search

oGGy990 / certbot-dns-inwx

INWX DNS authenticator plugin for certbot
Apache License 2.0
105 stars 16 forks source link

Shared Secret issue: Incorrect padding #9

Closed podcasthosting closed 6 years ago

podcasthosting commented 6 years ago

I am trying to use your plugin. Installation went through. The plugin is recognized. Using the plugin I stumble across the following error. I have 2FA enabled and pass the active code. It could be just my lack of knowledge for Python but this seems strange to me.

Encountered exception during recovery: 
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
    resp = self._solve_challenges(aauthzrs)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 126, in _solve_challenges
    resp = self.auth.perform(all_achalls)
  File "/usr/lib/python3/dist-packages/certbot/plugins/dns_common.py", line 57, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/root/bin/certbot-dns-inwx/certbot_dns_inwx/dns_inwx.py", line 95, in _perform
    self._get_inwx_client().add_txt_record(domain, resolved, validation, self.ttl)
  File "/root/bin/certbot-dns-inwx/certbot_dns_inwx/dns_inwx.py", line 109, in _get_inwx_client
    self.credentials.conf('shared_secret'))
  File "/root/bin/certbot-dns-inwx/certbot_dns_inwx/dns_inwx.py", line 128, in __init__
    login = self.inwx.account.unlock({'tan': getOTP(secret)})
  File "/root/bin/certbot-dns-inwx/certbot_dns_inwx/inwx.py", line 19, in getOTP
    key = base64.b32decode(shared_secret, True)
  File "/usr/lib/python3.5/base64.py", line 206, in b32decode
    raise binascii.Error('Incorrect padding')
binascii.Error: Incorrect padding

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/error_handler.py", line 108, in _call_registered
    self.funcs[-1]()
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 310, in _cleanup_challenges
    self.auth.cleanup(achalls)
  File "/usr/lib/python3/dist-packages/certbot/plugins/dns_common.py", line 76, in cleanup
    self._cleanup(domain, validation_domain_name, validation)
  File "/root/bin/certbot-dns-inwx/certbot_dns_inwx/dns_inwx.py", line 99, in _cleanup
    self._get_inwx_client().del_txt_record(domain, resolved, validation)
  File "/root/bin/certbot-dns-inwx/certbot_dns_inwx/dns_inwx.py", line 109, in _get_inwx_client
    self.credentials.conf('shared_secret'))
  File "/root/bin/certbot-dns-inwx/certbot_dns_inwx/dns_inwx.py", line 128, in __init__
    login = self.inwx.account.unlock({'tan': getOTP(secret)})
  File "/root/bin/certbot-dns-inwx/certbot_dns_inwx/inwx.py", line 19, in getOTP
    key = base64.b32decode(shared_secret, True)
  File "/usr/lib/python3.5/base64.py", line 206, in b32decode
    raise binascii.Error('Incorrect padding')
binascii.Error: Incorrect padding
An unexpected error occurred:
binascii.Error: Incorrect padding
oGGy990 commented 6 years ago

Have you entered the 6 digit number that changes every 30 seconds or your OTP key? The correct value looks something like this: EELTWFL55ESIHPTJAAHBCY7LXBZARUOJ

You were given this key when setting up your 2FA at INWX.

podcasthosting commented 6 years ago

You´ve got me. I entered the 6 digit code and wondered how that would work on a longer term. I just disabled and re-enabled the 2FA to find the OTP code.

Thank you that did the trick! You can close the ticket.