search

oGGy990 / certbot-dns-inwx

INWX DNS authenticator plugin for certbot
Apache License 2.0
105 stars 16 forks source link

Make dns_inwx_shared_secret optional #4

Open adiesner opened 6 years ago

adiesner commented 6 years ago

Fixes error:

> certbot certonly -a certbot-dns-inwx:dns-inwx -d example.com --agree-tos -m "info@example.com" -n
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator certbot-dns-inwx:dns-inwx, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for example.com
Cleaning up challenges
Missing property in credentials configuration file /etc/letsencrypt/inwx.cfg:
 * Property "certbot_dns_inwx:dns_inwx_shared_secret" not set (should be Optional shared secret code for the two-factor authentication assigned to the INWX API account.).

See: https://certbot.eff.org/docs/api/plugins/dns_common.html#certbot.plugins.dns_common.DNSAuthenticator._configure_credentials

Configuration file looked like this:

certbot_dns_inwx:dns_inwx_url           = https://api.domrobot.com/xmlrpc/
certbot_dns_inwx:dns_inwx_username      = your_username
certbot_dns_inwx:dns_inwx_password      = "your_password"
certbot_dns_inwx:dns_inwx_shared_secret =

BTW: Thank you for your effort of creating this!

oGGy990 commented 6 years ago

Hello Andreas,

sorry for my late reaction. I've been on vacation for the last couple weeks and haven't had the time to look into it.

Your changes look good to me, except one thing: now that the requirement for the existence of the 'shared_secret' key is gone, the value needs to be checked before being used.

That is, line 87 of dns_inwx.py should be extended to raise a plugin error, stating that the API account requires a valid 2-factor authenticaton secret which was not provided.