Closed MrPetovan closed 5 years ago
Hi. I had this, but tried using pip3 instead of regular pip, which resolved this issue.
Interesting, thanks for the tip. Here's what I did:
~# apt install python3-pip
...
Setting up python3-pip (9.0.1-2+deb9u1) ...
~# pip uninstall certbot-plugin-gandi
...
Successfully uninstalled certbot-plugin-gandi-1.1.1
~# pip3 install certbot-plugin-gandi
...
Successfully installed certbot-plugin-gandi-1.1.1
~# certbot renew -v -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials gandi.ini --server https://acme-v02.api.letsencrypt.org/directory --cert-name example.com-0002 usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --certbot-plugin-gandi:dns-credentials gandi.ini
Same error, unfortunately.
Hi ! I dig a bit on the issue and I suspect your version of Certbot is too old.
Assuming you're on Debian 8 at least, Cerbot does not recommend to use the default certbot
package anymore.
We previously recommended that Debian 8 (jessie) users install Certbot from the packaged version. Because of important updates in the Certbot code, we are now recommending that Debian 8 users switch to the certbot-auto method, described below.
Depending of your Debian version and if you would like to use wildcard certificates, I would recommend you to take a look at their instructions to update your certbot
installation.
https://certbot.eff.org/lets-encrypt/debianjessie-apache.html https://certbot.eff.org/all-instructions
Hi, thanks for the answer, I indeed had to manually install certbot
to issue a wildcard certificate. See above:
~# certbot --version
certbot 0.28.0
However, I didn't install certbot-auto
, I'll give it a stab tonight.
Hi,
@obynio Thanks for your certbot plugin !
I followed @obynio intructions (https://certbot.eff.org/lets-encrypt/debianjessie-apache.html) : pi@raspberrypi:~ $ sudo mv certbot-auto /usr/local/bin/certbot-auto pi@raspberrypi:~ $ sudo chown root /usr/local/bin/certbot-auto pi@raspberrypi:~ $ sudo chmod 0755 /usr/local/bin/certbot-auto pi@raspberrypi:~ $ sudo certbot-auto --version certbot 0.35.1 pi@raspberrypi:~ $ locate certbot ... /opt/eff.org/certbot/venv/bin/certbot ... pi@raspberrypi:~ $ /opt/eff.org/certbot/venv/bin/certbot --version certbot 0.35.1 pi@raspberrypi:~ $ /opt/eff.org/certbot/venv/bin/certbot certonly -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials gandi.ini -d example.com -d *.example.com --server https://acme-v02.api.letsencrypt.org/directory usage: letsencrypt-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: unrecognized arguments: --certbot-plugin-gandi:dns-credentials gandi.ini
Info :
pi@raspberrypi:~ $ cat /etc/os-release PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)" NAME="Raspbian GNU/Linux" VERSION_ID="9" VERSION="9 (stretch)" ID=raspbian ID_LIKE=debian HOME_URL="http://www.raspbian.org/" SUPPORT_URL="http://www.raspbian.org/RaspbianForums" BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
Well, it seems strange. I will try the process on my raspi with raspbian stretch as soon as possible :)
Okay, I tested it on my freshly installed raspbian (Debian Stretch 9). It works perfectly without issues with cerbot 0.28.0.
Here are the steps that I did to get it working. Everything is done under a freshly installed Debian Stretch 9. This process include the cerbot installation described there https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
Enable the Debian backports by editing sudo vim /etc/apt/sources.list
and adding deb http://deb.debian.org/debian stretch-backports main
. Here are the instructions for that https://backports.debian.org/Instructions/
Quickly after enabling backports, I realised its signature could not be verified. I had to import the gpg keys for backports with gpg. Instructions here https://rolfje.wordpress.com/2017/06/09/installing-gpg-keys-for-debian-backports/
$ sudo gpg --keyserver pgp.mit.edu --recv-keys 7638D0442B90D010 8B48AD6246925553
gpg: key 8B48AD6246925553: 28 signatures not checked due to missing keys
gpg: key 8B48AD6246925553: "Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>" not changed
gpg: key 7638D0442B90D010: 13 signatures not checked due to missing keys
gpg: key 7638D0442B90D010: "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" not changed
gpg: Total number processed: 2
gpg: unchanged: 2
$ sudo gpg --armor --export 7638D0442B90D010 | apt-key add -
OK
$ sudo gpg --armor --export 8B48AD6246925553 | apt-key add -
OK
sudo apt update
as usual.sudo apt-get install certbot python-certbot-apache -t stretch-backports
sudo apt install python3-pip
pip3 install certbot-plugin-gandi
gandi.ini
file with my gandi API key.$ sudo certbot certonly -a certbot-plugin-gandi:dns \
--certbot-plugin-gandi:dns-credentials gandi.ini -d segfault.page \
--server https://acme-v02.api.letsencrypt.org/directory
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator certbot-plugin-gandi:dns, Installer None
[...]
Thanks for the follow-up, I followed your instructions to the letter, to no avail unfortunately:
~# echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list
~# cat /etc/apt/sources.list
...
deb http://deb.debian.org/debian stretch-backports main
~# gpg --keyserver pgp.mit.edu --recv-keys 7638D0442B90D010 8B48AD6246925553
gpg: key 7638D0442B90D010: 13 signatures not checked due to missing keys
gpg: key 7638D0442B90D010: public key "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
~# gpg --armor --export 7638D0442B90D010 | apt-key add -
OK
~# gpg --armor --export 8B48AD6246925553 | apt-key add -
gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
~# apt update
Get:1 http://deb.debian.org/debian stretch-backports InRelease [91.8 kB]
...
~# apt install certbot python-certbot-apache -t stretch-backports
Reading package lists... Done
Building dependency tree
Reading state information... Done
certbot is already the newest version (0.28.0-1~deb9u2).
python-certbot-apache is already the newest version (0.28.0-1~deb9u1).
0 upgraded, 0 newly installed, 0 to remove and 73 not upgraded.
~# apt install python3-pip
Reading package lists... Done
Building dependency tree
Reading state information... Done
python3-pip is already the newest version (9.0.1-2+deb9u1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
~# pip3 install certbot-plugin-gandi
Requirement already satisfied: certbot-plugin-gandi in /usr/local/lib/python3.5/dist-packages
Requirement already satisfied: zope.interface in /usr/lib/python3/dist-packages (from certbot-plugin-gandi)
Requirement already satisfied: requests>=2.4.2 in /usr/lib/python3/dist-packages (from certbot-plugin-gandi)
Requirement already satisfied: certbot in /usr/lib/python3/dist-packages (from certbot-plugin-gandi)
~# ls -al gandi.ini
-rw-r--r-- 1 root root 58 Jun 20 04:39 gandi.ini
~# certbot certonly -v -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials gandi.ini --server https://acme-v02.api.letsencryp t.org/directory -d *.example.com -d example.com
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --certbot-plugin-gandi:dns-credentials gandi.ini
I'm unable to reproduce this issue. Please provide the logs in /var/log/letsencrypt
but if I can't reproduce this issue I doubt I will much help.
Nevermind, I had installed certbot 0.35 from pip and this was the version that was used when simply typing certbot
in the command line. I uninstalled everything, reinstalled only certbot 0.28 from the backport, and now everything is working like a charm.
I have a loosely related command-line question you may have an answer to:
# certbot --version
-bash: /usr/local/bin/certbot: No such file or directory <- Former location of certbot 0.35 installed via pip
# which certbot
/usr/bin/certbot <- Location of certbot 0.28 installed with apt
# whereis certbot
certbot: /usr/bin/certbot /usr/share/man/man1/certbot.1.gz
# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Do you know why I can't run certbot without specifying its full path now? Is it just about resetting my shell session (it worked)?
Good to hear ! For your second question, that's because your current shell still remembers certbot as being in its old location in its hash table of recently executed programs. You can display this table with the hash
builtin in your shell. Just run hash -r
to make it forget all remembered locations 🙂
Thanks for the elaboration!
tl;dr: On Debian, it seems this plugin doesn't work with certbot 0.35 provided by
certbot-auto
orpip
, only with certbot 0.28 installed from debian-backports. See these instructions.I'm getting this error message while trying to use this plugin I'm very grateful for.
Is it just my version of
certbot
that needs to be updated? I'm using the default Debian package so it isn't exactly the most recent.