kappataumu / letsencrypt-cloudflare-hook Goto Github PK
View Code? Open in Web Editor NEWUse CloudFlare with dehydrated (formerly letsencrypt.sh) and DNS challenges
License: MIT License
letsencrypt-cloudflare-hook's People
Contributors
Stargazers
Watchers
Forkers
dynek phomias alisade bennettp123 charlesportwoodii themonkeyz polkaspots ftao hujinyong converge-io gcracker whi-tw semekh robocoder rhscz hsn723 marcoadasilvaa mylittletony puffin-iot denniseijpe kondi digitalrogues peters nh2 mr-fook wcpr740 harupiko xserveraws pjeby gmelillo joshgordon johnvillalovos x-server jensgutermuth hamravesh dgehri askedrelic beejhuff anonshellsllc chitoku-k thienphung joelmesser rstms presleyhank thoraxe sonywork thejhnz seattledevs tricrosoft isaackuang pkathro subi3wr3x msztolcman adetokunbo chrisvaf dazza76 gpittarelli swifilaboroka thomotron chpatrickletsencrypt-cloudflare-hook's Issues
Hook doent work!
Hello!
After some changes on cloudflare hook stopped working. Not it have issue:
+ 2 pending challenge(s)
+ Deploying challenge tokens...
+ CloudFlare hook executing: deploy_challenge
Traceback (most recent call last):
File "/etc/dehydrated/hooks/letsencrypt-cloudflare-hook.py", line 206, in <module>
main(sys.argv[1:])
File "/etc/dehydrated/hooks/letsencrypt-cloudflare-hook.py", line 203, in main
ops[argv[0]](argv[1:])
File "/etc/dehydrated/hooks/letsencrypt-cloudflare-hook.py", line 167, in create_all_txt_records
create_txt_record(args[i:i+X])
File "/etc/dehydrated/hooks/letsencrypt-cloudflare-hook.py", line 105, in create_txt_record
zone_id = _get_zone_id(domain)
File "/etc/dehydrated/hooks/letsencrypt-cloudflare-hook.py", line 83, in _get_zone_id
return r.json()['result'][0]['id']
IndexError: list index out of range
Problem in the cloudflare hook with new dehydrated client.
Getting an error with after updating dehydrated to new version.
- CloudFlare hook executing: startup_hook
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 203, in
main(sys.argv[1:])
File "hooks/cloudflare/hook.py", line 199, in main
opsargv[0]
KeyError: 'startup_hook'
Python 3.5.2
Requirement already satisfied: dnspython==1.15.0
Requirement already satisfied: future==0.15.2
Requirement already satisfied: requests==2.9.1
Requirement already satisfied: six==1.10.0
Requirement already satisfied: tld==0.7.6
: No such file or directory
Because hooks.py has dos line endings you get this error when trying to run the py hook script:
/usr/bin/env: python
: No such file or directory
Please change the line endings to unix style.
(either that or I have something set wrong in my git client and somehow git is changing the line endings to crlf on checkout. But as far as I can tell I don't have core.autocrlf set to true)
On deploy_challenge "IndexError: list index out of range"
When I try to renew a certificate, the following happens:
Processing vpn.staging-wanderio.com
- Checking domain name(s) of existing cert... unchanged.
- Checking expire date of existing cert...
- Valid till Jan 10 15:19:00 2017 GMT (Less than 30 days). Renewing!
- Signing domains...
- Generating private key...
- Generating signing request...
- Requesting challenge for vpn.staging-wanderio.com...
- CloudFlare hook executing: deploy_challenge
Traceback (most recent call last):
File "cloudflare_hook/hook.py", line 196, in
main(sys.argv[1:])
File "cloudflare_hook/hook.py", line 192, in main
opsargv[0]
File "cloudflare_hook/hook.py", line 165, in create_all_txt_records
create_txt_record(args[i:i+X])
File "cloudflare_hook/hook.py", line 103, in create_txt_record
zone_id = _get_zone_id(domain)
File "cloudflare_hook/hook.py", line 81, in _get_zone_id
return r.json()['result'][0]['id']
IndexError: list index out of range
This has worked in the past, but all of a sudden in broke (a change in CF API?).
CF_EMAIL and CF_KEY are exported in the environment in which the script runs
ImportError: No module named builtins
Ubuntu Server 16.04 x64
Installed following readme file, used pip3 install -r hooks/cloudflare/requirements.txt to install dependencies.
./dehydrated -c -d [domain] -t dns-01 -k 'hooks/cloudflare/hook.py'
# INFO: Using main config file /root/dehydrated/config
Processing [domain]
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for [domain]...
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 8, in <module>
from builtins import str
ImportError: No module named builtins
Cannot create a certificate for my domain / deploy_challenge crash
Hi!
We have two domain and we are unable to create certificates for one of them.
Domain 1 : montreal.ca
Domain 2: ville.montreal.qc.ca
I can create what I want for the "montreal.ca" domain. Like "test.montreal.ca", "test.api.montreal.ca", etc.
BUT I can't create any certificate for "ville.montreal.qc.ca". Entries like "test.ville.montreal.qc.ca" or "test.api.ville.montreal.qc.ca" cannot be made.
I gen the following error.
INFO: Using main config file /etc/dehydrated/config
INFO: Using additional config file /etc/dehydrated/conf.d/local.sh
- CloudFlare hook executing: startup_hook
Processing kronos.ville.montreal.qc.ca - Creating new directory /etc/dehydrated/certs/kronos.ville.montreal.qc.ca ...
- Signing domains...
- Generating private key...
- Generating signing request...
- Requesting new certificate order from CA...
- Received 1 authorizations URLs from the CA
- Handling authorization for kronos.ville.montreal.qc.ca
- 1 pending challenge(s)
- Deploying challenge tokens...
- CloudFlare hook executing: deploy_challenge
- Creating TXT record: kronos.ville.montreal.qc.ca => AvrujpuBA5Hpl681oDSae67EHHJ8DvNiHbuhThteW24
- Challenge: mrM0VGPAwi3LO3nhr46j7p6aRZHmjlrlu4Kq9vS0AaI
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 206, in
main(sys.argv[1:])
File "hooks/cloudflare/hook.py", line 203, in main
opsargv[0]
File "hooks/cloudflare/hook.py", line 167, in create_all_txt_records
create_txt_record(args[i:i+X])
File "hooks/cloudflare/hook.py", line 105, in create_txt_record
zone_id = _get_zone_id(domain)
File "hooks/cloudflare/hook.py", line 83, in _get_zone_id
return r.json()['result'][0]['id']
IndexError: list index out of range - CloudFlare hook executing: exit_hook
Anyone can help ?
Thanks.
Add TLSA/DANE record?
Hi,
Would it be possible to also add a TLSA record for the aquired certs to Cloudflare?
bytes != str in Python 3
https://github.com/kappataumu/letsencrypt-cloudflare-hook/blob/master/hook.py#L70
This will never be true in Python 3 because token is a 'str' but txt_record is 'bytes'.
KeyError: 'startup_hook'
The main dehydrated project was updated such that startup_hook needs to be defined within hooks to contain staging code, etc. As-is you receive the following when on the latest master of dehydrated.
+ CloudFlare hook executing: startup_hook
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 203, in <module>
main(sys.argv[1:])
File "hooks/cloudflare/hook.py", line 199, in main
ops[argv[0]](argv[1:])
KeyError: 'startup_hook'
This is worked around by having the call defined, even if left empty, as such:
@@ -181,6 +181,8 @@ def delete_all_txt_records(args):
for i in range(0, len(args), X):
delete_txt_record(args[i:i+X])
+def startup_hook(args):
+ return
def exit_hook(args):
return
@@ -193,6 +195,7 @@ def main(argv):
'deploy_cert' : deploy_cert,
'unchanged_cert' : unchanged_cert,
'invalid_challenge': invalid_challenge,
+ 'startup_hook': startup_hook,
'exit_hook': exit_hook
}
logger.info(" + CloudFlare hook executing: {0}".format(argv[0]))
You may want to shuffle around more things though.
ImportError: No module named urllib3.contrib.pyopenssl
โ dehydrated git:(master) โ ./dehydrated -c -d xxxxxx.org -t dns-01 -k 'hooks/cloudflare/hook.py'
INFO: Using main config file /root/dehydrated/config
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 30, in
import urllib3.contrib.pyopenssl
ImportError: No module named urllib3.contrib.pyopenssl
SyntaxError: invalid syntax
I have Python 2.7.6 running on a (somewhat) fresh install of ubuntu 14.04
$ ./letsencrypt.sh -c -d mydomain.com -t dns-01 -k 'hooks/cloudflare/hook.py'
#
# !! WARNING !! No main config file found, using default config!
#
+ Generating account key...
+ Registering account key with letsencrypt...
Processing mydomain.com
+ Signing domains...
+ Creating new directory /home/user/letsencrypt.sh/certs/mydomain.com ...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for mydomain.com...
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 14, in <module>
import dns.resolver
File "/usr/local/lib/python2.7/dist-packages/dns/resolver.py", line 35, in <module>
import dns.message
File "/usr/local/lib/python2.7/dist-packages/dns/message.py", line 191
print('id %d' % self.id, file=s)
^
SyntaxError: invalid syntax
These are the steps I took before this error occurred:
$ git clone https://github.com/lukas2511/letsencrypt.sh
$ cd letsencrypt.sh
$ mkdir hooks
$ git clone https://github.com/kappataumu/letsencrypt-cloudflare-hook hooks/cloudflare
$ pip install -r hooks/cloudflare/requirements-python-2.txt
$ export CF_EMAIL='[email protected]'
$ export CF_KEY='cloudflare_certificates_api_key'
Getting a 403 error
I'm not sure if this is something that I've changed on the Cloudflare side, or if something changed in the API. I'm getting a 403 error when I try to generate new certs with dehydrated -c.
Traceback (most recent call last):
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 206, in <module>
main(sys.argv[1:])
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 203, in main
ops[argv[0]](argv[1:])
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 167, in create_all_txt_records
create_txt_record(args[i:i+X])
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 105, in create_txt_record
zone_id = _get_zone_id(domain)
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 82, in _get_zone_id
r.raise_for_status()
File "/home/user/.conda/envs/acme/lib/python3.6/site-packages/requests/models.py", line 840, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://api.cloudflare.com/client/v4/zones?name=domain.tld
Invalid Challenge Added to Dehydrated
In Dehydrated Commit: 318cf20 the new invalid_challenge hook was added. This breaks the letsencrypt-cloudflare-hook.
Adding the following to hooks.py resolves this issue. This does not handle the invalid_challenge in any way. It simply allows the hook to return:
def invalid_challenge(args):
return
def main(argv):
ops = {
'deploy_challenge': create_all_txt_records,
'clean_challenge' : delete_all_txt_records,
'deploy_cert' : deploy_cert,
'unchanged_cert' : unchanged_cert,
'invalid_challenge': invalid_challenge,
}
logger.info(" + CloudFlare hook executing: {0}".format(argv[0]))
ops[argv[0]](argv[1:])
ImportError: No module named builtins
I tried to get it working on my MacOS machine using python 2.7.12. But all I get is:
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 8, in <module>
from builtins import str
ImportError: No module named builtins
I also installed the future lib using pip install future but it doesn't seem to help. Does the hook work with this python version or do I miss something?
acme/new-authz returns [500] error
Hello,
Just faced this issue:
+ ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-authz (Status 500)
Details:
<HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>
An error occurred while processing your request.<p>
Reference #179.7941160.1492661366.abef6c5
</BODY></HTML>
+ CloudFlare hook executing: request_failure
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 203, in <module>
main(sys.argv[1:])
File "hooks/cloudflare/hook.py", line 199, in main
ops[argv[0]](argv[1:])
KeyError: 'request_failure'
I'm using let's encrypt for long time, and recently decided to change validation method to DNS.
Thank you for great lib, hope we can solve it /
idna uninstalling
Hello, I'm using commit a3c899d26e79cfa45e873dacbe85169cf84ea910 and running
pip install -I -r hooks/cloudflare/requirements-python-2.txt
This is the output:
Cloning into 'hooks/cloudflare'...
Collecting cffi==1.5.0 (from -r hooks/cloudflare/requirements-python-2.txt (line 1))
Downloading cffi-1.5.0.tar.gz (385kB)
Collecting cryptography==1.2.3 (from -r hooks/cloudflare/requirements-python-2.txt (line 2))
Downloading cryptography-1.2.3.tar.gz (373kB)
Collecting dnspython==1.15.0 (from -r hooks/cloudflare/requirements-python-2.txt (line 3))
Downloading dnspython-1.15.0-py2.py3-none-any.whl (177kB)
Collecting enum34==1.1.2 (from -r hooks/cloudflare/requirements-python-2.txt (line 4))
Downloading enum34-1.1.2.tar.gz (46kB)
Collecting future==0.15.2 (from -r hooks/cloudflare/requirements-python-2.txt (line 5))
Downloading future-0.15.2.tar.gz (1.6MB)
Collecting idna==2.0 (from -r hooks/cloudflare/requirements-python-2.txt (line 6))
Downloading idna-2.0-py2.py3-none-any.whl (61kB)
Collecting ipaddress==1.0.16 (from -r hooks/cloudflare/requirements-python-2.txt (line 7))
Downloading ipaddress-1.0.16-py27-none-any.whl
Collecting ndg-httpsclient==0.4.0 (from -r hooks/cloudflare/requirements-python-2.txt (line 8))
Downloading ndg_httpsclient-0.4.0.tar.gz
Collecting pyasn1==0.1.9 (from -r hooks/cloudflare/requirements-python-2.txt (line 9))
Downloading pyasn1-0.1.9-py2.py3-none-any.whl
Collecting pycparser==2.14 (from -r hooks/cloudflare/requirements-python-2.txt (line 10))
Downloading pycparser-2.14.tar.gz (223kB)
Collecting pyOpenSSL==0.15.1 (from -r hooks/cloudflare/requirements-python-2.txt (line 11))
Downloading pyOpenSSL-0.15.1-py2.py3-none-any.whl (102kB)
Collecting requests==2.9.1 (from -r hooks/cloudflare/requirements-python-2.txt (line 12))
Downloading requests-2.9.1-py2.py3-none-any.whl (501kB)
Collecting six==1.10.0 (from -r hooks/cloudflare/requirements-python-2.txt (line 13))
Downloading six-1.10.0-py2.py3-none-any.whl
Collecting tld==0.7.6 (from -r hooks/cloudflare/requirements-python-2.txt (line 14))
Downloading tld-0.7.6-py2.py3-none-any.whl (147kB)
Collecting wheel==0.28.0 (from -r hooks/cloudflare/requirements-python-2.txt (line 15))
Downloading wheel-0.28.0-py2.py3-none-any.whl (179kB)
Requirement already satisfied (use --upgrade to upgrade): setuptools>=1.0 in /usr/lib/python2.7/site-packages (from cryptography==1.2.3->-r hooks/cloudflare/requirements-python-2.txt (line 2))
Installing collected packages: pycparser, cffi, idna, pyasn1, six, enum34, ipaddress, cryptography, dnspython, future, pyOpenSSL, ndg-httpsclient, requests, tld, wheel
Found existing installation: pycparser 2.18
Uninstalling pycparser-2.18:
Successfully uninstalled pycparser-2.18
Running setup.py install for pycparser
Found existing installation: cffi 1.11.0
Uninstalling cffi-1.11.0:
Successfully uninstalled cffi-1.11.0
Running setup.py install for cffi
Found existing installation: idna 2.6
Uninstalling idna-2.6:
Successfully uninstalled idna-2.6
Rolling back uninstall of idna
Exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/pip/basecommand.py", line 211, in main
status = self.run(options, args)
File "/usr/lib/python2.7/site-packages/pip/commands/install.py", line 311, in run
root=options.root_path,
File "/usr/lib/python2.7/site-packages/pip/req/req_set.py", line 646, in install
**kwargs
File "/usr/lib/python2.7/site-packages/pip/req/req_install.py", line 803, in install
self.move_wheel_files(self.source_dir, root=root)
File "/usr/lib/python2.7/site-packages/pip/req/req_install.py", line 998, in move_wheel_files
isolated=self.isolated,
File "/usr/lib/python2.7/site-packages/pip/wheel.py", line 242, in move_wheel_files
name, user=user, home=home, root=root, isolated=isolated
File "/usr/lib/python2.7/site-packages/pip/locations.py", line 181, in distutils_scheme
d = Distribution(dist_args)
File "/usr/lib/python2.7/site-packages/setuptools/dist.py", line 269, in __init__
for ep in pkg_resources.iter_entry_points('distutils.setup_keywords'):
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 732, in iter_entry_points
entries = dist.get_entry_map(group)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2728, in get_entry_map
self._get_metadata('entry_points.txt'), self
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2458, in parse_map
for group, lines in data:
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3089, in split_sections
for line in yield_lines(s):
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2313, in yield_lines
for ss in strs:
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2653, in _get_metadata
if self.has_metadata(name):
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1629, in has_metadata
return self.egg_info and self._has(self._fn(self.egg_info, name))
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1987, in _has
return zip_path in self.zipinfo or zip_path in self._index()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1867, in zipinfo
return self._zip_manifests.load(self.loader.archive)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1807, in load
mtime = os.stat(path).st_mtime
OSError: [Errno 2] No such file or directory: '/usr/lib/python2.7/site-packages/idna-2.6-py2.7.egg'
So, even though idna is in the requirements, something is making it uninstall. Any pointers?
Resolved issues
I created a hook for the Hover.com registrar based on this great work. I ran into a couple issues in testing on various environments and wanted to contribute back the solutions I found. Both are issues caused by upstream bugs that I wasn't able to work around with the latest version even though the threads imply they are fixed:
First: Some version of Ubuntu don't like the package path of inject_into_urllib3(), I tried all the workarounds involving updates and none worked on my Ubuntu box, the solution I came up with is benign for unaffected users:
# Enable verified HTTPS requests on older Pythons
# http://urllib3.readthedocs.org/en/latest/security.html
if sys.version_info[0] == 2:
try:
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3()
except AttributeError:
# see https://github.com/certbot/certbot/issues/1883
import urllib3.contrib.pyopenssl
urllib3.contrib.pyopenssl.inject_into_urllib3()
Second: I think you inherited this issue from letsencrypt's python certbot, dns.resolver has/had a bug when they went to single source for Py 2 & 3 around byte strings coming back from dns.resolver.query(name, 'TXT')
for rdata in dns_response:
for txt_record in rdata.strings:
logger.debug("Found TXT record with the value: '%s'" % txt_record)
# see https://groups.google.com/d/topic/dnspython-users/bKi_bxL48rI/discussion
if hasattr(txt_record, 'decode'):
txt_record = txt_record.decode("utf-8")
txt_records.append(txt_record)
Thanks for the great script to work from.
-Mike
400 Client Error: Bad Request for url: https://api.cloudflare.com/client/v4/zones/...
Hi,
Not sure what am I doing wrong here, everything worked fine before I did a git pull to refresh the hook to the latest one.
* CloudFlare hook executing: deploy_challenge
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 176, in <module>
main(sys.argv[1:])
File "hooks/cloudflare/hook.py", line 172, in main
ops[argv[0]](argv[1:])
File "hooks/cloudflare/hook.py", line 148, in create_all_txt_records
create_txt_record(args[i:i+X])
File "hooks/cloudflare/hook.py", line 112, in create_txt_record
r.raise_for_status()
File "/usr/lib/python3.5/site-packages/requests/models.py", line 840, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://api.cloudflare.com/client/v4/zones/e8ef854e*snip*3867137/dns_records
Running this on Oracle Linux Server 6.8 and tried with both python2.7 and python3.5.
CF_* env is setup correctly as those settings have not changed since last I run them.
Thanks.
Expiration Notices
This little tool has alleviated so many headaches, so thank you for creating and releasing this!
One thing I was curious about, is would it be possible to add the ability to submit your email when generating certificates so that LetsEncrypt can send you reminders when the certificate is about to expire?
I do understand that you suggested to have this run as a cronjob, which in most cases would be ideal. However for a couple use cases of mine, it would be nice to receive an expiration notice so I only need to manually run the script when necessary.
If that's not possible or you don't see any point, that's completely fine! Just thought I'd ask. Thanks again!
cloudflare/hook.py: No such file or directory
#
# !! WARNING !! No main config file found, using default config!
#
Processing foo.com
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for foo.com...
./letsencrypt.sh: line 425: python ~/letsencrypt.sh/hooks/cloudflare/hook.py: No such file or directory
deploy@x:~/letsencrypt.sh$ python ~/letsencrypt.sh/hooks/cloudflare/hook.py
+ Unable to locate Cloudflare credentials in environment!
Whats is problem?
PS: I changed URL to foo.com only this issue.
Crashes if domain does not exist
Issue: If a domain is missing from CloudFlare then the hook crashes, taking out the ongoing process and preventing attempts for other domains.
Cause: It might seem odd one but I host website for other people and sometimes they remove the site without warning, as happened with one site. The issue then was that when my cron task checked the domain list that included this domain and others it would try this problematic domain and CloudFlare had removed the site. The hook.py then crashed and all other domains in my domain list file get ignored.
Proposed Fix: If CloudFlare returns a null for a website, fail the verification rather than crashing so other sites can still be processed correctly.
Stack Trace:
Traceback (most recent call last):
File "/data/am/dehydrated/hooks/cloudflare/hook.py", line 203, in <module>
main(sys.argv[1:])
File "/data/am/dehydrated/hooks/cloudflare/hook.py", line 199, in main
ops[argv[0]](argv[1:])
File "/data/am/dehydrated/hooks/cloudflare/hook.py", line 167, in create_all_txt_records
create_txt_record(args[i:i+X])
File "/data/am/dehydrated/hooks/cloudflare/hook.py", line 105, in create_txt_record
zone_id = _get_zone_id(domain)
File "/data/am/dehydrated/hooks/cloudflare/hook.py", line 83, in _get_zone_id
return r.json()['result'][0]['id']
IndexError: list index out of range
Config File:
CHALLENGETYPE="dns-01"
DOMAINS_TXT="${BASEDIR}/domains"
HOOK="/data/am/dehydrated/hooks/cloudflare/hook.py"
CONTACT_EMAIL="x@y"
export CF_EMAIL=x@y
export CF_KEY=12345
Domains File:
working.com www.working.com
autoremovedfromcloudflare.com www.autoremovedfromcloudflare.com
example.com www.example.com
In this Domains File example.com is never processed due to crash with previous domain
Hope this makes sense. And thank you for your script - it's an amazing help!
nxdomain cached in between
Hey!
Thanks a bunch for your work!
I do have a question: shouldn't create_txt_record be waiting a couple a seconds so that cloudflare "settles down" with the newly created record?
It seems it's being checked a little too quickly resulting in dns cache(s) in between caching nxdomain for the record. Then SOA TTL has to expire before it goes on.
Thank you
syntax error when executing letsencrypt.sh
hi!
When I try to generate the certificates, after following carefully all the points in the readme file, I get this error:
# ./letsencrypt.sh -c -d mydomain.net -t dns-01 -k 'hooks/cloudflare/hook.py'
#
# !! WARNING !! No main config file found, using default config!
#
Processing debianhackers.net
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for mydomain.net...
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 14, in <module>
import dns.resolver
File "/usr/local/lib/python2.7/dist-packages/dns/resolver.py", line 35, in <module>
import dns.message
File "/usr/local/lib/python2.7/dist-packages/dns/message.py", line 191
print('id %d' % self.id, file=s)
^
SyntaxError: invalid syntax
I've been trying the error unsuccessfully.
Any idea what's going on?
thanks!
Use 120 seconds TTL instead of 1
1 means "automatic TTL", which according to the CloudFlare docs means 5 minutes.
Changing to 120 seconds can reduce the waiting time.
variables not read from config file
I cannot see how the CF_ variables are read from the config file. Dehydrated doesn't seem to do this (anymore?): "BASEDIR and WELLKNOWN variables are exported and can be used in an external program". As a result I'm running into the error message "Unable to locate Cloudflare credentials in environment" although they are in the config file.
invalid_challenge: "Correct value not found for DNS challenge"
I installed all prerequisites as mentioned in the README and then exported the following
export CF_EMAIL=<MY_CF_EMAIL>
export CF_KEY=<MY_CF_API_KEY>
export CF_DEBUG=true
export CF_DNS_SERVERS='8.8.8.8 8.8.4.4'
Then executed the following below which eventually failed. I note that I could see the new TXT records were in fact generated and deleted (I was refreshing my CloudFlare dashboard and was seeing them appear) ... but for some reason the challenge failed. Is it a DNS propagation issue? Any other clues?
# dehydrated/dehydrated -c -t dns-01 -k -d DOMAIN.TLD -d mail.DOMAIN.TLD -d www.DOMAIN.TLD dehydrated/hooks/cloudflare/hook.py
# INFO: Using main config file /root/dehydrated/config
Processing DOMAIN.TLD with alternative names: mail.DOMAIN.TLD www.DOMAIN.TLD
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for DOMAIN.TLD...
+ Requesting challenge for mail.DOMAIN.TLD...
+ Requesting challenge for www.DOMAIN.TLD...
+ CloudFlare hook executing: deploy_challenge
+ Creating TXT record: DOMAIN.TLD => kIcGIJTbYgjfXoLrfEBfsrFj4VjtQMfEehTjKAZMNWM
+ Unable to locate record named _acme-challenge.DOMAIN.TLD
+ TXT record created, ID: b3b68cead9fed0252a2cf327b15941fc
+ Settling down for 10s...
+ Responding to challenge for DOMAIN.TLD...
+ CloudFlare hook executing: clean_challenge
+ Deleting TXT record name: _acme-challenge.DOMAIN.TLD
+ CloudFlare hook executing: invalid_challenge
+ CloudFlare hook executing: deploy_challenge
+ Creating TXT record: mail.DOMAIN.TLD => WY37eSk0fYz8HOXfLo4PlPZ3fYdh6RUfEnqR484-4_Y
+ Unable to locate record named _acme-challenge.mail.DOMAIN.TLD
+ TXT record created, ID: 8b642ad0cef522c9e633439b5e50a602
+ Settling down for 10s...
+ Responding to challenge for mail.DOMAIN.TLD...
+ CloudFlare hook executing: clean_challenge
+ Deleting TXT record name: _acme-challenge.mail.DOMAIN.TLD
+ CloudFlare hook executing: invalid_challenge
+ CloudFlare hook executing: deploy_challenge
+ Creating TXT record: www.DOMAIN.TLD => pVVB-_LekLUCcXNx-k1XSNUIgTcrVQrfGBZOlloHEFM
+ Unable to locate record named _acme-challenge.www.DOMAIN.TLD
+ TXT record created, ID: 6976f699bde7a05ee6a93fc1e0d02c68
+ Settling down for 10s...
+ Responding to challenge for www.DOMAIN.TLD...
+ CloudFlare hook executing: clean_challenge
+ Deleting TXT record name: _acme-challenge.www.DOMAIN.TLD
+ CloudFlare hook executing: invalid_challenge
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Correct value not found for DNS challenge",
"status": 403
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/5rkcG4LZEKNo_CDlkUHr0gjs1BrhJp5CbbsJjE2y4ws/446249521",
"token": "5qRUM02cxrTBBusrd-S4nKjczrFz8p3-k6dvbZ3Adbw",
"keyAuthorization": "5qRUM02cxrTBBusrd-S4nKjczrFz8p3-k6dvbZ3Adbw.B5SOsPgZwhlOngI1kKY1iLN_1jkjJ-Y7idMO1bvsbJE"
})
Getting stuck at: + CloudFlare hook executing: deploy_challenge
Hi, I opened an issue before and resolved the issue. I was able to create a few new certs successfully. I've tried the same script again on a new domain (on the same server as before) and I'm getting this error:
# INFO: Using main config file /home/user/letsencrypt.sh/config.sh
Processing mydomain.com
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for mydomain.com...
+ CloudFlare hook executing: deploy_challenge
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 157, in <module>
main(sys.argv[1:])
File "hooks/cloudflare/hook.py", line 153, in main
ops[argv[0]](argv[1:])
File "hooks/cloudflare/hook.py", line 96, in create_txt_record
zone_id = _get_zone_id(domain)
File "hooks/cloudflare/hook.py", line 75, in _get_zone_id
r.raise_for_status()
File "/usr/local/lib/python2.7/dist-packages/requests/models.py", line 840, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://api.cloudflare.com/client/v4/zones?name=mydomain.com
DNS not propagated
In trying to update a certification, the hook just keeps printing the + DNS not propagated, waiting 30s... error. When I go to my Cloudflare account, the TXT has been successfully added. Waiting doesn't help. It has run for several hours without picking up the record.
Error on unknown hooks
HTTPError: 400 Client Error: Bad Request for url: https://api.cloudflare.com/client/v4/zones
I'm configuring dehydrated with CloudFlare but getting following error.
I would be very happy if anyone can quick help.
ENV-Python-3.5
+ CloudFlare hook executing: deploy_challenge
Traceback (most recent call last):
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 206, in <module>
main(sys.argv[1:])
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 203, in main
ops[argv[0]](argv[1:])
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 167, in create_all_txt_records
create_txt_record(args[i:i+X])
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 105, in create_txt_record
zone_id = _get_zone_id(domain)
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 82, in _get_zone_id
r.raise_for_status()
File "/usr/lib/python3/dist-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://api.cloudflare.com/client/v4/zones?name=space
Error after successful run
I get this error at the end of a seemingly successful run.
+ CloudFlare hook executing: exit_hook Traceback (most recent call last): File "/etc/dehydrated/hooks/cloudflare/hook.py", line 157, in <module> main(sys.argv[1:]) File "/etc/dehydrated/hooks/cloudflare/hook.py", line 153, in main ops[argv[0]](argv[1:]) KeyError: 'exit_hook'
Am using:
dehydrated.noarch 0.4.0-5.el7 @epel
KeyError cloudflare
./dehydrated -c -d example.etc -t dns-01 -k 'hooks/cloudflare/hook.py'`
# INFO: Using main config file /root/dehydrated/config
+ CloudFlare hook executing: *some key*
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 206, in <module>
main(sys.argv[1:])
File "hooks/cloudflare/hook.py", line 202, in main
ops[argv[0]](argv[1:])
KeyError: '*some key*=='
SyntaxError: invalid syntax
In the attached file, you can see the command (taken from the README), and all its output. I don't understand why it's so dumb. :(
File: error.txt
Emit a warning upon encountering an unknown hook instead of simply failing
From here.
Been getting 'DNS not propagated, waiting 30s'
Hi I can't seem to get past this message:
+ DNS not propagated, waiting 30s...
+ DNS not propagated, waiting 30s...
...
It's been going on for about an hour. Why does this happens and is there a way I can speed it up?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.