kappataumu / letsencrypt-cloudflare-hook Goto Github PK
View Code? Open in Web Editor NEWUse CloudFlare with dehydrated (formerly letsencrypt.sh) and DNS challenges
License: MIT License
Use CloudFlare with dehydrated (formerly letsencrypt.sh) and DNS challenges
License: MIT License
Hello!
After some changes on cloudflare hook stopped working. Not it have issue:
+ 2 pending challenge(s)
+ Deploying challenge tokens...
+ CloudFlare hook executing: deploy_challenge
Traceback (most recent call last):
File "/etc/dehydrated/hooks/letsencrypt-cloudflare-hook.py", line 206, in <module>
main(sys.argv[1:])
File "/etc/dehydrated/hooks/letsencrypt-cloudflare-hook.py", line 203, in main
ops[argv[0]](argv[1:])
File "/etc/dehydrated/hooks/letsencrypt-cloudflare-hook.py", line 167, in create_all_txt_records
create_txt_record(args[i:i+X])
File "/etc/dehydrated/hooks/letsencrypt-cloudflare-hook.py", line 105, in create_txt_record
zone_id = _get_zone_id(domain)
File "/etc/dehydrated/hooks/letsencrypt-cloudflare-hook.py", line 83, in _get_zone_id
return r.json()['result'][0]['id']
IndexError: list index out of range
Getting an error with after updating dehydrated to new version.
Because hooks.py has dos line endings you get this error when trying to run the py hook script:
/usr/bin/env: python
: No such file or directory
Please change the line endings to unix style.
(either that or I have something set wrong in my git client and somehow git is changing the line endings to crlf on checkout. But as far as I can tell I don't have core.autocrlf set to true)
When I try to renew a certificate, the following happens:
Processing vpn.staging-wanderio.com
This has worked in the past, but all of a sudden in broke (a change in CF API?).
CF_EMAIL and CF_KEY are exported in the environment in which the script runs
Ubuntu Server 16.04 x64
Installed following readme file, used pip3 install -r hooks/cloudflare/requirements.txt
to install dependencies.
./dehydrated -c -d [domain] -t dns-01 -k 'hooks/cloudflare/hook.py'
# INFO: Using main config file /root/dehydrated/config
Processing [domain]
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for [domain]...
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 8, in <module>
from builtins import str
ImportError: No module named builtins
Hi!
We have two domain and we are unable to create certificates for one of them.
Domain 1 : montreal.ca
Domain 2: ville.montreal.qc.ca
I can create what I want for the "montreal.ca" domain. Like "test.montreal.ca", "test.api.montreal.ca", etc.
BUT I can't create any certificate for "ville.montreal.qc.ca". Entries like "test.ville.montreal.qc.ca" or "test.api.ville.montreal.qc.ca" cannot be made.
I gen the following error.
Anyone can help ?
Thanks.
Hi,
Would it be possible to also add a TLSA record for the aquired certs to Cloudflare?
https://github.com/kappataumu/letsencrypt-cloudflare-hook/blob/master/hook.py#L70
This will never be true in Python 3 because token is a 'str' but txt_record is 'bytes'.
The main dehydrated project was updated such that startup_hook needs to be defined within hooks to contain staging code, etc. As-is you receive the following when on the latest master of dehydrated.
+ CloudFlare hook executing: startup_hook
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 203, in <module>
main(sys.argv[1:])
File "hooks/cloudflare/hook.py", line 199, in main
ops[argv[0]](argv[1:])
KeyError: 'startup_hook'
This is worked around by having the call defined, even if left empty, as such:
@@ -181,6 +181,8 @@ def delete_all_txt_records(args):
for i in range(0, len(args), X):
delete_txt_record(args[i:i+X])
+def startup_hook(args):
+ return
def exit_hook(args):
return
@@ -193,6 +195,7 @@ def main(argv):
'deploy_cert' : deploy_cert,
'unchanged_cert' : unchanged_cert,
'invalid_challenge': invalid_challenge,
+ 'startup_hook': startup_hook,
'exit_hook': exit_hook
}
logger.info(" + CloudFlare hook executing: {0}".format(argv[0]))
You may want to shuffle around more things though.
โ dehydrated git:(master) โ ./dehydrated -c -d xxxxxx.org -t dns-01 -k 'hooks/cloudflare/hook.py'
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 30, in
import urllib3.contrib.pyopenssl
ImportError: No module named urllib3.contrib.pyopenssl
I have Python 2.7.6 running on a (somewhat) fresh install of ubuntu 14.04
$ ./letsencrypt.sh -c -d mydomain.com -t dns-01 -k 'hooks/cloudflare/hook.py'
#
# !! WARNING !! No main config file found, using default config!
#
+ Generating account key...
+ Registering account key with letsencrypt...
Processing mydomain.com
+ Signing domains...
+ Creating new directory /home/user/letsencrypt.sh/certs/mydomain.com ...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for mydomain.com...
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 14, in <module>
import dns.resolver
File "/usr/local/lib/python2.7/dist-packages/dns/resolver.py", line 35, in <module>
import dns.message
File "/usr/local/lib/python2.7/dist-packages/dns/message.py", line 191
print('id %d' % self.id, file=s)
^
SyntaxError: invalid syntax
These are the steps I took before this error occurred:
$ git clone https://github.com/lukas2511/letsencrypt.sh
$ cd letsencrypt.sh
$ mkdir hooks
$ git clone https://github.com/kappataumu/letsencrypt-cloudflare-hook hooks/cloudflare
$ pip install -r hooks/cloudflare/requirements-python-2.txt
$ export CF_EMAIL='[email protected]'
$ export CF_KEY='cloudflare_certificates_api_key'
I'm not sure if this is something that I've changed on the Cloudflare side, or if something changed in the API. I'm getting a 403 error when I try to generate new certs with dehydrated -c
.
Traceback (most recent call last):
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 206, in <module>
main(sys.argv[1:])
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 203, in main
ops[argv[0]](argv[1:])
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 167, in create_all_txt_records
create_txt_record(args[i:i+X])
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 105, in create_txt_record
zone_id = _get_zone_id(domain)
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 82, in _get_zone_id
r.raise_for_status()
File "/home/user/.conda/envs/acme/lib/python3.6/site-packages/requests/models.py", line 840, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://api.cloudflare.com/client/v4/zones?name=domain.tld
In Dehydrated Commit: 318cf20 the new invalid_challenge hook was added. This breaks the letsencrypt-cloudflare-hook.
Adding the following to hooks.py resolves this issue. This does not handle the invalid_challenge in any way. It simply allows the hook to return:
def invalid_challenge(args):
return
def main(argv):
ops = {
'deploy_challenge': create_all_txt_records,
'clean_challenge' : delete_all_txt_records,
'deploy_cert' : deploy_cert,
'unchanged_cert' : unchanged_cert,
'invalid_challenge': invalid_challenge,
}
logger.info(" + CloudFlare hook executing: {0}".format(argv[0]))
ops[argv[0]](argv[1:])
I tried to get it working on my MacOS machine using python 2.7.12. But all I get is:
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 8, in <module>
from builtins import str
ImportError: No module named builtins
I also installed the future lib using pip install future
but it doesn't seem to help. Does the hook work with this python version or do I miss something?
Hello,
Just faced this issue:
+ ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-authz (Status 500)
Details:
<HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>
An error occurred while processing your request.<p>
Reference #179.7941160.1492661366.abef6c5
</BODY></HTML>
+ CloudFlare hook executing: request_failure
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 203, in <module>
main(sys.argv[1:])
File "hooks/cloudflare/hook.py", line 199, in main
ops[argv[0]](argv[1:])
KeyError: 'request_failure'
I'm using let's encrypt for long time, and recently decided to change validation method to DNS.
Thank you for great lib, hope we can solve it /
Hello, I'm using commit a3c899d26e79cfa45e873dacbe85169cf84ea910
and running
pip install -I -r hooks/cloudflare/requirements-python-2.txt
This is the output:
Cloning into 'hooks/cloudflare'...
Collecting cffi==1.5.0 (from -r hooks/cloudflare/requirements-python-2.txt (line 1))
Downloading cffi-1.5.0.tar.gz (385kB)
Collecting cryptography==1.2.3 (from -r hooks/cloudflare/requirements-python-2.txt (line 2))
Downloading cryptography-1.2.3.tar.gz (373kB)
Collecting dnspython==1.15.0 (from -r hooks/cloudflare/requirements-python-2.txt (line 3))
Downloading dnspython-1.15.0-py2.py3-none-any.whl (177kB)
Collecting enum34==1.1.2 (from -r hooks/cloudflare/requirements-python-2.txt (line 4))
Downloading enum34-1.1.2.tar.gz (46kB)
Collecting future==0.15.2 (from -r hooks/cloudflare/requirements-python-2.txt (line 5))
Downloading future-0.15.2.tar.gz (1.6MB)
Collecting idna==2.0 (from -r hooks/cloudflare/requirements-python-2.txt (line 6))
Downloading idna-2.0-py2.py3-none-any.whl (61kB)
Collecting ipaddress==1.0.16 (from -r hooks/cloudflare/requirements-python-2.txt (line 7))
Downloading ipaddress-1.0.16-py27-none-any.whl
Collecting ndg-httpsclient==0.4.0 (from -r hooks/cloudflare/requirements-python-2.txt (line 8))
Downloading ndg_httpsclient-0.4.0.tar.gz
Collecting pyasn1==0.1.9 (from -r hooks/cloudflare/requirements-python-2.txt (line 9))
Downloading pyasn1-0.1.9-py2.py3-none-any.whl
Collecting pycparser==2.14 (from -r hooks/cloudflare/requirements-python-2.txt (line 10))
Downloading pycparser-2.14.tar.gz (223kB)
Collecting pyOpenSSL==0.15.1 (from -r hooks/cloudflare/requirements-python-2.txt (line 11))
Downloading pyOpenSSL-0.15.1-py2.py3-none-any.whl (102kB)
Collecting requests==2.9.1 (from -r hooks/cloudflare/requirements-python-2.txt (line 12))
Downloading requests-2.9.1-py2.py3-none-any.whl (501kB)
Collecting six==1.10.0 (from -r hooks/cloudflare/requirements-python-2.txt (line 13))
Downloading six-1.10.0-py2.py3-none-any.whl
Collecting tld==0.7.6 (from -r hooks/cloudflare/requirements-python-2.txt (line 14))
Downloading tld-0.7.6-py2.py3-none-any.whl (147kB)
Collecting wheel==0.28.0 (from -r hooks/cloudflare/requirements-python-2.txt (line 15))
Downloading wheel-0.28.0-py2.py3-none-any.whl (179kB)
Requirement already satisfied (use --upgrade to upgrade): setuptools>=1.0 in /usr/lib/python2.7/site-packages (from cryptography==1.2.3->-r hooks/cloudflare/requirements-python-2.txt (line 2))
Installing collected packages: pycparser, cffi, idna, pyasn1, six, enum34, ipaddress, cryptography, dnspython, future, pyOpenSSL, ndg-httpsclient, requests, tld, wheel
Found existing installation: pycparser 2.18
Uninstalling pycparser-2.18:
Successfully uninstalled pycparser-2.18
Running setup.py install for pycparser
Found existing installation: cffi 1.11.0
Uninstalling cffi-1.11.0:
Successfully uninstalled cffi-1.11.0
Running setup.py install for cffi
Found existing installation: idna 2.6
Uninstalling idna-2.6:
Successfully uninstalled idna-2.6
Rolling back uninstall of idna
Exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/pip/basecommand.py", line 211, in main
status = self.run(options, args)
File "/usr/lib/python2.7/site-packages/pip/commands/install.py", line 311, in run
root=options.root_path,
File "/usr/lib/python2.7/site-packages/pip/req/req_set.py", line 646, in install
**kwargs
File "/usr/lib/python2.7/site-packages/pip/req/req_install.py", line 803, in install
self.move_wheel_files(self.source_dir, root=root)
File "/usr/lib/python2.7/site-packages/pip/req/req_install.py", line 998, in move_wheel_files
isolated=self.isolated,
File "/usr/lib/python2.7/site-packages/pip/wheel.py", line 242, in move_wheel_files
name, user=user, home=home, root=root, isolated=isolated
File "/usr/lib/python2.7/site-packages/pip/locations.py", line 181, in distutils_scheme
d = Distribution(dist_args)
File "/usr/lib/python2.7/site-packages/setuptools/dist.py", line 269, in __init__
for ep in pkg_resources.iter_entry_points('distutils.setup_keywords'):
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 732, in iter_entry_points
entries = dist.get_entry_map(group)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2728, in get_entry_map
self._get_metadata('entry_points.txt'), self
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2458, in parse_map
for group, lines in data:
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3089, in split_sections
for line in yield_lines(s):
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2313, in yield_lines
for ss in strs:
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2653, in _get_metadata
if self.has_metadata(name):
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1629, in has_metadata
return self.egg_info and self._has(self._fn(self.egg_info, name))
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1987, in _has
return zip_path in self.zipinfo or zip_path in self._index()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1867, in zipinfo
return self._zip_manifests.load(self.loader.archive)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1807, in load
mtime = os.stat(path).st_mtime
OSError: [Errno 2] No such file or directory: '/usr/lib/python2.7/site-packages/idna-2.6-py2.7.egg'
So, even though idna
is in the requirements, something is making it uninstall. Any pointers?
I created a hook for the Hover.com registrar based on this great work. I ran into a couple issues in testing on various environments and wanted to contribute back the solutions I found. Both are issues caused by upstream bugs that I wasn't able to work around with the latest version even though the threads imply they are fixed:
First: Some version of Ubuntu don't like the package path of inject_into_urllib3(), I tried all the workarounds involving updates and none worked on my Ubuntu box, the solution I came up with is benign for unaffected users:
# Enable verified HTTPS requests on older Pythons
# http://urllib3.readthedocs.org/en/latest/security.html
if sys.version_info[0] == 2:
try:
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3()
except AttributeError:
# see https://github.com/certbot/certbot/issues/1883
import urllib3.contrib.pyopenssl
urllib3.contrib.pyopenssl.inject_into_urllib3()
Second: I think you inherited this issue from letsencrypt's python certbot, dns.resolver has/had a bug when they went to single source for Py 2 & 3 around byte strings coming back from dns.resolver.query(name, 'TXT')
for rdata in dns_response:
for txt_record in rdata.strings:
logger.debug("Found TXT record with the value: '%s'" % txt_record)
# see https://groups.google.com/d/topic/dnspython-users/bKi_bxL48rI/discussion
if hasattr(txt_record, 'decode'):
txt_record = txt_record.decode("utf-8")
txt_records.append(txt_record)
Thanks for the great script to work from.
-Mike
Hi,
Not sure what am I doing wrong here, everything worked fine before I did a git pull to refresh the hook to the latest one.
* CloudFlare hook executing: deploy_challenge
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 176, in <module>
main(sys.argv[1:])
File "hooks/cloudflare/hook.py", line 172, in main
ops[argv[0]](argv[1:])
File "hooks/cloudflare/hook.py", line 148, in create_all_txt_records
create_txt_record(args[i:i+X])
File "hooks/cloudflare/hook.py", line 112, in create_txt_record
r.raise_for_status()
File "/usr/lib/python3.5/site-packages/requests/models.py", line 840, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://api.cloudflare.com/client/v4/zones/e8ef854e*snip*3867137/dns_records
Running this on Oracle Linux Server 6.8 and tried with both python2.7 and python3.5.
CF_* env is setup correctly as those settings have not changed since last I run them.
Thanks.
This little tool has alleviated so many headaches, so thank you for creating and releasing this!
One thing I was curious about, is would it be possible to add the ability to submit your email when generating certificates so that LetsEncrypt can send you reminders when the certificate is about to expire?
I do understand that you suggested to have this run as a cronjob, which in most cases would be ideal. However for a couple use cases of mine, it would be nice to receive an expiration notice so I only need to manually run the script when necessary.
If that's not possible or you don't see any point, that's completely fine! Just thought I'd ask. Thanks again!
#
# !! WARNING !! No main config file found, using default config!
#
Processing foo.com
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for foo.com...
./letsencrypt.sh: line 425: python ~/letsencrypt.sh/hooks/cloudflare/hook.py: No such file or directory
deploy@x:~/letsencrypt.sh$ python ~/letsencrypt.sh/hooks/cloudflare/hook.py
+ Unable to locate Cloudflare credentials in environment!
Whats is problem?
PS: I changed URL to foo.com only this issue.
Issue: If a domain is missing from CloudFlare then the hook crashes, taking out the ongoing process and preventing attempts for other domains.
Cause: It might seem odd one but I host website for other people and sometimes they remove the site without warning, as happened with one site. The issue then was that when my cron task checked the domain list that included this domain and others it would try this problematic domain and CloudFlare had removed the site. The hook.py then crashed and all other domains in my domain list file get ignored.
Proposed Fix: If CloudFlare returns a null for a website, fail the verification rather than crashing so other sites can still be processed correctly.
Stack Trace:
Traceback (most recent call last):
File "/data/am/dehydrated/hooks/cloudflare/hook.py", line 203, in <module>
main(sys.argv[1:])
File "/data/am/dehydrated/hooks/cloudflare/hook.py", line 199, in main
ops[argv[0]](argv[1:])
File "/data/am/dehydrated/hooks/cloudflare/hook.py", line 167, in create_all_txt_records
create_txt_record(args[i:i+X])
File "/data/am/dehydrated/hooks/cloudflare/hook.py", line 105, in create_txt_record
zone_id = _get_zone_id(domain)
File "/data/am/dehydrated/hooks/cloudflare/hook.py", line 83, in _get_zone_id
return r.json()['result'][0]['id']
IndexError: list index out of range
Config File:
CHALLENGETYPE="dns-01"
DOMAINS_TXT="${BASEDIR}/domains"
HOOK="/data/am/dehydrated/hooks/cloudflare/hook.py"
CONTACT_EMAIL="x@y"
export CF_EMAIL=x@y
export CF_KEY=12345
Domains File:
working.com www.working.com
autoremovedfromcloudflare.com www.autoremovedfromcloudflare.com
example.com www.example.com
In this Domains File example.com is never processed due to crash with previous domain
Hope this makes sense. And thank you for your script - it's an amazing help!
Hey!
Thanks a bunch for your work!
I do have a question: shouldn't create_txt_record be waiting a couple a seconds so that cloudflare "settles down" with the newly created record?
It seems it's being checked a little too quickly resulting in dns cache(s) in between caching nxdomain for the record. Then SOA TTL has to expire before it goes on.
Thank you
hi!
When I try to generate the certificates, after following carefully all the points in the readme file, I get this error:
# ./letsencrypt.sh -c -d mydomain.net -t dns-01 -k 'hooks/cloudflare/hook.py'
#
# !! WARNING !! No main config file found, using default config!
#
Processing debianhackers.net
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for mydomain.net...
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 14, in <module>
import dns.resolver
File "/usr/local/lib/python2.7/dist-packages/dns/resolver.py", line 35, in <module>
import dns.message
File "/usr/local/lib/python2.7/dist-packages/dns/message.py", line 191
print('id %d' % self.id, file=s)
^
SyntaxError: invalid syntax
I've been trying the error unsuccessfully.
Any idea what's going on?
thanks!
1
means "automatic TTL", which according to the CloudFlare docs means 5 minutes
.
Changing to 120 seconds can reduce the waiting time.
I cannot see how the CF_ variables are read from the config file. Dehydrated doesn't seem to do this (anymore?): "BASEDIR and WELLKNOWN variables are exported and can be used in an external program". As a result I'm running into the error message "Unable to locate Cloudflare credentials in environment" although they are in the config file.
I installed all prerequisites as mentioned in the README and then exported the following
export CF_EMAIL=<MY_CF_EMAIL>
export CF_KEY=<MY_CF_API_KEY>
export CF_DEBUG=true
export CF_DNS_SERVERS='8.8.8.8 8.8.4.4'
Then executed the following below which eventually failed. I note that I could see the new TXT records were in fact generated and deleted (I was refreshing my CloudFlare dashboard and was seeing them appear) ... but for some reason the challenge failed. Is it a DNS propagation issue? Any other clues?
# dehydrated/dehydrated -c -t dns-01 -k -d DOMAIN.TLD -d mail.DOMAIN.TLD -d www.DOMAIN.TLD dehydrated/hooks/cloudflare/hook.py
# INFO: Using main config file /root/dehydrated/config
Processing DOMAIN.TLD with alternative names: mail.DOMAIN.TLD www.DOMAIN.TLD
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for DOMAIN.TLD...
+ Requesting challenge for mail.DOMAIN.TLD...
+ Requesting challenge for www.DOMAIN.TLD...
+ CloudFlare hook executing: deploy_challenge
+ Creating TXT record: DOMAIN.TLD => kIcGIJTbYgjfXoLrfEBfsrFj4VjtQMfEehTjKAZMNWM
+ Unable to locate record named _acme-challenge.DOMAIN.TLD
+ TXT record created, ID: b3b68cead9fed0252a2cf327b15941fc
+ Settling down for 10s...
+ Responding to challenge for DOMAIN.TLD...
+ CloudFlare hook executing: clean_challenge
+ Deleting TXT record name: _acme-challenge.DOMAIN.TLD
+ CloudFlare hook executing: invalid_challenge
+ CloudFlare hook executing: deploy_challenge
+ Creating TXT record: mail.DOMAIN.TLD => WY37eSk0fYz8HOXfLo4PlPZ3fYdh6RUfEnqR484-4_Y
+ Unable to locate record named _acme-challenge.mail.DOMAIN.TLD
+ TXT record created, ID: 8b642ad0cef522c9e633439b5e50a602
+ Settling down for 10s...
+ Responding to challenge for mail.DOMAIN.TLD...
+ CloudFlare hook executing: clean_challenge
+ Deleting TXT record name: _acme-challenge.mail.DOMAIN.TLD
+ CloudFlare hook executing: invalid_challenge
+ CloudFlare hook executing: deploy_challenge
+ Creating TXT record: www.DOMAIN.TLD => pVVB-_LekLUCcXNx-k1XSNUIgTcrVQrfGBZOlloHEFM
+ Unable to locate record named _acme-challenge.www.DOMAIN.TLD
+ TXT record created, ID: 6976f699bde7a05ee6a93fc1e0d02c68
+ Settling down for 10s...
+ Responding to challenge for www.DOMAIN.TLD...
+ CloudFlare hook executing: clean_challenge
+ Deleting TXT record name: _acme-challenge.www.DOMAIN.TLD
+ CloudFlare hook executing: invalid_challenge
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Correct value not found for DNS challenge",
"status": 403
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/5rkcG4LZEKNo_CDlkUHr0gjs1BrhJp5CbbsJjE2y4ws/446249521",
"token": "5qRUM02cxrTBBusrd-S4nKjczrFz8p3-k6dvbZ3Adbw",
"keyAuthorization": "5qRUM02cxrTBBusrd-S4nKjczrFz8p3-k6dvbZ3Adbw.B5SOsPgZwhlOngI1kKY1iLN_1jkjJ-Y7idMO1bvsbJE"
})
Hi, I opened an issue before and resolved the issue. I was able to create a few new certs successfully. I've tried the same script again on a new domain (on the same server as before) and I'm getting this error:
# INFO: Using main config file /home/user/letsencrypt.sh/config.sh
Processing mydomain.com
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for mydomain.com...
+ CloudFlare hook executing: deploy_challenge
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 157, in <module>
main(sys.argv[1:])
File "hooks/cloudflare/hook.py", line 153, in main
ops[argv[0]](argv[1:])
File "hooks/cloudflare/hook.py", line 96, in create_txt_record
zone_id = _get_zone_id(domain)
File "hooks/cloudflare/hook.py", line 75, in _get_zone_id
r.raise_for_status()
File "/usr/local/lib/python2.7/dist-packages/requests/models.py", line 840, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://api.cloudflare.com/client/v4/zones?name=mydomain.com
In trying to update a certification, the hook just keeps printing the + DNS not propagated, waiting 30s...
error. When I go to my Cloudflare account, the TXT has been successfully added. Waiting doesn't help. It has run for several hours without picking up the record.
I'm configuring dehydrated with CloudFlare but getting following error.
I would be very happy if anyone can quick help.
ENV-
Python-3.5
+ CloudFlare hook executing: deploy_challenge
Traceback (most recent call last):
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 206, in <module>
main(sys.argv[1:])
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 203, in main
ops[argv[0]](argv[1:])
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 167, in create_all_txt_records
create_txt_record(args[i:i+X])
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 105, in create_txt_record
zone_id = _get_zone_id(domain)
File "/opt/dehydrated/hooks/cloudflare/hook.py", line 82, in _get_zone_id
r.raise_for_status()
File "/usr/lib/python3/dist-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://api.cloudflare.com/client/v4/zones?name=space
I get this error at the end of a seemingly successful run.
+ CloudFlare hook executing: exit_hook Traceback (most recent call last): File "/etc/dehydrated/hooks/cloudflare/hook.py", line 157, in <module> main(sys.argv[1:]) File "/etc/dehydrated/hooks/cloudflare/hook.py", line 153, in main ops[argv[0]](argv[1:]) KeyError: 'exit_hook'
Am using:
dehydrated.noarch 0.4.0-5.el7 @epel
./dehydrated -c -d example.etc -t dns-01 -k 'hooks/cloudflare/hook.py'`
# INFO: Using main config file /root/dehydrated/config
+ CloudFlare hook executing: *some key*
Traceback (most recent call last):
File "hooks/cloudflare/hook.py", line 206, in <module>
main(sys.argv[1:])
File "hooks/cloudflare/hook.py", line 202, in main
ops[argv[0]](argv[1:])
KeyError: '*some key*=='
In the attached file, you can see the command (taken from the README), and all its output. I don't understand why it's so dumb. :(
File: error.txt
From here.
Hi I can't seem to get past this message:
+ DNS not propagated, waiting 30s...
+ DNS not propagated, waiting 30s...
...
It's been going on for about an hour. Why does this happens and is there a way I can speed it up?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.