Documentation is unclear on when does the pip3 installation method succeed for certbot about certbot-dns-google-domains HOT 16 CLOSED

I apologize! Thank you for writing it!

from certbot-dns-google-domains.

it's not, just haven't renamed it

from certbot-dns-google-domains.

I apologize - I was using a Google Cloud API key instead of a Google Domains API key

from certbot-dns-google-domains.

First, thank you for this plugin! However, I'd have to agree with the OP on this. I've installed everything on Ubuntu 20.04 using the command (pip3 install certbot certbot-dns-google-domains) and it's not happy about the new google domain arguments.

"certbot: error: unrecognized arguments: --dns-google-domains-credentials..."

from certbot-dns-google-domains.

as an google employee i don´t think he made it in his free time ;-)

meanwhile i got it to work with the help of an very friendly bloke from reddit! thanks again!

docker run
-v '/local/folder/varlib:/var/lib/letsencrypt'
-v '/local/folder/etc:/etc/letsencrypt'
--cap-drop=all
ghcr.io/aaomidi/certbot-dns-google-domains:latest
certbot certonly
--noninteractive
--agree-tos
--email '[email protected]'
--authenticator 'dns-google-domains'
--dns-google-domains-credentials '/var/lib/letsencrypt/credentials.ini'
--server 'https://acme-v02.api.letsencrypt.org/directory'
-d 'a.example.com'

from certbot-dns-google-domains.

as an google employee i don´t think he made it in his free time ;-)

Actually did it in my free time 🥲

I'll try to add more documentation in the mean time! Thanks for the feedback.

from certbot-dns-google-domains.

Out of curiosity, are you saying that after you did pip3 install certbot certbot-dns-google-domains, you still got "certbot: error: unrecognized arguments: --dns-google-domains-credentials..."certbot: error: unrecognized arguments: --dns-google-domains-credentials...?

I'm looking to see where specifically I can improve the documentation.

from certbot-dns-google-domains.

So I did some testing, and I think if you did run that command and you received that error, there is something wrong with your python environment (which is why I put the docker solution on there before the pip3 model, just because python sucks).

Here's how I tested this on Ubuntu:

podman run --rm -it ubuntu /bin/bash # To get into a "fresh" ubuntu environment.

apt update

apt install python3-pip

pip3 install certbot certbot-dns-google-domains

certbot plugins

Output of certbot plugins.

certbot plugins
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* dns-google-domains
Description: NotImplemented
Interfaces: Authenticator, Plugin
Entry point: dns-google-domains =
certbot_dns_google_domains.dns_google_domains:Authenticator

* standalone
Description: Runs an HTTP server locally which serves the necessary validation
files under the /.well-known/acme-challenge/ request path. Suitable if there is
no HTTP server already running. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator

* webroot
Description: Saves the necessary validation files to a
.well-known/acme-challenge/ directory within the nominated webroot path. A
seperate HTTP server must be running and serving files from the webroot path.
HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

There's a lot one person can do to break their local python environment (e.g. wrong $PATH variable, multiple python versions installed and pip3 targeting the wrong one, etc).

I'm still open for suggestions on how I can improve documentation. However I draw the line at troubleshooting folk's local python installations.

from certbot-dns-google-domains.

Ok, so first, I sure hope Google paid you a good chunk of change since you added serious value to the Google Domains service offering! It's crazy to me that you did this on your own, I assumed it was a team of Google Developers who support the Google Domains service...

Second, I got this to work; it wasn't a Python issue but rather a certbot install issue; I had to go over and beyond to ensure no other instance of certbot was actually installed, then ran the pi3 install command, and it worked. The overkill commands are below (I can't reference the original site I found this on as I can't find the page again):

 sudo apt remove certbot* --purge  
 sudo apt-add-repository --remove ppa:certbot/certbot  
 sudo apt update  
 sudo snap remove certbot  
 sudo -H pip3 uninstall certbot*  
 pip3 uninstall certbot* 

I would just expand on the documentation a bit by letting folks know that unless you want to leverage a docker container, you can easily use pip3 to install the plugin and certbot, if you have never had certbot installed before, otherwise, ensure no other instance of certbot is installed using the commands above.

Again, had you not developed this plug-in, I was literally in the process of moving all my domains from Google to another company with support for DNS auth for Let's Encrypt.

from certbot-dns-google-domains.

I'm glad to hear that worked for you. Yeah I didn't consider how different package managers ship certbot themselves and it's probably not compatible with the plugin system 🤦🏾 .

That's a good idea to add to the documentation - I'll add it in that if they have certbot installed through any means other than pip3, it's not guaranteed to work.

And yeah, I'll emphasize that the docker method is probably the easiest way to go.

Cheers!

from certbot-dns-google-domains.

Please let me know if these updates to the documentation address this issue.

from certbot-dns-google-domains.

Looks good. Thank you for continuing to improve both the plug-in and the docs.

from certbot-dns-google-domains.

Closing this, thanks!

from certbot-dns-google-domains.

@aaomidi I am currently trying to use this with certbot but the provided documentation by certbot, google domains, and this plugin all seem to be quite dry. I have a the ACME DNS API configured and an API key for it. I've got the certbot environment set up, and able to make top level domain changes using the standalone mode. I can't figure out how to get this plugin to work for wildcard certs, though.

certbot certonly --authenticator dns-google-domains --dns-google-domains-credentials /etc/letsencrypt/live/dns.json --dns-google-domains-zone $TLD --non-interactive --agree-tos -m $EMAIL -d *.$TLD

Encountered exception during recovery: certbot.errors.PluginError: Unable to rotate DNS challenges: 400 Client Error: Bad Request for url: https://acmedns.googleapis.com/v1/acmeChallengeSets/DOMAIN:rotateChallenges Unable to rotate DNS challenges: 400 Client Error: Bad Request for url: https://acmedns.googleapis.com/v1/acmeChallengeSets/DOMAIN:rotateChallenges

from certbot-dns-google-domains.

Why is your credentials file a JSON file?

from certbot-dns-google-domains.

Cheers! Glad it's resolved. Sorry I was away for the past few days!

from certbot-dns-google-domains.