oklona
commented
5 years ago Hi. I had this, but tried using pip3 instead of regular pip, which resolved this issue.
Closed MrPetovan closed 5 years ago
oklona
commented
5 years ago Hi. I had this, but tried using pip3 instead of regular pip, which resolved this issue.
MrPetovan
commented
5 years ago Interesting, thanks for the tip. Here's what I did:
~# apt install python3-pip
...
Setting up python3-pip (9.0.1-2+deb9u1) ...
~# pip uninstall certbot-plugin-gandi
...
Successfully uninstalled certbot-plugin-gandi-1.1.1
~# pip3 install certbot-plugin-gandi
...
Successfully installed certbot-plugin-gandi-1.1.1
~# certbot renew -v -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials gandi.ini --server https://acme-v02.api.letsencrypt.org/directory --cert-name example.com-0002 usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --certbot-plugin-gandi:dns-credentials gandi.iniSame error, unfortunately.
obynio
commented
5 years ago Hi ! I dig a bit on the issue and I suspect your version of Certbot is too old.
Assuming you're on Debian 8 at least, Cerbot does not recommend to use the default certbot package anymore.
We previously recommended that Debian 8 (jessie) users install Certbot from the packaged version. Because of important updates in the Certbot code, we are now recommending that Debian 8 users switch to the certbot-auto method, described below.
Depending of your Debian version and if you would like to use wildcard certificates, I would recommend you to take a look at their instructions to update your certbot installation.
https://certbot.eff.org/lets-encrypt/debianjessie-apache.html https://certbot.eff.org/all-instructions
MrPetovan
commented
5 years ago Hi, thanks for the answer, I indeed had to manually install certbot to issue a wildcard certificate. See above:
~# certbot --version
certbot 0.28.0However, I didn't install certbot-auto, I'll give it a stab tonight.
rivsc
commented
5 years ago Hi,
@obynio Thanks for your certbot plugin !
I followed @obynio intructions (https://certbot.eff.org/lets-encrypt/debianjessie-apache.html) : pi@raspberrypi:~ $ sudo mv certbot-auto /usr/local/bin/certbot-auto pi@raspberrypi:~ $ sudo chown root /usr/local/bin/certbot-auto pi@raspberrypi:~ $ sudo chmod 0755 /usr/local/bin/certbot-auto pi@raspberrypi:~ $ sudo certbot-auto --version certbot 0.35.1 pi@raspberrypi:~ $ locate certbot ... /opt/eff.org/certbot/venv/bin/certbot ... pi@raspberrypi:~ $ /opt/eff.org/certbot/venv/bin/certbot --version certbot 0.35.1 pi@raspberrypi:~ $ /opt/eff.org/certbot/venv/bin/certbot certonly -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials gandi.ini -d example.com -d *.example.com --server https://acme-v02.api.letsencrypt.org/directory usage: letsencrypt-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: unrecognized arguments: --certbot-plugin-gandi:dns-credentials gandi.ini
Info :
pi@raspberrypi:~ $ cat /etc/os-release PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)" NAME="Raspbian GNU/Linux" VERSION_ID="9" VERSION="9 (stretch)" ID=raspbian ID_LIKE=debian HOME_URL="http://www.raspbian.org/" SUPPORT_URL="http://www.raspbian.org/RaspbianForums" BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
obynio
commented
5 years ago Well, it seems strange. I will try the process on my raspi with raspbian stretch as soon as possible :)
obynio
commented
5 years ago Okay, I tested it on my freshly installed raspbian (Debian Stretch 9). It works perfectly without issues with cerbot 0.28.0.
Here are the steps that I did to get it working. Everything is done under a freshly installed Debian Stretch 9. This process include the cerbot installation described there https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
Enable the Debian backports by editing sudo vim /etc/apt/sources.list and adding deb http://deb.debian.org/debian stretch-backports main. Here are the instructions for that https://backports.debian.org/Instructions/
Quickly after enabling backports, I realised its signature could not be verified. I had to import the gpg keys for backports with gpg. Instructions here https://rolfje.wordpress.com/2017/06/09/installing-gpg-keys-for-debian-backports/
$ sudo gpg --keyserver pgp.mit.edu --recv-keys 7638D0442B90D010 8B48AD6246925553
gpg: key 8B48AD6246925553: 28 signatures not checked due to missing keys
gpg: key 8B48AD6246925553: "Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>" not changed
gpg: key 7638D0442B90D010: 13 signatures not checked due to missing keys
gpg: key 7638D0442B90D010: "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" not changed
gpg: Total number processed: 2
gpg: unchanged: 2
$ sudo gpg --armor --export 7638D0442B90D010 | apt-key add -
OK
$ sudo gpg --armor --export 8B48AD6246925553 | apt-key add -
OKsudo apt update as usual.sudo apt-get install certbot python-certbot-apache -t stretch-backportssudo apt install python3-pippip3 install certbot-plugin-gandigandi.ini file with my gandi API key.$ sudo certbot certonly -a certbot-plugin-gandi:dns \
--certbot-plugin-gandi:dns-credentials gandi.ini -d segfault.page \
--server https://acme-v02.api.letsencrypt.org/directory
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator certbot-plugin-gandi:dns, Installer None
[...]Thanks for the follow-up, I followed your instructions to the letter, to no avail unfortunately:
~# echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list
~# cat /etc/apt/sources.list
...
deb http://deb.debian.org/debian stretch-backports main
~# gpg --keyserver pgp.mit.edu --recv-keys 7638D0442B90D010 8B48AD6246925553
gpg: key 7638D0442B90D010: 13 signatures not checked due to missing keys
gpg: key 7638D0442B90D010: public key "Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
~# gpg --armor --export 7638D0442B90D010 | apt-key add -
OK
~# gpg --armor --export 8B48AD6246925553 | apt-key add -
gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
~# apt update
Get:1 http://deb.debian.org/debian stretch-backports InRelease [91.8 kB]
...
~# apt install certbot python-certbot-apache -t stretch-backports
Reading package lists... Done
Building dependency tree
Reading state information... Done
certbot is already the newest version (0.28.0-1~deb9u2).
python-certbot-apache is already the newest version (0.28.0-1~deb9u1).
0 upgraded, 0 newly installed, 0 to remove and 73 not upgraded.
~# apt install python3-pip
Reading package lists... Done
Building dependency tree
Reading state information... Done
python3-pip is already the newest version (9.0.1-2+deb9u1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
~# pip3 install certbot-plugin-gandi
Requirement already satisfied: certbot-plugin-gandi in /usr/local/lib/python3.5/dist-packages
Requirement already satisfied: zope.interface in /usr/lib/python3/dist-packages (from certbot-plugin-gandi)
Requirement already satisfied: requests>=2.4.2 in /usr/lib/python3/dist-packages (from certbot-plugin-gandi)
Requirement already satisfied: certbot in /usr/lib/python3/dist-packages (from certbot-plugin-gandi)
~# ls -al gandi.ini
-rw-r--r-- 1 root root 58 Jun 20 04:39 gandi.ini
~# certbot certonly -v -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials gandi.ini --server https://acme-v02.api.letsencryp t.org/directory -d *.example.com -d example.com
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --certbot-plugin-gandi:dns-credentials gandi.iniI'm unable to reproduce this issue. Please provide the logs in /var/log/letsencrypt but if I can't reproduce this issue I doubt I will much help.
MrPetovan
commented
5 years ago Nevermind, I had installed certbot 0.35 from pip and this was the version that was used when simply typing certbot in the command line. I uninstalled everything, reinstalled only certbot 0.28 from the backport, and now everything is working like a charm.
I have a loosely related command-line question you may have an answer to:
# certbot --version
-bash: /usr/local/bin/certbot: No such file or directory <- Former location of certbot 0.35 installed via pip
# which certbot
/usr/bin/certbot <- Location of certbot 0.28 installed with apt
# whereis certbot
certbot: /usr/bin/certbot /usr/share/man/man1/certbot.1.gz
# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binDo you know why I can't run certbot without specifying its full path now? Is it just about resetting my shell session (it worked)?
obynio
commented
5 years ago Good to hear ! For your second question, that's because your current shell still remembers certbot as being in its old location in its hash table of recently executed programs. You can display this table with the hash builtin in your shell. Just run hash -r to make it forget all remembered locations 🙂
MrPetovan
commented
5 years ago Thanks for the elaboration!
tl;dr: On Debian, it seems this plugin doesn't work with certbot 0.35 provided by
certbot-autoorpip, only with certbot 0.28 installed from debian-backports. See these instructions.I'm getting this error message while trying to use this plugin I'm very grateful for.
Is it just my version of
certbotthat needs to be updated? I'm using the default Debian package so it isn't exactly the most recent.