEfrda88V8VjyRY6_3X3aN_oeG8Qzs84fb0ekmmDFp76ChPmLG80zaZVP3-i5FDj98",
"payload": ""
}
2020-12-23 12:22:53,690:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/9522922351 HTTP/1.1" 200 379
2020-12-23 12:22:53,691:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 23 Dec 2020 11:23:13 GMT
Content-Type: application/json
Content-Length: 379
Connection: keep-alive
Boulder-Requester: 107215074
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0004broFzgD2csL52rQkAKcdnob4KyQxh9f6WMWbGRr4lSA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "otherdomain.tld"
},
"status": "pending",
"expires": "2020-12-30T11:04:43Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9522922351/Uh_2eQ",
"token": "_EzYI4bdhekLuBB2D0cw3w9Z6HaXsHFlbhIrCxcPnrQ"
}
],
"wildcard": true
}
2020-12-23 12:22:53,692:DEBUG:acme.client:Storing nonce: 0004broFzgD2csL52rQkAKcdnob4KyQxh9f6WMWbGRr4lSA
2020-12-23 12:22:53,692:DEBUG:acme.client:JWS payload:
b''
2020-12-23 12:22:53,709:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/9522922352:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA3MjE1MDc0IiwgIm5vbmNlIjogIjAwMDRicm9GemdEMmNzTDUyclFrQUtjZG5vYjRLeVF4aDlmNldNV2JHUnI0bFNBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My85NTIyOTIyMzUyIn0",
"signature": "n12wFCqP8ScmuBTMGIxDlCINWx4FTFuDzPvGatZp4mNJzqijkrYsQY1bWOnChX_AhA8mjGgUrp64oP2l9q0A0nOBTerd4nd59cXudHiuB37CcU31y85Q5I-oRCb4IXd0nkbCXjRBDQYWQD-XwOHqAdmg7141J4lhw2KSVecP1WQJ-l-LDvdisjs5fWkmTrrzBgflYKDHGn1vYpbOaVlkdCUbqqRPwGP19YSZjVtNaAo2sGTtb75xMxbWuTE9iqlmZroPER3uKUrDvB6CrrUaM4umdLzCm_NKLCxpZvzNucrW_eWFX61brQppowVP6BTipyjLlr6KTYiVI1kiCrttEUaEbbUUGv6dvIAfXW_0Di74Ebi9HsrVup_w4d3Q1X3QHaeGBlRd1yzPn2Ui_f5q1ZGcAywYyWBkqBDhKVTP_Xq-dYwoDqJ07RjGd178ck8Sm73cPMH3N_QwjiogMwWtMxY7hhaQFP_nHEa3h75JTZlvvUdfOVcQdfbVinJgrPI_jnm1EKuTg1NbaMmQzbdIpDOFgi4LhQtrEY91l_DOscQdR6x-7pIzRKXTJ6Km1NElam4TPkkhGeYlatOCVuWwEoEeD9oGse9afeMCi1X9E56UmL5yRB3zgledPE39I7iiho39EHoIgeyqbeE2C_I9GFxFvqqc4zNhgyK4_MCmtbs",
"payload": ""
}
2020-12-23 12:22:53,864:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/9522922352 HTTP/1.1" 200 383
2020-12-23 12:22:53,865:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 23 Dec 2020 11:23:13 GMT
Content-Type: application/json
Content-Length: 383
Connection: keep-alive
Boulder-Requester: 107215074
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00034-6Q9BXHkghGao0_MkR0i7SQb_oT13MjA1pNIdNxs6M
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "domain.tld"
},
"status": "pending",
"expires": "2020-12-30T11:04:43Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9522922352/RBWMOA",
"token": "eGM8yQp3CXgy9pCm9996NLcpAdBz2zAq1PclS_U-PD8"
}
],
"wildcard": true
}
2020-12-23 12:22:53,865:DEBUG:acme.client:Storing nonce: 00034-6Q9BXHkghGao0_MkR0i7SQb_oT13MjA1pNIdNxs6M
2020-12-23 12:22:53,866:DEBUG:acme.client:JWS payload:
b''
2020-12-23 12:22:53,882:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/9522922354:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA3MjE1MDc0IiwgIm5vbmNlIjogIjAwMDM0LTZROUJYSGtnaEdhbzBfTWtSMGk3U1FiX29UMTNNakExcE5JZE54czZNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My85NTIyOTIyMzU0In0",
"signature": "lt1MZqNmI5A7GGORIMEW9r3y8PjfqliaGTJHhUaAZ_9Nv4P3juRCpwGrtSlFPGruitFaofhR7j7Szc0FgaFIMcuJo-n52cVwFlpgkBqknlAcVkLH_FB7L-t7Gckv4beIMcufbDx7xFl53wDTA0JU7vO0WX_vbG-XUY4nai49ypGGxKbHlFgvSB4I-SaUZgVWlrRjsVVh0V27lgnctcbKEefnnGnd43GQlcloOftMhvz5YAqqLBWGxGJ7-_WHIxuK0ZMqmywAFcsRVumnJ3lemeReCa6Rnkye5rZVJwOSS8EP0r35mjycHjWG92V7PNzHUxE_5WKoXnwfXXDv9_a0_ETgDHprEWHuklGTj-Pyvc99vtOlWqR6AUIduW3FMrx1g-HdkHyI3v_aScgcIpI1X4s-FAg4pA0OzcziELY8QZl59L6rqfgO8YfaRwa8gZoGggr7pylS1OlXSe9X-zBPhgOpYFy4p48Jig68Ap68mOVm8-rZ603PLm-DA57kB9GfSggYHA8oHCuidu76wA4TnCy2H5cphyp0m6Ix1lWNLT1bp99Tee-xcMyiIf9dlm4y_WNggqzw6sraGMdD8yDygYAeSlEQLMUU7_EitTKoAhP4InYRFKSVJSmO6Xp4h9KQdokLH7JakY5F2JdUdLieAd0QV2-h5g-7YNBcaMW0loY",
"payload": ""
}
2020-12-23 12:22:54,038:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/9522922354 HTTP/1.1" 200 789
2020-12-23 12:22:54,039:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 23 Dec 2020 11:23:13 GMT
Content-Type: application/json
Content-Length: 789
Connection: keep-alive
Boulder-Requester: 107215074
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0004tcQEgwFNwY33zCS_iyHzX6JmtnkT7-DkFMo9lhBedtc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "domain.tld"
},
"status": "pending",
"expires": "2020-12-30T11:04:43Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9522922354/hx6SLg",
"token": "Jvdaz6fECDQs2a2FHLyuMkagN136ABJAbLVY5MnoZ9I"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9522922354/NMNWhQ",
"token": "Jvdaz6fECDQs2a2FHLyuMkagN136ABJAbLVY5MnoZ9I"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9522922354/IdSfuQ",
"token": "Jvdaz6fECDQs2a2FHLyuMkagN136ABJAbLVY5MnoZ9I"
}
]
}
2020-12-23 12:22:54,039:DEBUG:acme.client:Storing nonce: 0004tcQEgwFNwY33zCS_iyHzX6JmtnkT7-DkFMo9lhBedtc
2020-12-23 12:22:54,040:INFO:certbot._internal.auth_handler:Performing the following challenges:
2020-12-23 12:22:54,041:INFO:certbot._internal.auth_handler:dns-01 challenge for otherdomain.tld
2020-12-23 12:22:54,041:INFO:certbot._internal.auth_handler:dns-01 challenge for domain.tld
2020-12-23 12:22:54,041:INFO:certbot._internal.auth_handler:dns-01 challenge for domain.tld
2020-12-23 12:22:54,042:WARNING:certbot.plugins.dns_common:Unsafe permissions on credentials configuration file: /config/dns-conf/transip.ini
2020-12-23 12:22:54,055:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3.8/site-packages/certbot/plugins/dns_common.py", line 47, in perform
self._setup_credentials()
File "/usr/lib/python3.8/site-packages/certbot_dns_transip/dns_transip.py", line 58, in _setup_credentials
self.credentials = self._configure_credentials(
File "/usr/lib/python3.8/site-packages/certbot/plugins/dns_common.py", line 172, in _configure_credentials
credentials_configuration.require(required_variables)
File "/usr/lib/python3.8/site-packages/certbot/plugins/dns_common.py", line 272, in require
raise errors.PluginError(
certbot.errors.PluginError: Missing properties in credentials configuration file /config/dns-conf/transip.ini:
* Property "dns_transip_key_file" not found (should be RSA key file(convert with openssl rsa -in transip.key -out decrypted_key)).
* Property "dns_transip_username" not found (should be Transip username).
2020-12-23 12:22:54,055:DEBUG:certbot._internal.error_handler:Calling registered functions
2020-12-23 12:22:54,055:INFO:certbot._internal.auth_handler:Cleaning up challenges
2020-12-23 12:22:54,056:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 8, in <module>
sys.exit(main())
File "/usr/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1412, in main
return config.func(config, plugins)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1293, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 134, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 441, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3.8/site-packages/certbot/plugins/dns_common.py", line 47, in perform
self._setup_credentials()
File "/usr/lib/python3.8/site-packages/certbot_dns_transip/dns_transip.py", line 58, in _setup_credentials
self.credentials = self._configure_credentials(
File "/usr/lib/python3.8/site-packages/certbot/plugins/dns_common.py", line 172, in _configure_credentials
credentials_configuration.require(required_variables)
File "/usr/lib/python3.8/site-packages/certbot/plugins/dns_common.py", line 272, in require
raise errors.PluginError(
certbot.errors.PluginError: Missing properties in credentials configuration file /config/dns-conf/transip.ini:
* Property "dns_transip_key_file" not found (should be RSA key file(convert with openssl rsa -in transip.key -out decrypted_key)).
* Property "dns_transip_username" not found (should be Transip username).
2020-12-23 12:22:54,058:ERROR:certbot._internal.log:Missing properties in credentials configuration file /config/dns-conf/transip.ini:
* Property "dns_transip_key_file" not found (should be RSA key file(convert with openssl rsa -in transip.key -out decrypted_key)).
* Property "dns_transip_username" not found (should be Transip username).
ls -lah /config:
total 56K
drwxr-xr-x 12 abc users 4.0K Dec 23 12:33 .
drwxr-xr-x 1 root root 4.0K Dec 23 12:33 ..
-rw-r--r-- 1 abc users 238 Dec 23 12:33 .donoteditthisfile.conf
drwxr-xr-x 2 abc users 4.0K Dec 23 12:30 crontabs
drwxr-xr-x 2 abc users 4.0K Dec 23 12:31 dns-conf
drwxr-xr-x 3 abc users 4.0K Dec 23 12:30 etc
drwxr-xr-x 4 abc users 4.0K Dec 23 12:30 fail2ban
drwxr-xr-x 2 abc users 4.0K Dec 23 12:30 geoip2db
drwxr-xr-x 2 abc users 4.0K Dec 23 12:33 keys
drwxr-xr-x 6 abc users 4.0K Dec 23 12:30 log
drwxrwxr-x 4 abc users 4.0K Dec 23 12:30 nginx
drwxr-xr-x 2 abc users 4.0K Dec 23 12:30 php
-rw------- 1 abc users 1.7K Dec 23 12:33 transip-rsa.key
drwxrwxr-x 2 abc users 4.0K Dec 23 12:30 wwwtotal 96K
drwxr-xr-x 2 abc users 4.0K Dec 23 12:31 .
drwxr-xr-x 12 abc users 4.0K Dec 23 12:33 ..
-rw-r--r-- 1 abc users 266 Dec 23 12:30 aliyun.ini
-rw-r--r-- 1 abc users 422 Dec 23 12:30 cloudflare.ini
-rw-r--r-- 1 abc users 247 Dec 23 12:30 cloudxns.ini
-rw-r--r-- 1 abc users 331 Dec 23 12:30 cpanel.ini
-rw-r--r-- 1 abc users 245 Dec 23 12:30 digitalocean.ini
-rw-r--r-- 1 abc users 201 Dec 23 12:30 dnsimple.ini
-rw-r--r-- 1 abc users 283 Dec 23 12:30 dnsmadeeasy.ini
-rw-r--r-- 1 abc users 292 Dec 23 12:30 domeneshop.ini
-rw-r--r-- 1 abc users 135 Dec 23 12:30 gandi.ini
-rw-r--r-- 1 abc users 222 Dec 23 12:30 gehirn.ini
-rw-r--r-- 1 abc users 208 Dec 23 12:30 google.json
-rw-r--r-- 1 abc users 344 Dec 23 12:30 inwx.ini
-rw-r--r-- 1 abc users 226 Dec 23 12:30 linode.ini
-rw-r--r-- 1 abc users 232 Dec 23 12:30 luadns.ini
-rw-r--r-- 1 abc users 167 Dec 23 12:30 netcup.ini
-rw-r--r-- 1 abc users 120 Dec 23 12:30 njalla.ini
-rw-r--r-- 1 abc users 182 Dec 23 12:30 nsone.ini
-rw-r--r-- 1 abc users 341 Dec 23 12:30 ovh.ini
-rw-r--r-- 1 abc users 429 Dec 23 12:30 rfc2136.ini
-rw-r--r-- 1 abc users 258 Dec 23 12:30 route53.ini
-rw-r--r-- 1 abc users 237 Dec 23 12:30 sakuracloud.ini
-rw-r--r-- 1 abc users 386 Dec 23 12:32 transip.iniversion: '3.8'
services:
letsencrypt:
image: ghcr.io/linuxserver/swag
container_name: swag
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Amsterdam
- URL=domain.tld
- EXTRA_DOMAINS=*.otherdomain.tld
- SUBDOMAINS=wildcard
- PROPAGATION=240
- VALIDATION=dns
- DNSPLUGIN=transip
volumes:
- /mnt/usb/docker/cert/certbot/config:/config
restart: unless-stopped
labels:
- "traefik.enable=false"Creating network "certbot_default" with the default driver
Creating swag ... done
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/
Brought to you by linuxserver.io
-------------------------------------
To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid: 1000
User gid: 1000
-------------------------------------
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=1000
PGID=1000
TZ=Europe/Amsterdam
URL=domain.tld
SUBDOMAINS=wildcard
EXTRA_DOMAINS=*.otherdomain.tld
ONLY_SUBDOMAINS=false
VALIDATION=dns
DNSPLUGIN=transip
EMAIL=
STAGING=
SUBDOMAINS entered, processing
Wildcard cert for domain.tld will be requested
EXTRA_DOMAINS entered, processing
Extra domains processed are: -d *.otherdomain.tld
No e-mail address entered or address invalid
dns validation via transip plugin is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugin legacy name certbot-dns-transip:dns-transip may be removed in a future version. Please use dns-transip instead.
Plugins selected: Authenticator certbot-dns-transip:dns-transip, Installer None
Requesting a certificate for *.domain.tld and 2 more domains
Performing the following challenges:
dns-01 challenge for otherdomain.tld
dns-01 challenge for domain.tld
dns-01 challenge for domain.tld
Unsafe permissions on credentials configuration file: /config/dns-conf/transip.ini
Successfully added TXT record
Successfully added TXT record
Successfully added TXT record
Waiting 240 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges
Removing TXT record with name: _acme-challenge
Removing TXT record with name: _acme-challenge
Removing TXT record with name: _acme-challenge
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/domain.tld/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/domain.tld/privkey.pem
Your cert will expire on 2021-03-23. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
New certificate generated; starting nginx
Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,
and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key.
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-renew: executing...
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[cont-init.d] 60-renew: exited 0.
[cont-init.d] 70-templates: executing...
ls: cannot access '/config/nginx/proxy-confs/*.conf': No such file or directory
[cont-init.d] 70-templates: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
Server readyHmm, can you edit the ini file for transip and change the key certbot_dns_transip:dns_transip_username to dns_transip_username and certbot_dns_transip:dns_transip_key_file to dns_transip_key_file?
prov3it
commented
3 years ago Hi @aptalca,
That worked. I did have to make a change though. I was not able to request a certificate for domain.tld:
2020-12-26 13:07:23,662:WARNING:certbot_dns_transip.dns_transip._TransipClient:Error getting DNS records using the Transip API: retry in 5 seconds
2020-12-26 13:07:29,046:WARNING:certbot_dns_transip.dns_transip._TransipClient:Error getting DNS records using the Transip API: retry in 10 seconds
2020-12-26 13:07:41,378:WARNING:certbot_dns_transip.dns_transip._TransipClient:Error getting DNS records using the Transip API: retry in 20 seconds
2020-12-26 13:08:02,644:WARNING:certbot_dns_transip.dns_transip._TransipClient:Error getting DNS records using the Transip API: retry in 40 secondsWhich is weird because it only said it when working with domain.tld. I replaced domain.tld with otherdomain.tld and left out the EXTRA_DOMAINS environment variable. That worked. So there is nothing wrong with the api or the key i provided. Where can i report this issue? Is this @ hsmade/certbot-dns-transip ?
aptalca
commented
3 years ago It's weird that it worked with one domain but not the other. Perhaps the propagation needed to be longer?
You can try with a longer propagation and if still doesn't work, you can report it to the plugin owner.
You can also let him know to update his docs with the new examples (new plugin name and new credential/ini entries)
prov3it
commented
3 years ago It's weird that it worked with one domain but not the other. Perhaps the propagation needed to be longer?
The only difference between the domains is the fact i wont be renewing it after the expiration date.
You can also let him know to update his docs with the new examples (new plugin name and new credential/ini entries) Ehh, i have no idea what you're talking about right now. Did you create the image so you can tell me what i have to do? I dont know github at all.
aptalca
commented
3 years ago This is the GitHub repo of the transip certbot plugin that we install in swag: https://github.com/hsmade/certbot-dns-transip
You should report your errors there. Also, his docs are still referring to the old style plugin name and credentials naming scheme.
the certbot-dns-transip:dns-transip plugin is about to be deprecated:
Plugin legacy name certbot-dns-transip:dns-transip may be removed in a future version. Please use dns-transip instead.