Closed RolandVExp closed 1 year ago
Maybe, the plugin has to be updated with those instructions : Writing your own plugin snap
Hi @RolandVExp, I also needed this feature so I build my own snap using the instructions given in https://github.com/certbot/certbot/tree/master/tools/snap.
I had to tweak it a bit to adapt it to this plugin and also I had to made some changes to the setup.py
that's why am pulling from my fork. I'll share what I change from the original post :
These instructions are recommended when testing anything about the snap setup for ease of debugging. The architecture of the built snap is limited to the architecture of the system it is built on.
These steps need to be done once to set up your VM and do not need to be run again to rebuild the snap.
adduser certbot && usermod -aG sudo certbot && su - certbot
.sudo apt update && sudo apt install -y git python
.sudo snap install lxd && sudo /snap/bin/lxd.migrate -yes; sudo /snap/bin/lxd waitready && sudo /snap/bin/lxd init --auto
(errors here are ok; it may already have been installed on your system).sudo usermod -a -G lxd ${USER} && newgrp lxd
.sudo snap install --classic snapcraft
.cd ~
(or any other directory where you want our source files to be)git clone git://github.com/certbot/certbot
cd certbot
(All further instructions are relative to this directory.)If the snap has been built before, the instructions below clean up the build environment so it can reliably be used again.
snapcraft clean --use-lxd
mv certbot_*_amd64.snap certbot_amd64.snap.bak
These are the steps to build and install the Certbot snap. If you have run these steps before, you may want to run the commands in the section above to clean things up or save a previous build before building the snap again (running snapcraft
again will overwrite the previous snap).
snapcraft --use-lxd
.sudo snap install --dangerous --classic certbot_*_amd64.snap
. You can transfer the snap to a different machine to run it there instead if you prefer.Run Certbot as normal. For example, certbot plugins
should display the Apache and Nginx plugins.
These instructions use the certbot-dns-gandi
plugin as an example, but all of Certbot's other plugin snaps can be built in the same way.
If the plugin snap has been built before, the instructions below clean up the build environment so it can reliably be used again.
git clone git://github.com/kalemontes/certbot-plugin-gandi
mv certbot-plugin-gandi/ certbot-dns-gandi
cd certbot-dns-gandi
snapcraft clean --use-lxd
mv certbot-dns-gandi_*_amd64.snap certbot-dns-gandi_amd64.snap.bak
cd ..
These are the steps to build and install the Certbot Gandi plugin snap. If you have run these steps before, you may want to run the commands in the section above to clean things up or save a previous build before building the snap again (running snapcraft
again will overwrite the previous snap).
tools/snap/generate_dnsplugins_all.sh
to generate all necessary files for all plugin snaps.cd certbot-dns-gandi
snapcraft --use-lxd
sudo snap set certbot trust-plugin-with-root=ok
.sudo snap install --dangerous certbot-dns-gandi_*_amd64.snap
(for me it was sudo snap install --dangerous certbot-dns-gandi_1.2.5_amd64.snap
). Again, you can transfer the snap to a different machine to run it there instead if you prefer.sudo snap connect certbot:plugin certbot-dns-gandi
.sudo snap connect certbot-dns-gandi:certbot-metadata certbot:certbot-metadata
. Install the plugin again to test refresh; if the plugin's hook creates any logs, they are at /var/snap/certbot-dns-gandi/current/debuglog
.Run Certbot as normal. For example, certbot plugins
should display the Gandy plugin as installed.
So
certbot plugins | grep dns-gandi
displayscertbot@vagrant:~/certbot/certbot-dns-gandi$ certbot plugins | grep dns-gandi * dns-gandi Entry point: dns-gandi = certbot_plugin_gandi.main:Authenticator
I had to add the option
-a dns-gandi
in order to “specify a combination of distinct authenticator and installer plugins” (using--dns-gandi
didn’t work for me), socertbot certonly --noninteractive --agree-tos -a dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi.ini --email mail@mailexample.com -d *.mydomain.com
displayscertbot@vagrant:~/certbot/certbot-dns-gandi$ certbot certonly --noninteractive --agree-tos -a dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi.ini --email mail@mailexample.com -d *.mydomain.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-gandi, Installer None Requesting a certificate for *.mydomain.com Performing the following challenges: dns-01 challenge for mydomain.com Waiting 10 seconds for DNS changes to propagate Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/mydomain.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/mydomain.com/privkey.pem Your cert will expire on 2021-03-15. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Info : change
--email mail@mailexample.com -d *.mydomain.com
with your own.
It would be great if the snap was provided out of the box, but I don't know how to publish, and I would leave this task to @obynio.
Hello guys, sorry for not responding 🙏 I'm not a big fan of the snap package system but I'll try to dedicate a bit of time to build this snap.
Thanks for providing detailed instructions @kalemontes that will be very helpful 👍
Thanks a lot @kalemontes for these instructions !
@obynio you might want include a warning in the README that using your instructions will install certbot via pip (e.g. in /usr/local/bin/certbot) and this will conflict with the snap version of certbot (which is now the preferred version and requires that you delete all other versions). This can lead to confusing setups with different plugins for each version (e.g. I ended up with a local version of certbot with the certbot-dns-gandi plugin but no Apache installer, alongside the snap version of certbot having all the standard plugins but not the certbot-dns-gandi plugin).
Ah, this makes sense! I'm still getting unrecognized arguments: --dns-gandi-credentials
. Would love snap support, but my certificate expires in several hours, so I'll try to get it together with pip for now.
Remember: always save chores til the last minute so when APIs change and scripts stop working you can feel alive again.
@obynio Is it me or this plugin cannot be installed with snapd ? Is it possible to re-open this issue ?
Regards
It cannot for now. I haven't been working on it yet.
Hello, first, thanks a lot for your plugin. I've been using it for a long time along with a cetbot-auto installation. This kind of installation is unfortunately not anymore available for my OS (Debian).
So I have to switch to the officially supported "snap" installation mode described here
The problem is I don't know how to install your plugin with this mode.
pip install certbot-plugin-gandi
does work but is no detected by the snap installationCan you please help me ? Thanks !