Closed brknkfr closed 1 year ago
I'm running a debian bullseye system with the package python3-certbot-dns-gandi version 1.2.5-3. Recently communication with Gandi Livedns Api stopped working (as already mentioned in https://github.com/obynio/certbot-plugin-gandi/issues/35). I manually applied https://github.com/obynio/certbot-plugin-gandi/pull/34/commits/a446c6c2506fec79793894a6fc2146b4a3f02169 (https://github.com/obynio/certbot-plugin-gandi/pull/34), but it's still not working.
python3-certbot-dns-gandi
$ certbot renew --cert-name domain.tld --dry-run --debug-challenges Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/domain.tld.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator dns, Installer nginx Simulating renewal of an existing certificate for domain.tld and www.domain.tld Performing the following challenges: dns-01 challenge for domain.tld dns-01 challenge for www.domain.tld Cleaning up challenges Unable to find or delete the DNS TXT record: Unable to get base domain for "domain.tld" Unable to find or delete the DNS TXT record: Unable to get base domain for "www.domain.tld" Failed to renew certificate domain.tld with error: An error occurred adding the DNS TXT record: Unable to get base domain for "domain.tld" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All simulated renewals failed. The following certificates could not be renewed: /etc/letsencrypt/live/domain.tld/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s)
Somehow there is probably a wrong query somewhere. It's probably the function _get_base_domain in gandi_api.py, but I'm not that fluent in python.
_get_base_domain
gandi_api.py
Full log of above request.
2022-08-11 10:21:04,133:DEBUG:certbot._internal.main:certbot version: 1.12.0 2022-08-11 10:21:04,134:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot 2022-08-11 10:21:04,134:DEBUG:certbot._internal.main:Arguments: ['--cert-name', 'domain.tld', '--dry-run', '--debug-challenges'] 2022-08-11 10:21:04,134:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-plugin-gandi:dns,PluginEntryPoint#dns,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2022-08-11 10:21:04,179:DEBUG:certbot._internal.log:Root logging level set at 20 2022-08-11 10:21:04,179:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2022-08-11 10:21:04,180:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/domain.tld.conf 2022-08-11 10:21:04,187:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f602813db80> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f602813db80> 2022-08-11 10:21:04,187:DEBUG:certbot._internal.cli:Var dry_run=True (set by user). 2022-08-11 10:21:04,187:DEBUG:certbot._internal.cli:Var server={'dry_run', 'staging'} (set by user). 2022-08-11 10:21:04,187:DEBUG:certbot._internal.cli:Var account={'server'} (set by user). 2022-08-11 10:21:04,205:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80 2022-08-11 10:21:04,213:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503 2022-08-11 10:21:04,214:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/domain.tld/cert6.pem is signed by the certificate's issuer. 2022-08-11 10:21:04,216:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/domain.tld/cert6.pem is: OCSPCertStatus.GOOD 2022-08-11 10:21:04,221:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2022-08-27 21:55:06 UTC. 2022-08-11 10:21:04,221:INFO:certbot._internal.renewal:Cert is due for renewal, auto-renewing... 2022-08-11 10:21:04,221:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns and installer nginx 2022-08-11 10:21:06,185:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx Description: Nginx Web Server plugin Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f6028351790> Prep: True 2022-08-11 10:21:06,186:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns Description: Obtain certificates using a DNS TXT record (if you are using Gandi for DNS). Interfaces: IAuthenticator, IPlugin Entry point: dns = certbot_plugin_gandi.main:Authenticator Initialized: <certbot_plugin_gandi.main.Authenticator object at 0x7f6027dcca60> Prep: True 2022-08-11 10:21:06,186:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_plugin_gandi.main.Authenticator object at 0x7f6027dcca60> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f6028351790> 2022-08-11 10:21:06,186:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns, Installer nginx 2022-08-11 10:21:06,207:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/64105154', new_authzr_uri=None, terms_of_service=None), 80897d43a455c9f61fe330fa0eb2cffd, Meta(creation_dt=datetime.datetime(2022, 8, 11, 7, 0, 20, tzinfo=<UTC>), creation_host='localhost', register_to_eff=None))> 2022-08-11 10:21:06,208:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory. 2022-08-11 10:21:06,209:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443 2022-08-11 10:21:06,657:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 822 2022-08-11 10:21:06,657:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 11 Aug 2022 08:21:06 GMT Content-Type: application/json Content-Length: 822 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org/docs/staging-environment/" }, "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-aaron-ari/renewalInfo/", "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert", "ypX3PU-Xdw4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417" } 2022-08-11 10:21:06,658:DEBUG:certbot.display.util:Notifying user: Simulating renewal of an existing certificate for domain.tld and www.domain.tld 2022-08-11 10:21:07,529:DEBUG:acme.client:Requesting fresh nonce 2022-08-11 10:21:07,529:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce. 2022-08-11 10:21:07,681:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2022-08-11 10:21:07,681:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 11 Aug 2022 08:21:07 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 0001OPdzQDnygyXeH852luRDB9-sFGqz7V9nOhUa4qaPHFo X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2022-08-11 10:21:07,681:DEBUG:acme.client:Storing nonce: 0001OPdzQDnygyXeH852luRDB9-sFGqz7V9nOhUa4qaPHFo 2022-08-11 10:21:07,682:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "domain.tld"\n },\n {\n "type": "dns",\n "value": "www.domain.tld"\n }\n ]\n}' 2022-08-11 10:21:07,687:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82NDEwNTE1NCIsICJub25jZSI6ICIwMDAxT1BkelFEbnlneVhlSDg1Mmx1UkRCOS1zRkdxejdWOW5PaFVhNHFhUEhGbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ", "signature": "g7c_GV9PbiaRp5CpJHUhaDA9q0Z8yU-G1ki62Qh_GWYmogDrDkBlJRxHbmSmguPyt2f_9puLQqQ5URE7fDM1gufeqURjAFYVDagD3zrvg9ENShIOdewFaWGkuHhJ1_uDbrWYQTrIo4B0lb79GHKpzC8KLWfv_UdCe51QpGx5hjOQFJ82IjpdTcwAifHV8_O9MtiT7BL136h8Uq1JVEg-USkFKUpZ3NSAJTvkZx6RaB5fXfdRu3xdeEKBuWM2vYIfPae4uczVPxKHKggu_AQqT24uF7GjrakeKv25UczT3AZwcawdB6Hw0NNE2g7q4mz9zRq407TG7ZXqYi0nlBaIQyyhvfWkth-0JzaxtBvk3ojEc6c0h8OzIP8M_3IDE31e_i32S0AYupY8RZgvp3Bo73uThvCep1Yj2_Y_WGp9Y2qiG-O9wjNZTYVerB7A7kKoe-KncKHnGYYoZOhVXpJRiDcXczTm4FRFlfiUZpBIh2EaZE7KJ3BSEr2jILDh4bfFedKNMOKbbSKxBHUbvQQLCIWWrlGrROx0Z2L1_C2aKKPdBtnX2IT9FnIcyRgGHLydym4frzerMYcQI0wFK3d6eVRiJ11wzyJjy7zF0CpEDWXniPXItL_fWMHEq8oE05n8lz-FMunGbkYJvRT34phM9MF7B4WmZb8tPpUS_qP8pS4", "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImVsc2llLnBob3RvIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5lbHNpZS5waG90byIKICAgIH0KICBdCn0" } 2022-08-11 10:21:07,840:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 491 2022-08-11 10:21:07,840:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Thu, 11 Aug 2022 08:21:07 GMT Content-Type: application/json Content-Length: 491 Connection: keep-alive Boulder-Requester: 64105154 Cache-Control: public, max-age=0, no-cache Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index" Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/64105154/3598910284 Replay-Nonce: 0001GHoPcPHV2jJPvmhW6jS9dKUAfp9krFkfmTOovQoOmgM X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2022-08-18T07:00:23Z", "identifiers": [ { "type": "dns", "value": "domain.tld" }, { "type": "dns", "value": "www.domain.tld" } ], "authorizations": [ "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3302248624", "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3302248634" ], "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/64105154/3598910284" } 2022-08-11 10:21:07,840:DEBUG:acme.client:Storing nonce: 0001GHoPcPHV2jJPvmhW6jS9dKUAfp9krFkfmTOovQoOmgM 2022-08-11 10:21:07,840:DEBUG:acme.client:JWS payload: b'' 2022-08-11 10:21:07,846:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3302248624: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82NDEwNTE1NCIsICJub25jZSI6ICIwMDAxR0hvUGNQSFYyakpQdm1oVzZqUzlkS1VBZnA5a3JGa2ZtVE9vdlFvT21nTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zMzAyMjQ4NjI0In0", "signature": "Cp9-EURpOaZfJdSp_KFYunxeXr1cA4KO4jaJf-7n1Tqyi_dL0zxNWXnZG0RVRnOb7osDoSYDRHlJYNc1pzxAPSqavGYiTbE6x17L-gGUg-dIVxhvKyJYJ2MTzuMvPisffXApHYR7cLQrH8rqT0gUTJdvVaHxSCZRU7J8oZrcWxtAfm0I8SihxUcHvT3ATNbeAWNcKInjAZuJvGM8K2fquSxtQMuFDi3vRzCa3I6WG6r3SOw15KbzOUOjtX3GFqgZZrRTCrPGFHxYXeGi8c1m0zXFDLOfVHtxSJ4YKJR7TVoOi-nN4osTtNsE8O4wwEajZlaKxxeE_Zbxw97b4vBD6BBdnk3caD6sNu4dgCIjpQkNo1zIF-o_8MBO33vhdkVAHY2B7Lf8AK3SQZb1YI25t6vRrOaF8bdL9Wr0YmPXOGVqvRQ21-_8Sg8Nyw0pTH9MapGxK8lzh7o2VB7ndRS1kqnLq3OfSNUn59u9gDFEJlkk0-0anuDF5EbUXgb43-15iIM_uivI3lrBfaVWRfqY_4U2gnhETxazAgePLzZbONeOfXhDCqTorTVqbPxgC2LoQ8JhR6-SxQti5lDv0QZDxF_El69_y0FtcT5w7eS1s49beAJ2Q70quQOrPdAS75Q58QJIscjajPt22E-RrN-9XX9rCPrVmJdCCPxDg2KbMMI", "payload": "" } 2022-08-11 10:21:07,997:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3302248624 HTTP/1.1" 200 813 2022-08-11 10:21:07,997:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 11 Aug 2022 08:21:07 GMT Content-Type: application/json Content-Length: 813 Connection: keep-alive Boulder-Requester: 64105154 Cache-Control: public, max-age=0, no-cache Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 0001GdE6mL5grL4M7aKhivpOf5_-KbAn_tjWDBkOSxvG2rQ X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "domain.tld" }, "status": "pending", "expires": "2022-08-18T07:00:23Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3302248624/32jdHg", "token": "rvUcqCUcheEoeiAEXMT-C78AFO9Xc9wh_87WGpyo8qw" }, { "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3302248624/OW6X2g", "token": "rvUcqCUcheEoeiAEXMT-C78AFO9Xc9wh_87WGpyo8qw" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3302248624/jIPRsA", "token": "rvUcqCUcheEoeiAEXMT-C78AFO9Xc9wh_87WGpyo8qw" } ] } 2022-08-11 10:21:07,997:DEBUG:acme.client:Storing nonce: 0001GdE6mL5grL4M7aKhivpOf5_-KbAn_tjWDBkOSxvG2rQ 2022-08-11 10:21:07,997:DEBUG:acme.client:JWS payload: b'' 2022-08-11 10:21:08,003:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3302248634: { "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82NDEwNTE1NCIsICJub25jZSI6ICIwMDAxR2RFNm1MNWdyTDRNN2FLaGl2cE9mNV8tS2JBbl90aldEQmtPU3h2RzJyUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zMzAyMjQ4NjM0In0", "signature": "XVI0EX8tx6AMIzJo2ckJYY47pWxgmoonE2vinLmL7cfo6wrXjzpfau7ixpPFjWyJwq68b_Rrd5dfKyWD4ugxeCVuNSHzMglA9LHyc8RDTNsA3g9mimE3H_YRg4THD2BsJhan8tztFnz-1CMuw0ZJxYrtNZ2Ooj-06yvgvb0_hqKTMs-q0HrdT9Ww05DuzfYhYVXBYlQMV9Az73zhZlRgVncfz_h-OPyXaQOTr66VlGGGPOc3Lz0D7h0NG2-GHD7LltQgskL0FhfV222K3JU7c8yW91hGBrp5J_OYW0JrRicD9OwBVLdwoV6K8cGVveiwIP09YAn6WadXQ1ak6aaqPvBfqFHt78USiyUnOa_2dJuE2t4hJBSupzK2ZggxktmIfDpHAclcPJliKp8HgsA9ucFZltJRaOw9FTdjw2JPa2YlEMuijOtaXUlCG5EkKz_dpSfET-rixxUwJeQ7hsjYZ8HFWlm1-hpB-ofCzMuOMowhm1tJ7QfFBulL2EQrkgikd3E1WF_R0QYnvvU1sHy2hYFBJsLwp8OvzyApvpPSP-dWF-7UcFE9syJNt-rQbIKK0mGn5TqT-MelyWyzyfIL8kPA3BSPAGUpN1Uea-KByolwmdlOaCzzx1TggPnnaV25FsqkzKOPe9M2K-62HF2w7615xhCfkdokcZmEMs5ArUc", "payload": "" } 2022-08-11 10:21:08,153:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/3302248634 HTTP/1.1" 200 817 2022-08-11 10:21:08,154:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 11 Aug 2022 08:21:08 GMT Content-Type: application/json Content-Length: 817 Connection: keep-alive Boulder-Requester: 64105154 Cache-Control: public, max-age=0, no-cache Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index" Replay-Nonce: 00010M8vyS9R9mnzrmCCzPUt5_vbB4Jr149WPjj7An2gBlg X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "www.domain.tld" }, "status": "pending", "expires": "2022-08-18T07:00:23Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3302248634/COfA3g", "token": "s3cQWnxR0ptUATieKmmklTb-gitdjsjcHnpnL-aH1WI" }, { "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3302248634/QxrSJg", "token": "s3cQWnxR0ptUATieKmmklTb-gitdjsjcHnpnL-aH1WI" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3302248634/CgJcbw", "token": "s3cQWnxR0ptUATieKmmklTb-gitdjsjcHnpnL-aH1WI" } ] } 2022-08-11 10:21:08,154:DEBUG:acme.client:Storing nonce: 00010M8vyS9R9mnzrmCCzPUt5_vbB4Jr149WPjj7An2gBlg 2022-08-11 10:21:08,154:INFO:certbot._internal.auth_handler:Performing the following challenges: 2022-08-11 10:21:08,154:INFO:certbot._internal.auth_handler:dns-01 challenge for domain.tld 2022-08-11 10:21:08,155:INFO:certbot._internal.auth_handler:dns-01 challenge for www.domain.tld 2022-08-11 10:21:08,156:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443 2022-08-11 10:21:08,247:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/domain.tld HTTP/1.1" 400 None 2022-08-11 10:21:08,249:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443 2022-08-11 10:21:08,301:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/photo HTTP/1.1" 400 None 2022-08-11 10:21:08,303:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations resps = self.auth.perform(achalls) File "/usr/lib/python3/dist-packages/certbot/plugins/dns_common.py", line 57, in perform self._perform(domain, validation_domain_name, validation) File "/usr/lib/python3/dist-packages/certbot_plugin_gandi/main.py", line 59, in _perform raise errors.PluginError('An error occurred adding the DNS TXT record: {0}'.format(error)) certbot.errors.PluginError: An error occurred adding the DNS TXT record: Unable to get base domain for "domain.tld" 2022-08-11 10:21:08,303:DEBUG:certbot._internal.error_handler:Calling registered functions 2022-08-11 10:21:08,303:INFO:certbot._internal.auth_handler:Cleaning up challenges 2022-08-11 10:21:08,304:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443 2022-08-11 10:21:08,356:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/domain.tld HTTP/1.1" 400 None 2022-08-11 10:21:08,357:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443 2022-08-11 10:21:08,410:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/photo HTTP/1.1" 400 None 2022-08-11 10:21:08,411:WARNING:certbot_plugin_gandi.main:Unable to find or delete the DNS TXT record: Unable to get base domain for "domain.tld" 2022-08-11 10:21:08,412:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443 2022-08-11 10:21:08,465:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/www.domain.tld HTTP/1.1" 400 None 2022-08-11 10:21:08,467:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443 2022-08-11 10:21:08,518:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/domain.tld HTTP/1.1" 400 None 2022-08-11 10:21:08,520:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.gandi.net:443 2022-08-11 10:21:08,571:DEBUG:urllib3.connectionpool:https://api.gandi.net:443 "GET /v5/livedns/domains/photo HTTP/1.1" 400 None 2022-08-11 10:21:08,572:WARNING:certbot_plugin_gandi.main:Unable to find or delete the DNS TXT record: Unable to get base domain for "www.domain.tld" 2022-08-11 10:21:08,573:ERROR:certbot._internal.renewal:Failed to renew certificate domain.tld with error: An error occurred adding the DNS TXT record: Unable to get base domain for "domain.tld" 2022-08-11 10:21:08,573:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 485, in handle_renewal_request main.renew_cert(lineage_config, plugins, renewal_candidate) File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1234, in renew_cert renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage) File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 123, in _get_and_save_cert renewal.renew_cert(config, domains, le_client, lineage) File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 345, in renew_cert new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key) File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 374, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, best_effort) File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations resps = self.auth.perform(achalls) File "/usr/lib/python3/dist-packages/certbot/plugins/dns_common.py", line 57, in perform self._perform(domain, validation_domain_name, validation) File "/usr/lib/python3/dist-packages/certbot_plugin_gandi/main.py", line 59, in _perform raise errors.PluginError('An error occurred adding the DNS TXT record: {0}'.format(error)) certbot.errors.PluginError: An error occurred adding the DNS TXT record: Unable to get base domain for "domain.tld" 2022-08-11 10:21:08,573:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2022-08-11 10:21:08,573:ERROR:certbot._internal.renewal:All simulated renewals failed. The following certificates could not be renewed: 2022-08-11 10:21:08,574:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/domain.tld/fullchain.pem (failure) 2022-08-11 10:21:08,574:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2022-08-11 10:21:08,574:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 33, in <module> sys.exit(load_entry_point('certbot==1.12.0', 'console_scripts', 'certbot')()) File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1413, in main return config.func(config, plugins) File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1317, in renew renewal.handle_renewal_request(config) File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 510, in handle_renewal_request raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format( certbot.errors.Error: 1 renew failure(s), 0 parse failure(s) 2022-08-11 10:21:08,574:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
Tried #34 using pip install --force-reinstall git+https://github.com/obynio/certbot-plugin-gandi, it works, It may be a good time for a release..
pip install --force-reinstall git+https://github.com/obynio/certbot-plugin-gandi
A release has been done. 1.4.0 is now out.
1.4.0
I'm running a debian bullseye system with the package
python3-certbot-dns-gandi
version 1.2.5-3. Recently communication with Gandi Livedns Api stopped working (as already mentioned in https://github.com/obynio/certbot-plugin-gandi/issues/35). I manually applied https://github.com/obynio/certbot-plugin-gandi/pull/34/commits/a446c6c2506fec79793894a6fc2146b4a3f02169 (https://github.com/obynio/certbot-plugin-gandi/pull/34), but it's still not working.Somehow there is probably a wrong query somewhere. It's probably the function
_get_base_domain
ingandi_api.py
, but I'm not that fluent in python.Full log of above request.