mordred / certbot-plugin-websupport Goto Github PK

I was getting error Error determining zone_id: 401 and I was sure that I have credential correct. I tested few api calls on the other project and it worked. I compared your code with websupport examples, and find out that you don't explicitly set timezone in Date header. I think somehow my default timezone was messed up. Anyway, I changed line 208 in dns.py from
"Date": datetime.fromtimestamp(timestamp).isoformat()
to
"Date": datetime.fromtimestamp(timestamp, timezone.utc).isoformat()
and added import for timezone and it started working.
Probably add this fix to repository.

Hello,

I tried to generate cert, however en error occured:

`[vladikk@oasybri websupport]$ sudo certbot certonly -a certbot-plugin-websupport:dns --certbot-plugin-websupport:dns-credentials websupport.ini -d oasybri.autocar.sk

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator certbot-plugin-websupport:dns, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for oasybri.autocar.sk
Cleaning up challenges
Encountered exception during recovery:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3.6/site-packages/certbot/plugins/dns_common.py", line 57, in perform
self._perform(domain, validation_domain_name, validation)
File "/usr/local/lib/python3.6/site-packages/certbot_plugin_websupport/dns.py", line 57, in _perform
self._get_websupport_client().add_txt_record(domain, validation_name, validation, self.ttl)
File "/usr/local/lib/python3.6/site-packages/certbot_plugin_websupport/dns.py", line 87, in add_txt_record
zone_id = self._find_zone_id(domain)
File "/usr/local/lib/python3.6/site-packages/certbot_plugin_websupport/dns.py", line 159, in _find_zone_id
response = self._send_request('GET', '/v1/user/self/zone/{0}'.format(zone_id))
File "/usr/local/lib/python3.6/site-packages/certbot_plugin_websupport/dns.py", line 202, in _send_request
signature = hmac.new(self.api_secret, canonical_request.encode('utf-8'), hashlib.sha1).hexdigest()
File "/usr/lib64/python3.6/hmac.py", line 185, in new
return HMAC(key, msg, digestmod)
File "/usr/lib64/python3.6/hmac.py", line 49, in init
raise TypeError("key: expected bytes or bytearray, but got %r" % type(key).name)
TypeError: key: expected bytes or bytearray, but got 'str'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/certbot/_internal/error_handler.py", line 125, in _call_registered
self.funcs-1
File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 243, in _cleanup_challenges
self.auth.cleanup(achalls)
File "/usr/lib/python3.6/site-packages/certbot/plugins/dns_common.py", line 76, in cleanup
self._cleanup(domain, validation_domain_name, validation)
File "/usr/local/lib/python3.6/site-packages/certbot_plugin_websupport/dns.py", line 60, in _cleanup
self._get_websupport_client().del_txt_record(domain, validation_name, validation)
File "/usr/local/lib/python3.6/site-packages/certbot_plugin_websupport/dns.py", line 126, in del_txt_record
zone_id = self._find_zone_id(domain)
File "/usr/local/lib/python3.6/site-packages/certbot_plugin_websupport/dns.py", line 159, in _find_zone_id
response = self._send_request('GET', '/v1/user/self/zone/{0}'.format(zone_id))
File "/usr/local/lib/python3.6/site-packages/certbot_plugin_websupport/dns.py", line 202, in _send_request
signature = hmac.new(self.api_secret, canonical_request.encode('utf-8'), hashlib.sha1).hexdigest()
File "/usr/lib64/python3.6/hmac.py", line 185, in new
return HMAC(key, msg, digestmod)
File "/usr/lib64/python3.6/hmac.py", line 49, in init
raise TypeError("key: expected bytes or bytearray, but got %r" % type(key).name)
TypeError: key: expected bytes or bytearray, but got 'str'
An unexpected error occurred:
TypeError: key: expected bytes or bytearray, but got 'str'
Please see the logfiles in /var/log/letsencrypt for more details.
`
Could you please help me?
Thanks

cat /home/ubuntu/saas-django/websupport.ini

dns_api_key = ***
dns_api_secret = ***

sudo /home/ubuntu/saas-django/.venv/bin/certbot renew --dry-run

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mydomain.cz.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for *.mydomain.cz
Unsafe permissions on credentials configuration file: /home/ubuntu/saas-django/websupport.ini
Encountered exception during recovery: NameError: name 'code' is not defined
Failed to renew certificate mydomain.cz with error: name 'code' is not defined

tail of /var/log/letsencrypt/letsencrypt.log

2024-03-18 14:19:41,235:DEBUG:urllib3.connectionpool:https://rest.websupport.sk:443 "GET /v1/user/self/zone/mydomain.cz HTTP/1.1" 401 None
2024-03-18 14:19:41,236:ERROR:certbot._internal.error_handler:Encountered exception during recovery: NameError: name 'code' is not defined
2024-03-18 14:19:41,237:ERROR:certbot._internal.renewal:Failed to renew certificate mydomain.cz with error: name 'code' is not defined
2024-03-18 14:19:41,238:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot/_internal/main.py", line 1550, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot/plugins/dns_common.py", line 76, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot_plugin_websupport/dns.py", line 57, in _perform
    self._get_websupport_client().add_txt_record(domain, validation_name, validation, self.ttl)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot_plugin_websupport/dns.py", line 87, in add_txt_record
    zone_id = self._find_zone_id(domain)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot_plugin_websupport/dns.py", line 166, in _find_zone_id
    .format(code, e))
NameError: name 'code' is not defined

2024-03-18 14:19:41,241:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-03-18 14:19:41,242:ERROR:certbot._internal.renewal:All simulated renewals failed. The following certificates could not be renewed:
2024-03-18 14:19:41,242:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/mydomain.cz/fullchain.pem (failure)
2024-03-18 14:19:41,242:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-03-18 14:19:41,242:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/home/ubuntu/saas-django/.venv/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot/_internal/main.py", line 1642, in renew
    renewed_domains, failed_domains = renewal.handle_renewal_request(config)
  File "/home/ubuntu/saas-django/.venv/lib/python3.10/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2024-03-18 14:19:41,242:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)

➜ python -V
Python 3.10.12
➜ which python
/home/ubuntu/saas-django/.venv/bin/python

Your plugin works great, however it stopped renew my cert. Could you please help me?

2021-02-24 06:45:59,445:ERROR:certbot._internal.error_handler:Encountered exception during recovery: TypeError: a bytes-like object is required, not 'str'
2021-02-24 06:45:59,446:WARNING:certbot._internal.renewal:Attempting to renew cert (domain.sk) from /etc/letsencrypt/renewal/domain.sk.conf produced an unexpected error: a bytes-like object is required, not 'str'. Skipping.
2021-02-24 06:45:59,447:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/certbot/_internal/renewal.py", line 472, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 1234, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 123, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3.6/site-packages/certbot/_internal/renewal.py", line 330, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3.6/site-packages/certbot/plugins/dns_common.py", line 57, in perform
self._perform(domain, validation_domain_name, validation)
File "/usr/local/lib/python3.6/site-packages/certbot_plugin_websupport/dns.py", line 57, in _perform
self._get_websupport_client().add_txt_record(domain, validation_name, validation, self.ttl)
File "/usr/local/lib/python3.6/site-packages/certbot_plugin_websupport/dns.py", line 87, in add_txt_record
zone_id = self._find_zone_id(domain)
File "/usr/local/lib/python3.6/site-packages/certbot_plugin_websupport/dns.py", line 159, in _find_zone_id
response = self._send_request('GET', '/v1/user/self/zone/{0}'.format(zone_id))
File "/usr/local/lib/python3.6/site-packages/certbot_plugin_websupport/dns.py", line 205, in _send_request
"Authorization": "Basic %s" % (base64.b64encode("%s:%s" % (self.api_key, signature))),
File "/usr/lib64/python3.6/base64.py", line 58, in b64encode
encoded = binascii.b2a_base64(s, newline=False)
TypeError: a bytes-like object is required, not 'str'

Thanks