search

oGGy990 / certbot-dns-inwx

INWX DNS authenticator plugin for certbot
Apache License 2.0
105 stars 16 forks source link

Authentication error (Error code 2200) #26

Closed tuximail closed 2 years ago

tuximail commented 2 years ago

My setup worked and is unchanged for years. Certs where renewed every 3 months automatically by this plugin - so it worked before and now fails suddenly with the following error:

2022-08-21 08:49:42,703:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-08-21 08:49:42,704:INFO:certbot._internal.auth_handler:dns-01 challenge for xxxxxxx
2022-08-21 08:49:45,991:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot-dns-inwx/current/lib/python3.8/site-packages/certbot_dns_inwx/dns_inwx.py", line 133, in __init__
    login = self.inwx.account.unlock({'tan': getOTP(secret)})
  File "/snap/certbot/2192/usr/lib/python3.8/xmlrpc/client.py", line 1109, in __call__
    return self.__send(self.__name, args)
  File "/snap/certbot-dns-inwx/current/lib/python3.8/site-packages/certbot_dns_inwx/inwx.py", line 74, in __request
    raise NameError('There was a problem: %s (Error code %s)' % (apiReturn['msg'], apiReturn['code']), apiReturn)
NameError: ('There was a problem: Authentication error (Error code 2200)', {'code': 2200, 'msg': 'Authentication error', 'reasonCode': 'INVALID', 'reason': 'The confirmation code is invalid.', 'details': [{'code': 'ACCOUNT_UNLOCK_FAILED', 'msg': 'The confirmation code is invalid'}], 'svTRID': '20220821-966281273', 'runtime': 3.0048})

Versions used:

$ snap list
Name              Version    Rev    Tracking       Publisher     Notes
certbot           1.29.0     2192   latest/stable  certbot-eff✓  classic
certbot-dns-inwx  2.1.3      1      latest/stable  oggy          -

Python: python3 3.9.2-3

Please let me know if there is anything I can do to assist with the analysis of this issue

oGGy990 commented 2 years ago

Hi @tuximail !

The error basically says your two-factor authentication has failed. Have you recently changed it? Has your inwx.cfg file been modified? The TFA is time-based, is your servers date/time out of sync?

I just tried to renew the certificates using the same snap packages manually on one of my servers and it worked fine (also using TFA). So I'm not able to reproduce the issue. There's also no noteworthy change mentioned here https://github.com/inwx/python-client or in the API docs.

tuximail commented 2 years ago

is your servers date/time out of sync? That was it! Could have thought of that my own - thank you! As I knew I did not change the configuration, I assumed the errors was on the programs/API side but actually I did an upgrade which apparently set my time 2 minutes off. After fixing that it worked flawlessly. Thanks for the suppoort!