mauriciocirelli
commented
1 year ago Dear,
I have found the issue. Managed Identities only work for resources that run inside Azure Cloud. That was my mistake. The issue is solved by using a Service Principal instead.
Dear,
I am trying to get a certificate from my domain and I am getting the following error:
Encountered exception during recovery: certbot.errors.PluginError: Failed to check TXT record for domain <my domain>, error: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint.I have followed the example for User Assigned Managed Identity, non-interactive mode, from here: https://certbot-dns-azure.readthedocs.io/en/latest/
Certbot version is: 1.32.1 Ubuntu Server 18.04
It seems that this issue is related to this problem: https://stackoverflow.com/questions/67845857/can-a-user-assigned-managed-identity-be-used-locally
We are running certbot on a non-azure virtual machine. And on Line 152 of dns_azure.py we find:
return ManagedIdentityCredential(client_id=msi_client_id)Perhaps it should use DefaultAzureCredential with the Client Id.
Thank you!