search

obynio / certbot-plugin-gandi

Certbot plugin for authentication using Gandi LiveDNS
https://pypi.org/project/certbot-plugin-gandi/
MIT License
194 stars 27 forks source link

Unable to get base domain #36

Closed brknkfr closed 1 year ago

brknkfr commented 1 year ago

I'm running a debian bullseye system with the package python3-certbot-dns-gandi version 1.2.5-3. Recently communication with Gandi Livedns Api stopped working (as already mentioned in https://github.com/obynio/certbot-plugin-gandi/issues/35). I manually applied https://github.com/obynio/certbot-plugin-gandi/pull/34/commits/a446c6c2506fec79793894a6fc2146b4a3f02169 (https://github.com/obynio/certbot-plugin-gandi/pull/34), but it's still not working.

$ certbot renew --cert-name domain.tld --dry-run --debug-challenges
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/domain.tld.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator dns, Installer nginx
Simulating renewal of an existing certificate for domain.tld and www.domain.tld
Performing the following challenges:
dns-01 challenge for domain.tld
dns-01 challenge for www.domain.tld
Cleaning up challenges
Unable to find or delete the DNS TXT record: Unable to get base domain for "domain.tld"
Unable to find or delete the DNS TXT record: Unable to get base domain for "www.domain.tld"
Failed to renew certificate domain.tld with error: An error occurred adding the DNS TXT record: Unable to get base domain for "domain.tld"

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/domain.tld/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

Somehow there is probably a wrong query somewhere. It's probably the function _get_base_domain in gandi_api.py, but I'm not that fluent in python.

Full log of above request.

2022-08-11 10:21:04,133:DEBUG:certbot._internal.main:certbot version: 1.12.0
2022-08-11 10:21:04,134:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-08-11 10:21:04,134:DEBUG:certbot._internal.main:Arguments: ['--cert-name', 'domain.tld', '--dry-run', '--debug-challenges']
2022-08-11 10:21:04,134:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-plugin-gandi:dns,PluginEntryPoint#dns,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-08-11 10:21:04,179:DEBUG:certbot._internal.log:Root logging level set at 20
2022-08-11 10:21:04,179:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2022-08-11 10:21:04,180:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/domain.tld.conf
2022-08-11 10:21:04,187:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f602813db80> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f602813db80>
2022-08-11 10:21:04,187:DEBUG:certbot._internal.cli:Var dry_run=True (set by user).
2022-08-11 10:21:04,187:DEBUG:certbot._internal.cli:Var server={'dry_run', 'staging'} (set by user).
2022-08-11 10:21:04,187:DEBUG:certbot._internal.cli:Var account={'server'} (set by user).
2022-08-11 10:21:04,205:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2022-08-11 10:21:04,213:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2022-08-11 10:21:04,214:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/domain.tld/cert6.pem is signed by the certificate's issuer.
2022-08-11 10:21:04,216:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/domain.tld/cert6.pem is: OCSPCertStatus.GOOD
2022-08-11 10:21:04,221:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2022-08-27 21:55:06 UTC.
2022-08-11 10:21:04,221:INFO:certbot._internal.renewal:Cert is due for renewal, auto-renewing...
2022-08-11 10:21:04,221:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns and installer nginx
2022-08-11 10:21:06,185:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f6028351790>
Prep: True
2022-08-11 10:21:06,186:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns
Description: Obtain certificates using a DNS TXT record (if you are using Gandi for DNS).
Interfaces: IAuthenticator, IPlugin
Entry point: dns = certbot_plugin_gandi.main:Authenticator
Initialized: <certbot_plugin_gandi.main.Authenticator object at 0x7f6027dcca60>
Prep: True
2022-08-11 10:21:06,186:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_plugin_gandi.main.Authenticator object at 0x7f6027dcca60> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f6028351790>
2022-08-11 10:21:06,186:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns, Installer nginx
2022-08-11 10:21:06,207:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/64105154', new_authzr_uri=None, terms_of_service=None), 80897d43a455c9f61fe330fa0eb2cffd, Meta(creation_dt=datetime.datetime(2022, 8, 11, 7, 0, 20, tzinfo=<UTC>), creation_host='localhost', register_to_eff=None))>
2022-08-11 10:21:06,208:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2022-08-11 10:21:06,209:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2022-08-11 10:21:06,657:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 822
2022-08-11 10:21:06,657:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 11 Aug 2022 08:21:06 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-aaron-ari/renewalInfo/",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert",
  "ypX3PU-Xdw4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2022-08-11 10:21:06,658:DEBUG:certbot.display.util:Notifying user: Simulating renewal of an existing certificate for domain.tld and www.domain.tld
2022-08-11 10:21:07,529:DEBUG:acme.client:Requesting fresh nonce
2022-08-11 10:21:07,529:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2022-08-11 10:21:07,681:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-08-11 10:21:07,681:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 11 Aug 2022 08:21:07 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001OPdzQDnygyXeH852luRDB9-sFGqz7V9nOhUa4qaPHFo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2022-08-11 10:21:07,681:DEBUG:acme.client:Storing nonce: 0001OPdzQDnygyXeH852luRDB9-sFGqz7V9nOhUa4qaPHFo
2022-08-11 10:21:07,682:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "domain.tld"\n    },\n    {\n      "type": "dns",\n      "value": "www.domain.tld"\n    }\n  ]\n}'
2022-08-11 10:21:07,687:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82NDEwNTE1NCIsICJub25jZSI6ICIwMDAxT1BkelFEbnlneVhlSDg1Mmx1UkRCOS1zRkdxejdWOW5PaFVhNHFhUEhGbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "g7c_GV9PbiaRp5CpJHUhaDA9q0Z8yU-G1ki62Qh_GWYmogDrDkBlJRxHbmSmguPyt2f_9puLQqQ5URE7fDM1gufeqURjAFYVDagD3zrvg9ENShIOdewFaWGkuHhJ1_uDbrWYQTrIo4B0lb79GHKpzC8KLWfv_UdCe51QpGx5hjOQFJ82IjpdTcwAifHV8_O9MtiT7BL136h8Uq1JVEg-USkFKUpZ3NSAJTvkZx6RaB5fXfdRu3xdeEKBuWM2vYIfPae4uczVPxKHKggu_AQqT24uF7GjrakeKv25UczT3AZwcawdB6Hw0NNE2g7q4mz9zRq407TG7ZXqYi0nlBaIQyyhvfWkth-0JzaxtBvk3ojEc6c0h8OzIP8M_3IDE31e_i32S0AYupY8RZgvp3Bo73uThvCep1Yj2_Y_WGp9Y2qiG-O9wjNZTYVerB7A7kKoe-KncKHnGYYoZOhVXpJRiDcXczTm4FRFlfiUZpBIh2EaZE7KJ3BSEr2jILDh4bfFedKNMOKbbSKxBHUbvQQLCIWWrlGrROx0Z2L1_C2aKKPdBtnX2IT9FnIcyRgGHLydym4frzerMYcQI0wFK3d6eVRiJ11wzyJjy7zF0CpEDWXniPXItL_fWMHEq8oE05n8lz-FMunGbkYJvRT34phM9MF7B4WmZb8tPpUS_qP8pS4",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImVsc2llLnBob3RvIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5lbHNpZS5waG90byIKICAgIH0KICBdCn0"
}
2022-08-11 10:21:07,840:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 491
2022-08-11 10:21:07,840:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 11 Aug 2022 08:21:07 GMT
Content-Type: application/json
Content-Length: 491
Connection: keep-alive
Boulder-Requester: 64105154
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/64105154/3598910284
Replay-Nonce: 0001GHoPcPHV2jJPvmhW6jS9dKUAfp9krFkfmTOovQoOmgM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-08-18T07:00:23Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "domain.tld"
    },
    {
      "type": "dns",
      "value": "www.domain.tld"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3302248624",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3302248634"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/64105154/3598910284"
}
2022-08-11 10:21:07,840:DEBUG:acme.client:Storing nonce: 0001GHoPcPHV2jJPvmhW6jS9dKUAfp9krFkfmTOovQoOmgM
2022-08-11 10:21:07,840:DEBUG:acme.client:JWS payload:
b''
2022-08-11 10:21:07,846:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3302248624:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82NDEwNTE1NCIsICJub25jZSI6ICIwMDAxR0hvUGNQSFYyakpQdm1oVzZqUzlkS1VBZnA5a3JGa2ZtVE9vdlFvT21nTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zMzAyMjQ4NjI0In0",
  "signature": "Cp9-EURpOaZfJdSp_KFYunxeXr1cA4KO4jaJf-7n1Tqyi_dL0zxNWXnZG0RVRnOb7osDoSYDRHlJYNc1pzxAPSqavGYiTbE6x17L-gGUg-dIVxhvKyJYJ2MTzuMvPisffXApHYR7cLQrH8rqT0gUTJdvVaHxSCZRU7J8oZrcWxtAfm0I8SihxUcHvT3ATNbeAWNcKInjAZuJvGM8K2fquSxtQMuFDi3vRzCa3I6WG6r3SOw15KbzOUOjtX3GFqgZZrRTCrPGFHxYXeGi8c1m0zXFDLOfVHtxSJ4YKJR7TVoOi-nN4osTtNsE8O4wwEajZlaKxxeE_Zbxw97b4vBD6BBdnk3caD6sNu4dgCIjpQkNo1zIF-o_8MBO33vhdkVAHY2B7Lf8AK3SQZb1YI25t6vRrOaF8bdL9Wr0YmPXOGVqvRQ21-_8Sg8Nyw0pTH9MapGxK8lzh7o2VB7ndRS1kqnLq3OfSNUn59u9gDFEJlkk0-0anuDF5EbUXgb43-15iIM_uivI3lrBfaVWRfqY_4U2gnhETxazAgePLzZbONeOfXhDCqTorTVqbPxgC2LoQ8JhR6-SxQti5lDv0QZDxF_El69_y0FtcT5w7eS1s49beAJ2Q70quQOrPdAS75Q58QJIscjajPt22E-RrN-9XX9rCPrVmJdCCPxDg2KbMMI",
  "payload": ""
}
2022-08-11 10:21:07,997:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3302248624 HTTP/1.1" 200 813
2022-08-11 10:21:07,997:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 11 Aug 2022 08:21:07 GMT
Content-Type: application/json
Content-Length: 813
Connection: keep-alive
Boulder-Requester: 64105154
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001GdE6mL5grL4M7aKhivpOf5_-KbAn_tjWDBkOSxvG2rQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "domain.tld"
  },
  "status": "pending",
  "expires": "2022-08-18T07:00:23Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3302248624/32jdHg",
      "token": "rvUcqCUcheEoeiAEXMT-C78AFO9Xc9wh_87WGpyo8qw"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3302248624/OW6X2g",
      "token": "rvUcqCUcheEoeiAEXMT-C78AFO9Xc9wh_87WGpyo8qw"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3302248624/jIPRsA",
      "token": "rvUcqCUcheEoeiAEXMT-C78AFO9Xc9wh_87WGpyo8qw"
    }
  ]
}
2022-08-11 10:21:07,997:DEBUG:acme.client:Storing nonce: 0001GdE6mL5grL4M7aKhivpOf5_-KbAn_tjWDBkOSxvG2rQ
2022-08-11 10:21:07,997:DEBUG:acme.client:JWS payload:
b''
2022-08-11 10:21:08,003:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3302248634:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82NDEwNTE1NCIsICJub25jZSI6ICIwMDAxR2RFNm1MNWdyTDRNN2FLaGl2cE9mNV8tS2JBbl90aldEQmtPU3h2RzJyUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zMzAyMjQ4NjM0In0",
  "signature": "XVI0EX8tx6AMIzJo2ckJYY47pWxgmoonE2vinLmL7cfo6wrXjzpfau7ixpPFjWyJwq68b_Rrd5dfKyWD4ugxeCVuNSHzMglA9LHyc8RDTNsA3g9mimE3H_YRg4THD2BsJhan8tztFnz-1CMuw0ZJxYrtNZ2Ooj-06yvgvb0_hqKTMs-q0HrdT9Ww05DuzfYhYVXBYlQMV9Az73zhZlRgVncfz_h-OPyXaQOTr66VlGGGPOc3Lz0D7h0NG2-GHD7LltQgskL0FhfV222K3JU7c8yW91hGBrp5J_OYW0JrRicD9OwBVLdwoV6K8cGVveiwIP09YAn6WadXQ1ak6aaqPvBfqFHt78USiyUnOa_2dJuE2t4hJBSupzK2ZggxktmIfDpHAclcPJliKp8HgsA9ucFZltJRaOw9FTdjw2JPa2YlEMuijOtaXUlCG5EkKz_dpSfET-rixxUwJeQ7hsjYZ8HFWlm1-hpB-ofCzMuOMowhm1tJ7QfFBulL2EQrkgikd3E1WF_R0QYnvvU1sHy2hYFBJsLwp8OvzyApvpPSP-dWF-7UcFE9syJNt-rQbIKK0mGn5TqT-MelyWyzyfIL8kPA3BSPAGUpN1Uea-KByolwmdlOaCzzx1TggPnnaV25FsqkzKOPe9M2K-62HF2w7615xhCfkdokcZmEMs5ArUc",
  "payload": ""
}
2022-08-11 10:21:08,153:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3302248634 HTTP/1.1" 200 817
2022-08-11 10:21:08,154:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 11 Aug 2022 08:21:08 GMT
Content-Type: application/json
Content-Length: 817
Connection: keep-alive
Boulder-Requester: 64105154
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00010M8vyS9R9mnzrmCCzPUt5_vbB4Jr149WPjj7An2gBlg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.domain.tld"
  },
  "status": "pending",
  "expires": "2022-08-18T07:00:23Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3302248634/COfA3g",
      "token": "s3cQWnxR0ptUATieKmmklTb-gitdjsjcHnpnL-aH1WI"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3302248634/QxrSJg",
      "token": "s3cQWnxR0ptUATieKmmklTb-gitdjsjcHnpnL-aH1WI"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3302248634/CgJcbw",
      "token": "s3cQWnxR0ptUATieKmmklTb-gitdjsjcHnpnL-aH1WI"
    }
  ]
}
2022-08-11 10:21:08,154:DEBUG:acme.client:Storing nonce: 00010M8vyS9R9mnzrmCCzPUt5_vbB4Jr149WPjj7An2gBlg
2022-08-11 10:21:08,154:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-08-11 10:21:08,154:INFO:certbot._internal.auth_handler:dns-01 challenge for domain.tld
2022-08-11 10:21:08,155:INFO:certbot._internal.auth_handler:dns-01 challenge for www.domain.tld
2022-08-11 10:21:08,156:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443
2022-08-11 10:21:08,247:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/domain.tld HTTP/1.1" 400 None
2022-08-11 10:21:08,249:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443
2022-08-11 10:21:08,301:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/photo HTTP/1.1" 400 None
2022-08-11 10:21:08,303:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/usr/lib/python3/dist-packages/certbot/plugins/dns_common.py", line 57, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/usr/lib/python3/dist-packages/certbot_plugin_gandi/main.py", line 59, in _perform
    raise errors.PluginError('An error occurred adding the DNS TXT record: {0}'.format(error))
certbot.errors.PluginError: An error occurred adding the DNS TXT record: Unable to get base domain for "domain.tld"

2022-08-11 10:21:08,303:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-08-11 10:21:08,303:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-08-11 10:21:08,304:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443
2022-08-11 10:21:08,356:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/domain.tld HTTP/1.1" 400 None
2022-08-11 10:21:08,357:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443
2022-08-11 10:21:08,410:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/photo HTTP/1.1" 400 None
2022-08-11 10:21:08,411:WARNING:certbot_plugin_gandi.main:Unable to find or delete the DNS TXT record: Unable to get base domain for "domain.tld"
2022-08-11 10:21:08,412:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443
2022-08-11 10:21:08,465:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/www.domain.tld HTTP/1.1" 400 None
2022-08-11 10:21:08,467:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443
2022-08-11 10:21:08,518:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/domain.tld HTTP/1.1" 400 None
2022-08-11 10:21:08,520:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443
2022-08-11 10:21:08,571:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/photo HTTP/1.1" 400 None
2022-08-11 10:21:08,572:WARNING:certbot_plugin_gandi.main:Unable to find or delete the DNS TXT record: Unable to get base domain for "www.domain.tld"
2022-08-11 10:21:08,573:ERROR:certbot._internal.renewal:Failed to renew certificate domain.tld with error: An error occurred adding the DNS TXT record: Unable to get base domain for "domain.tld"
2022-08-11 10:21:08,573:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 485, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1234, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 123, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 345, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/usr/lib/python3/dist-packages/certbot/plugins/dns_common.py", line 57, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/usr/lib/python3/dist-packages/certbot_plugin_gandi/main.py", line 59, in _perform
    raise errors.PluginError('An error occurred adding the DNS TXT record: {0}'.format(error))
certbot.errors.PluginError: An error occurred adding the DNS TXT record: Unable to get base domain for "domain.tld"

2022-08-11 10:21:08,573:DEBUG:certbot.display.util:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-08-11 10:21:08,573:ERROR:certbot._internal.renewal:All simulated renewals failed. The following certificates could not be renewed:
2022-08-11 10:21:08,574:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/domain.tld/fullchain.pem (failure)
2022-08-11 10:21:08,574:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-08-11 10:21:08,574:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.12.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1413, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1317, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 510, in handle_renewal_request
    raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2022-08-11 10:21:08,574:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
JulienPalard commented 1 year ago

Tried #34 using pip install --force-reinstall git+https://github.com/obynio/certbot-plugin-gandi, it works, It may be a good time for a release..

obynio commented 1 year ago

A release has been done. 1.4.0 is now out.