certbot: error: unrecognized arguments: --dns-gandi-credentials /etc/letsencrypt/gandi.ini #45
Comments
|
I'm seeing this on a Raspberry Pi Zero 2 W. I can't find a discreet Pi OS version, but /etc/debian_version shows 11.8, and the APT sources.list says bullseye. The packaged version of certbot is 1.12.0, and the packaged version of this plugin is 1.2.5-3 $ apt list --installed '*certbot*'
Listing... Done
certbot/oldstable,now 1.12.0-2 all [installed,automatic]
python3-certbot-dns-gandi/oldstable,now 1.2.5-3 all [installed]
python3-certbot/oldstable,now 1.12.0-2 all [installed]@obynio @HLFH can someone triage this (after the holidays, of course) |
|
Actually looking at the README from the 1.2.5 tag I was able to sort things out. Using the commands from that version gives me this error Missing property in credentials configuration file /etc/letsencrypt/gandi/gandi.ini:
* Property "certbot_plugin_gandi:dns_api_key" not found (should be API key for Gandi account).So I updated my /etc/letsencrypt/gandi/gandi.ini to have that property, but with my personal access token (I don't have a livedns api key since they're deprecated), and that results in this $ sudo certbot certonly -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials /etc/letsencrypt/gandi/gandi.ini -d pi-1.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugin legacy name certbot-plugin-gandi:dns may be removed in a future version. Please use dns instead.
Plugins selected: Authenticator certbot-plugin-gandi:dns, Installer None
Requesting a certificate for pi-1.example.com
Performing the following challenges:
dns-01 challenge for pi-1.example.com
Cleaning up challenges
Unable to find or delete the DNS TXT record: Unable to get base domain for "pi-1.example.com"
An error occurred adding the DNS TXT record: Unable to get base domain for "pi-1.example.com"So maybe v1.2.5 doesn't support Gandi's access tokens. Reverting my gandi.ini file, uninstalling the python3-certbot-dns-gandi APT package, and installing the latest 1.5.0 via PIP (I'm generally pretty loath to globally installing packages with PIP, as it has a tendency to clobber other system-managed Python libraries and break other important system tools, but in this case there were no dependencies needing any updates) and now it's working. |
|
Hello, yes indeed the only official update channel as of now is PIP. Unfortunately I do not own control over the debian package so I can't update it to the latest version :( |
root@www:/etc/letsencrypt# certbot certonly --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi.ini -d mydomain.tld
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --dns-gandi-credentials /etc/letsencrypt/gandi.ini
root@www:/etc/letsencrypt# apt search livedns
Sorting... Done
Full Text Search... Done
python3-certbot-dns-gandi/stable,now 1.2.5-3 all [installed]
Gandi LiveDNS plugin for Certbot
The text was updated successfully, but these errors were encountered: