Open mutageneral opened 1 year ago
I'm seeing this on a Raspberry Pi Zero 2 W. I can't find a discreet Pi OS version, but /etc/debian_version shows 11.8, and the APT sources.list says bullseye. The packaged version of certbot is 1.12.0, and the packaged version of this plugin is 1.2.5-3
$ apt list --installed '*certbot*'
Listing... Done
certbot/oldstable,now 1.12.0-2 all [installed,automatic]
python3-certbot-dns-gandi/oldstable,now 1.2.5-3 all [installed]
python3-certbot/oldstable,now 1.12.0-2 all [installed]
@obynio @HLFH can someone triage this (after the holidays, of course)
Actually looking at the README from the 1.2.5 tag I was able to sort things out.
Using the commands from that version gives me this error
Missing property in credentials configuration file /etc/letsencrypt/gandi/gandi.ini:
* Property "certbot_plugin_gandi:dns_api_key" not found (should be API key for Gandi account).
So I updated my /etc/letsencrypt/gandi/gandi.ini to have that property, but with my personal access token (I don't have a livedns api key since they're deprecated), and that results in this
$ sudo certbot certonly -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials /etc/letsencrypt/gandi/gandi.ini -d pi-1.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugin legacy name certbot-plugin-gandi:dns may be removed in a future version. Please use dns instead.
Plugins selected: Authenticator certbot-plugin-gandi:dns, Installer None
Requesting a certificate for pi-1.example.com
Performing the following challenges:
dns-01 challenge for pi-1.example.com
Cleaning up challenges
Unable to find or delete the DNS TXT record: Unable to get base domain for "pi-1.example.com"
An error occurred adding the DNS TXT record: Unable to get base domain for "pi-1.example.com"
So maybe v1.2.5 doesn't support Gandi's access tokens.
Reverting my gandi.ini file, uninstalling the python3-certbot-dns-gandi APT package, and installing the latest 1.5.0 via PIP (I'm generally pretty loath to globally installing packages with PIP, as it has a tendency to clobber other system-managed Python libraries and break other important system tools, but in this case there were no dependencies needing any updates) and now it's working.
Hello, yes indeed the only official update channel as of now is PIP. Unfortunately I do not own control over the debian package so I can't update it to the latest version :(
root@www:/etc/letsencrypt# certbot certonly --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi.ini -d mydomain.tld usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: unrecognized arguments: --dns-gandi-credentials /etc/letsencrypt/gandi.ini
root@www:/etc/letsencrypt# apt search livedns Sorting... Done Full Text Search... Done python3-certbot-dns-gandi/stable,now 1.2.5-3 all [installed] Gandi LiveDNS plugin for Certbot