tengattack / certbot-dns-dnspod Goto Github PK

View Code? Open in Web Editor NEW

60.0 5.0 17.0 33 KB

A certbot dns plugin to obtain certificates using dnspod.

License: Other

Python 98.99% Dockerfile 1.01%

certbot-dns-dnspod's Introduction

DNSPod DNS Authenticator plugin for Certbot

A certbot dns plugin to obtain certificates using dnspod.

Obtain API Token

https://www.dnspod.cn/console/user/security

Install

Pip:

sudo pip install git+https://github.com/tengattack/certbot-dns-dnspod.git

Snap:

sudo snap install certbot-dns-dnspod
sudo snap set certbot trust-plugin-with-root=ok
sudo snap connect certbot:plugin certbot-dns-dnspod

Credentials File

dns_dnspod_api_id = 12345
dns_dnspod_api_token = 1234567890abcdef1234567890abcdef

chmod 600 /path/to/credentials.ini

Obtain Certificates

certbot certonly -a dns-dnspod \
    --dns-dnspod-credentials /path/to/credentials.ini \
    -d example.com \
    -d "*.example.com"

certbot-dns-dnspod's People

Contributors

Stargazers

Watchers

Forkers

huww98 evanlabs zjwangmin findlayfeng 9l luckywh0 jonherr iconben wyq09 ericzhang456 alexzorin adonis2014 takunsyo zsbai empty-233 lyhiving fanyouchang

certbot-dns-dnspod's Issues

错误处理异常

certbot-dns-dnspod/certbot_dns_dnspod/dns_dnspod.py

Line 126 in 70833e5

if not str(e).startswith('Domain name invalid'):

dnspod的API返回了中文错误。导致这里判断出错了。
可能需要或一下判断

参考返回

域名不正确，请输入主域名，如 dnspod.cn

certbot: error: unrecognized arguments: --dns-dnspod-credentials

[root@host-10 ~] python --version
Python 3.9.16

[root@host-10 ~]# cat /etc/redhat-release 
Rocky Linux release 9.2 (Blue Onyx)

[root@localhost ~]# certbot certonly -a dns-dnspod --dns-dnspod-credentials /etc/credentials.conf -d aa.chxxx.com
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --dns-dnspod-credentials /etc/credentials.conf

需要创建python虚拟环境才能正确执行

#注意用root，非root下创建虚拟环境，没有权限执行certbot，使用了sudo命令提权至root账户，导制用户变更，python虚拟环境又失效。
mkdir /opt/python_env_certbot
cd /opt/python_env_certbot/
python3 -m venv certbotvenv
source certbotvenv/bin/activate
/opt/python_env_certbot/certbotvenv/bin/python3 -m pip install --upgrade pip
pip install git+https://github.com/tengattack/certbot-dns-dnspod.git

新申请

cd /opt/python_env_certbot
source certbotvenv/bin/activate
certbot certonly -a dns-dnspod \
    --dns-dnspod-credentials /etc/credentials.conf \
    -d s8.xfrx.ac.cn

续签

cd /opt/python_env_certbot
source certbotvenv/bin/activate
certbot renew --cert-name s8.xfrx.ac.cn

为什么不集中到certbot / certbot里面去呢

https://github.com/certbot/certbot
这里集中了很多自动配置，也有很多都是参考引用了他们的代码
集中到一起，有利于其他优秀的docker制作

例如：linuxserver/letsencrypt里面有阿里云，居然没有DNSPOD，让人很伤心

credentials.ini配置文件格式不正确

应该是=，而不是:

certbot_dns_dnspod:dns_dnspod_api_id = 12345
certbot_dns_dnspod:dns_dnspod_api_token =1234567890abcdef1234567890abcdef

_find_domain_id 抛异常导致报错

通过接口https://dnsapi.cn/Domain.Info （https://docs.dnspod.cn/api/domain-info/）获取域名id时，如果被探测域名不存在，会返回错误码【13 当前域名有误，请返回重新操作。】，这种是正常的，应该跳过。现在的判定条件是【 not (str(e).startswith('Domain name invalid') or str(e).find('域名不正确') >= 0)】会导致抛异常。

不适配certbot2.4.0

在进行这两步后，certbot命令无法正常运行，显示报错 An unexpected error occurred:
TypeError: 'type' object is not iterable

sudo snap set certbot trust-plugin-with-root=ok
sudo snap connect certbot:plugin certbot-dns-dnspod

日志记录如下：

2023-03-25 20:34:39,417:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 787
2023-03-25 20:34:39,739:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/2836/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/2836/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/2836/lib/python3.8/site-packages/certbot/_internal/main.py", line 1835, in main
    plugins = plugins_disco.PluginsRegistry.find_all()
  File "/snap/certbot/2836/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 192, in find_all
    cls._load_entry_point(entry_point, plugins)
  File "/snap/certbot/2836/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 199, in _load_entry_point
    plugin_ep = PluginEntryPoint(entry_point)
  File "/snap/certbot/2836/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 40, in __init__
    self.plugin_cls: Type[interfaces.Plugin] = entry_point.load()
  File "/snap/certbot/2836/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2468, in load
    return self.resolve()
  File "/snap/certbot/2836/lib/python3.8/site-packages/pkg_resources/__init__.py", line 2474, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/snap/certbot-dns-dnspod/current/lib/python3.8/site-packages/certbot_dns_dnspod/dns_dnspod.py", line 21, in <module>
    class Authenticator(dns_common.DNSAuthenticator):
  File "/snap/certbot-dns-dnspod/current/lib/python3.8/site-packages/zope/interface/declarations.py", line 1108, in __call__
    directlyProvides(ob, *self.interfaces)
  File "/snap/certbot-dns-dnspod/current/lib/python3.8/site-packages/zope/interface/declarations.py", line 918, in directlyProvides
    interfaces = _normalizeargs(interfaces)
  File "/snap/certbot-dns-dnspod/current/lib/python3.8/site-packages/zope/interface/declarations.py", line 1307, in _normalizeargs
    _normalizeargs(v, output)
  File "/snap/certbot-dns-dnspod/current/lib/python3.8/site-packages/zope/interface/declarations.py", line 1306, in _normalizeargs
    for v in sequence:
TypeError: 'type' object is not iterable
2023-03-25 20:34:39,740:ERROR:certbot._internal.log:An unexpected error occurred:
2023-03-25 20:34:39,740:ERROR:certbot._internal.log:TypeError: 'type' object is not iterable

Certbot failed to authenticate some domains (authenticator: certbot-dns-dnspod:dns-dnspod). The Certificate Authority reported these problems:
Domain: irez.cn
Type: caa
Detail: CAA record for *.irez.cn prevents issuance

Hint: The Certificate Authority failed to verify the DNS TXT records created by --certbot-dns-dnspod:dns-dnspod. Ensure the above domains are hosted by this DNS provider, or try increasing --certbot-dns-dnspod:dns-dnspod-propagation-seconds (currently 30 seconds).

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

遇到了错误， File "/snap/certbot-dns-dnspod/current/lib/python3.8/site-packages/zope/interface/declarations.py", line 1306, in _normalizeargs for v in sequence: TypeError: 'type' object is not iterable

2024-02-28 08:57:13,452:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/3643/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 191, in find_all
cls._load_entry_point(entry_point, plugins)
File "/snap/certbot/3643/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 203, in _load_entry_point
plugin_ep = PluginEntryPoint(entry_point)
File "/snap/certbot/3643/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 42, in init
self.plugin_cls: Type[interfaces.Plugin] = entry_point.load()
File "/snap/certbot/3643/lib/python3.8/site-packages/importlib_metadata/init.py", line 207, in load
module = import_module(match.group('module'))
File "/snap/certbot/3643/usr/lib/python3.8/importlib/init.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 975, in _find_and_load_unlocked
File "", line 671, in _load_unlocked
File "", line 848, in exec_module
File "", line 219, in _call_with_frames_removed
File "/snap/certbot-dns-dnspod/current/lib/python3.8/site-packages/certbot_dns_dnspod/dns_dnspod.py", line 21, in
class Authenticator(dns_common.DNSAuthenticator):
File "/snap/certbot-dns-dnspod/current/lib/python3.8/site-packages/zope/interface/declarations.py", line 1108, in call
directlyProvides(ob, *self.interfaces)
File "/snap/certbot-dns-dnspod/current/lib/python3.8/site-packages/zope/interface/declarations.py", line 918, in directlyProvides
interfaces = _normalizeargs(interfaces)
File "/snap/certbot-dns-dnspod/current/lib/python3.8/site-packages/zope/interface/declarations.py", line 1307, in _normalizeargs
_normalizeargs(v, output)
File "/snap/certbot-dns-dnspod/current/lib/python3.8/site-packages/zope/interface/declarations.py", line 1306, in _normalizeargs
for v in sequence:
TypeError: 'type' object is not iterable

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/snap/certbot/3643/bin/certbot", line 8, in
sys.exit(main())
File "/snap/certbot/3643/lib/python3.8/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/snap/certbot/3643/lib/python3.8/site-packages/certbot/_internal/main.py", line 1866, in main
plugins = plugins_disco.PluginsRegistry.find_all()
File "/snap/certbot/3643/lib/python3.8/site-packages/certbot/_internal/plugins/disco.py", line 193, in find_all
raise errors.PluginError(
certbot.errors.PluginError: The 'certbot_dns_dnspod.dns_dnspod' plugin errored while loading: 'type' object is not iterable. You may need to remove or update this plugin. The Certbot log will contain the full error details and this should be reported to the plugin developer.
2024-02-28 08:57:13,452:ERROR:certbot._internal.log:The 'certbot_dns_dnspod.dns_dnspod' plugin errored while loading: 'type' object is not iterable. You may need to remove or update this plugin. The Certbot log will contain the full error details and this should be reported to the plugin developer.

~$ sudo docker run -it --rm --name certbot     -v "/etc/letsencrypt:/etc/letsencrypt"     -v "/var/lib/letsencrypt:/var/lib/letsencrypt"     -v "/root/.dnspod.ini:/etc/letsencrypt/.dnspod.ini"     certbot-dns-dnspod:0.24.0     certonly -a certbot-dns-dnspod:dns-dnspod     --certbot-dns-dnspod:dns-dnspod-credentials /etc/letsencrypt/.dnspod.ini     -d dev.example.net -d "*.dev.example.net" --debug
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugin legacy name certbot-dns-dnspod:dns-dnspod may be removed in a future version. Please use dns-dnspod instead.
Plugins selected: Authenticator certbot-dns-dnspod:dns-dnspod, Installer None
Requesting a certificate for dev.example.net and *.dev.example.net
Performing the following challenges:
dns-01 challenge for dev.example.net
dns-01 challenge for dev.example.net
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/src/certbot-dns-dnspod/certbot_dns_dnspod/dns_dnspod.py", line 101, in _find_domain_id
    self.provider.authenticate()
  File "/usr/local/lib/python3.8/site-packages/lexicon/providers/base.py", line 74, in authenticate
    return self._authenticate()
  File "/usr/local/lib/python3.8/site-packages/lexicon/providers/dnspod.py", line 34, in _authenticate
    raise Exception(payload["status"]["message"])
Exception: 域名不正确，请输入主域名，如 dnspod.cn

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot', 'console_scripts', 'certbot')())
  File "/opt/certbot/src/certbot/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1435, in main
    return config.func(config, plugins)
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1304, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 140, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 444, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 424, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/opt/certbot/src/certbot/certbot/plugins/dns_common.py", line 60, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/opt/certbot/src/certbot-dns-dnspod/certbot_dns_dnspod/dns_dnspod.py", line 55, in _perform
    self._get_dnspod_client().add_txt_record(domain, validation_name, validation)
  File "/opt/certbot/src/certbot/certbot/plugins/dns_common_lexicon.py", line 45, in add_txt_record
    self._find_domain_id(domain)
  File "/opt/certbot/src/certbot-dns-dnspod/certbot_dns_dnspod/dns_dnspod.py", line 113, in _find_domain_id
    raise result
certbot.errors.PluginError: Unexpected error determining zone identifier for dev.example.net: 域名不正确，请输入主域名，如 dnspod.cn
Please see the logfiles in /var/log/letsencrypt for more details.