search

obynio / certbot-plugin-gandi

Certbot plugin for authentication using Gandi LiveDNS
https://pypi.org/project/certbot-plugin-gandi/
MIT License
195 stars 27 forks source link

certbot: error: unrecognized arguments: --dns-gandi-credentials /etc/letsencrypt/gandi.ini #45

Open mutageneral opened 1 year ago

mutageneral commented 1 year ago

root@www:/etc/letsencrypt# certbot certonly --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi.ini -d mydomain.tld usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: unrecognized arguments: --dns-gandi-credentials /etc/letsencrypt/gandi.ini

root@www:/etc/letsencrypt# apt search livedns Sorting... Done Full Text Search... Done python3-certbot-dns-gandi/stable,now 1.2.5-3 all [installed] Gandi LiveDNS plugin for Certbot

jgeorgeson commented 9 months ago

I'm seeing this on a Raspberry Pi Zero 2 W. I can't find a discreet Pi OS version, but /etc/debian_version shows 11.8, and the APT sources.list says bullseye. The packaged version of certbot is 1.12.0, and the packaged version of this plugin is 1.2.5-3

$ apt list --installed '*certbot*'
Listing... Done
certbot/oldstable,now 1.12.0-2 all [installed,automatic]
python3-certbot-dns-gandi/oldstable,now 1.2.5-3 all [installed]
python3-certbot/oldstable,now 1.12.0-2 all [installed]

@obynio @HLFH can someone triage this (after the holidays, of course)

jgeorgeson commented 9 months ago

Actually looking at the README from the 1.2.5 tag I was able to sort things out.

Using the commands from that version gives me this error

Missing property in credentials configuration file /etc/letsencrypt/gandi/gandi.ini:
 * Property "certbot_plugin_gandi:dns_api_key" not found (should be API key for Gandi account).

So I updated my /etc/letsencrypt/gandi/gandi.ini to have that property, but with my personal access token (I don't have a livedns api key since they're deprecated), and that results in this

$ sudo certbot certonly -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials /etc/letsencrypt/gandi/gandi.ini -d pi-1.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugin legacy name certbot-plugin-gandi:dns may be removed in a future version. Please use dns instead.
Plugins selected: Authenticator certbot-plugin-gandi:dns, Installer None
Requesting a certificate for pi-1.example.com
Performing the following challenges:
dns-01 challenge for pi-1.example.com
Cleaning up challenges
Unable to find or delete the DNS TXT record: Unable to get base domain for "pi-1.example.com"
An error occurred adding the DNS TXT record: Unable to get base domain for "pi-1.example.com"

So maybe v1.2.5 doesn't support Gandi's access tokens.

Reverting my gandi.ini file, uninstalling the python3-certbot-dns-gandi APT package, and installing the latest 1.5.0 via PIP (I'm generally pretty loath to globally installing packages with PIP, as it has a tendency to clobber other system-managed Python libraries and break other important system tools, but in this case there were no dependencies needing any updates) and now it's working.

obynio commented 8 months ago

Hello, yes indeed the only official update channel as of now is PIP. Unfortunately I do not own control over the debian package so I can't update it to the latest version :(