search

terricain / certbot-dns-azure

AzureDNS Certbot plugin
Other
33 stars 16 forks source link

Can't additional command line flags #1

Closed rnakamine closed 3 years ago

rnakamine commented 3 years ago

Sorry my bad english skills.

Abstract

Cannot specify --dns-azure option

$ certbot certonly --dns-azure --dns-azure-config azure.ini -d <my domain> --config-dir ./config-dir --work-dir ./work-dir --logs-dir ./logs-dir
usage:
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: ambiguous option: --dns-azure could match --dns-azure-propagation-seconds, --dns-azure-config

So I can't run the certbot command in non-interactive mode.

cpressland commented 3 years ago

Can you send us the output of certbot plugins --text and also confirm how you installed certbot? I have a hunch you may have installed it with apt or some other OS package manager and not pip.

Also, just to rule it out try moving your domains to the end of the command. The usage string does specifically note that they should come last.

rnakamine commented 3 years ago

Certbot and plugins are installed via pip.

When I run certbot plugins --text, I get the following:

$ certbot plugins --text

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* dns-azure
Description: Obtain certificates using a DNS TXT record (if you are using Azure
for DNS).
Interfaces: IAuthenticator, IPlugin
Entry point: dns-azure = certbot_dns_azure._internal.dns_azure:Authenticator

* standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator

* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Also, move the domain to the end of the command with similar results.

$ certbot certonly --dns-azure --dns-azure-config azure.ini --config-dir ./config-dir --work-dir ./work-dir --logs-dir ./logs-dir -d <my domain>
usage:
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: ambiguous option: --dns-azure could match --dns-azure-propagation-seconds, --dns-azure-config
terricain commented 3 years ago

Ah yes, this is my bad, so the plugin was initially developed as a PR to the certbot repo with some extra changes to support that --dns-azure flag. Can you try again without the --dns-azure flag, it should work without it.

I'll update the docs soon :)

rnakamine commented 3 years ago

I can run it without the --dns-azure flag.

$ certbot certonly --dns-azure-config azure.ini --config-dir ./config-dir --work-dir ./work-dir --logs-dir ./logs-dir -d <my domain>
Saving debug log to /path/to/logs-dir/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Obtain certificates using a DNS TXT record (if you are using Azure for DNS).
(dns-azure)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel):

but if you set the --noninteractive, --agree-tos flags to prevent user input, you will be prompted to specify a plugin.

$ certbot certonly --noninteractive --agree-tos --dns-azure-config azure.ini --config-dir ./config-dir --work-dir ./work-dir --logs-dir ./logs-dir -d <my domain>
Saving debug log to /path/to/logs-dir/letsencrypt.log
Missing command line flags. For non-interactive execution, you will need to specify a plugin on the command line.  Run with '--help plugins' to see a list of options, and see https://eff.org/letsencrypt-plugins for more detail on what the plugins do and how to use them.

I'm developing a tool that uses certbot to automate certificate acquisition and I need to avoid accepting user input.

terricain commented 3 years ago

Try:

certbot certonly --authenticator dns-azure --preferred-challenges dns --noninteractive --agree-tos --dns-azure-config azure.ini --config-dir ./config-dir --work-dir ./work-dir --logs-dir ./logs-dir -d <my domain>
rnakamine commented 3 years ago 

certbot certonly --authenticator dns-azure --preferred-challenges dns --noninteractive --agree-tos --dns-azure-config azure.ini --config-dir ./config-dir --work-dir ./work-dir --logs-dir ./logs-dir -d <my domain>```
I was able to do it!
Thank you so much.

This solved my problem.

terricain commented 3 years ago

Np will update the docs to reflect how to do it fully non-interactively