tengattack / certbot-dns-aliyun Goto Github PK

View Code? Open in Web Editor NEW

225.0 5.0 55.0 36 KB

A certbot dns plugin to obtain certificates using aliyun.

License: Other

Dockerfile 2.60% Python 84.48% Shell 12.93%

certbot certbot-dns-plugin aliyun

certbot-dns-aliyun's Introduction

Aliyun DNS Authenticator plugin for Certbot

A certbot dns plugin to obtain certificates using aliyun.

Obtain Aliyun RAM AccessKey

https://ram.console.aliyun.com/

And ensure your RAM account has AliyunDNSFullAccess permission.

Install

pip install certbot-dns-aliyun

For Snap:

sudo snap install certbot-dns-aliyun
sudo snap set certbot trust-plugin-with-root=ok
sudo snap connect certbot:plugin certbot-dns-aliyun
/snap/bin/certbot plugins

Or manually:

git clone https://github.com/tengattack/certbot-dns-aliyun
cd certbot-dns-aliyun
sudo python setup.py install

If you are using certbot-auto, you should run virtualenv first:

# CentOS 7
virtualenv --no-site-packages --python "python2.7" "/opt/eff.org/certbot/venv"
/opt/eff.org/certbot/venv/bin/python2.7 setup.py install

Credentials File

dns_aliyun_access_key = 12345678
dns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef

chmod 600 /path/to/credentials.ini

Obtain Certificates

certbot certonly \
    --authenticator=dns-aliyun \
    --dns-aliyun-credentials='/path/to/credentials.ini' \
    -d "*.example.com,example.com"

Using Docker

Please refer to scripts

certbot-dns-aliyun's People

Contributors

Stargazers

Watchers

certbot-dns-aliyun's Issues

阿里云dns不行？？？

certbot -a certbot-dns-aliyun:dns-aliyun -i nginx -d xxxx.com -d "*.xxxx.com" --server https://acme-v02.api.lets
encrypt.org/directory --certbot-dns-aliyun:dns-aliyun-credentials ~/.secerts/certbot/aliyun

Encountered exception during recovery:
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/certbot/error_handler.py", line 124, in _call_registered
self.funcs-1
File "/usr/local/lib/python2.7/dist-packages/certbot/auth_handler.py", line 220, in _cleanup_challenges
self.auth.cleanup(achalls)
File "/usr/local/lib/python2.7/dist-packages/certbot/plugins/dns_common.py", line 77, in cleanup
self._cleanup(domain, validation_domain_name, validation)
File "/usr/local/lib/python2.7/dist-packages/certbot_dns_aliyun/dns_aliyun.py", line 53, in _cleanup
self._get_alidns_client().del_txt_record(domain, validation_name, validation)
File "/usr/local/lib/python2.7/dist-packages/certbot_dns_aliyun/alidns.py", line 81, in del_txt_record
domain = self._find_domain_id(domain)
File "/usr/local/lib/python2.7/dist-packages/certbot_dns_aliyun/alidns.py", line 54, in _find_domain_id
.format(domain, domain_name_guesses))
PluginError: Unable to determine zone identifier for xxxx.com using zone names: [u'xxxx.com', u'com']

certbot找不到--certbot-dns-aliyun:dns-aliyun-credentials参数

certbot certonly -a certbot-dns-aliyun:dns-aliyun \
    --certbot-dns-aliyun:dns-aliyun-credentials /path/to/credentials.ini \
    -d example.com \
    -d "*.example.com"

运行后报错：找不到该参数

AliyunDNSFullAccess too wide

Hello, nice work.

A suggestion. AliyunDNSFullAccess is too wide, for I will provide the website access permission to others.
Could you please check the minimum permission required?

I'm trying, and after finish, I will provide my experience here.

无用的引用导致新版certbot报错

本次certbot更新后提示
An unexpected error occurred: pkg_resources.ContextualVersionConflict: (cryptography 36.0.0 (/var/lib/snapd/snap/certbot/1670/lib/python3.8/site-packages), Requirement.parse('cryptography<4,>=2'), {'dns-lexicon'}) Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmpsg4ueu0p/log or re-run Certbot with -v for more details.

去掉setup.py里面的 dns-lexicon
以及certbot_dns_aliyun/dns_aliyun.py 引用 from certbot.plugins import dns_common_lexicon
后我本地测试没啥问题

centos 7报错

ImportError: No module named 'alidns'

Snap install cryptography dependency breaks

An unexpected error occurred:
pkg_resources.ContextualVersionConflict: (cryptography 36.0.0 (/snap/certbot/1670/lib/python3.8/site-packages), Requirement.parse('cryptography<4,>=2'), {'dns-lexicon'})
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmpjakf_8wr/log or re-run Certbot with -v for more details.

Name                Version   Rev    Tracking       Publisher     Notes
certbot             1.22.0    1670   latest/stable  certbot-eff✓  classic
certbot-dns-aliyun  0.38.1    1      latest/stable  tengattack    -
core20              20211129  1270   latest/stable  canonical✓    base
snapd               2.53.4    14295  latest/stable  canonical✓    snapd

dns-lexicon dependency was broken by cryptography versioning. It is fixed in lexicon 3.7.1. Please bump its version and update snap image.

dns-lexicon 依赖因为 cryptography 的版本编号不能满足，在lexicon 3.7.1 版本中修复了。应该升级一下依赖更新一下snap image就行了

目前最新版本certbot/certbot:v0.38.0执行失败，应该是默认使用了python3导致

上一版本certbot/certbot:v0.37.2正常。新版本提示找不到alidns模块

certbot certonly 重新生成证书会有0001新目录无法覆盖之前的证书

如 /etc/letsencrypt/live/mapp-api.rzatfc.com-0001/fullchain.pem

如果同一台服务器需要两个以上域名并且在不同的阿里云上是否支持？

建不同的credentials.ini ？

Not Available for other arch like arm64

using ubuntu arm64 for raspi 3b+, but snap install return

error: snap "certbot-dns-aliyun" is not available on stable for this architecture (arm64) but
       exists on other architectures (amd64).

could you help to port it to arm64?

大佬，树莓派上用Ubuntu，snap安装报没有当前架构，能适配一下arm64么？

not able to instal?

I am using Centos 7.6 and Python 2.7.5 and I think something goes wrong ...

-bash: virtualenv: command not found
[clusteradmin@LBR certbot-dns-aliyun]$ python --version
Python 2.7.5
[clusteradmin@LBR certbot-dns-aliyun]$ sudo python setup.py install
/usr/lib64/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'python_requires'
  warnings.warn(msg)
running install
running bdist_egg
running egg_info
writing requirements to certbot_dns_aliyun.egg-info/requires.txt
writing certbot_dns_aliyun.egg-info/PKG-INFO
writing top-level names to certbot_dns_aliyun.egg-info/top_level.txt
writing dependency_links to certbot_dns_aliyun.egg-info/dependency_links.txt
writing entry points to certbot_dns_aliyun.egg-info/entry_points.txt
reading manifest file 'certbot_dns_aliyun.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no files found matching 'README.rst'
writing manifest file 'certbot_dns_aliyun.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
creating build/bdist.linux-x86_64/egg
creating build/bdist.linux-x86_64/egg/certbot_dns_aliyun
copying build/lib/certbot_dns_aliyun/dns_aliyun_test.py -> build/bdist.linux-x86_64/egg/certbot_dns_aliyun
copying build/lib/certbot_dns_aliyun/__init__.py -> build/bdist.linux-x86_64/egg/certbot_dns_aliyun
copying build/lib/certbot_dns_aliyun/alidns_test.py -> build/bdist.linux-x86_64/egg/certbot_dns_aliyun
copying build/lib/certbot_dns_aliyun/dns_aliyun.py -> build/bdist.linux-x86_64/egg/certbot_dns_aliyun
copying build/lib/certbot_dns_aliyun/alidns.py -> build/bdist.linux-x86_64/egg/certbot_dns_aliyun
byte-compiling build/bdist.linux-x86_64/egg/certbot_dns_aliyun/dns_aliyun_test.py to dns_aliyun_test.pyc
byte-compiling build/bdist.linux-x86_64/egg/certbot_dns_aliyun/__init__.py to __init__.pyc
byte-compiling build/bdist.linux-x86_64/egg/certbot_dns_aliyun/alidns_test.py to alidns_test.pyc
byte-compiling build/bdist.linux-x86_64/egg/certbot_dns_aliyun/dns_aliyun.py to dns_aliyun.pyc
byte-compiling build/bdist.linux-x86_64/egg/certbot_dns_aliyun/alidns.py to alidns.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying certbot_dns_aliyun.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying certbot_dns_aliyun.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying certbot_dns_aliyun.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying certbot_dns_aliyun.egg-info/entry_points.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying certbot_dns_aliyun.egg-info/requires.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying certbot_dns_aliyun.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
zip_safe flag not set; analyzing archive contents...
creating 'dist/certbot_dns_aliyun-0.23.0.dev0-py2.7.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing certbot_dns_aliyun-0.23.0.dev0-py2.7.egg
Removing /usr/lib/python2.7/site-packages/certbot_dns_aliyun-0.23.0.dev0-py2.7.egg
Copying certbot_dns_aliyun-0.23.0.dev0-py2.7.egg to /usr/lib/python2.7/site-packages
certbot-dns-aliyun 0.23.0.dev0 is already the active version in easy-install.pth

Installed /usr/lib/python2.7/site-packages/certbot_dns_aliyun-0.23.0.dev0-py2.7.egg
Processing dependencies for certbot-dns-aliyun==0.23.0.dev0
Traceback (most recent call last):
  File "setup.py", line 66, in <module>
    test_suite='certbot_dns_aliyun',
  File "/usr/lib64/python2.7/distutils/core.py", line 152, in setup
    dist.run_commands()
  File "/usr/lib64/python2.7/distutils/dist.py", line 953, in run_commands
    self.run_command(cmd)
  File "/usr/lib64/python2.7/distutils/dist.py", line 972, in run_command
    cmd_obj.run()
  File "/usr/lib/python2.7/site-packages/setuptools/command/install.py", line 73, in run
    self.do_egg_install()
  File "/usr/lib/python2.7/site-packages/setuptools/command/install.py", line 101, in do_egg_install
    cmd.run()
  File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 380, in run
    self.easy_install(spec, not self.no_deps)
  File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 604, in easy_install
    return self.install_item(None, spec, tmpdir, deps, True)
  File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 655, in install_item
    self.process_distribution(spec, dist, deps)
  File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 706, in process_distribution
    [requirement], self.local_index, self.easy_install
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 631, in resolve
    requirements.extend(dist.requires(req.extras)[::-1])
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2497, in requires
    "%s has no such extra feature %r" % (self, ext)
pkg_resources.UnknownExtra: requests 2.6.0 has no such extra feature 'security'

$ lsb_release -a
LSB Version:	core-9.20170808ubuntu1-noarch:security-9.20170808ubuntu1-noarch
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.4 LTS
Release:	18.04
Codename:	bionic

安装过程中出现下面的提示：

$ pip install certbot-dns-aliyun
Collecting certbot-dns-aliyun
  Using cached https://files.pythonhosted.org/packages/b3/b0/aed9384ee7f0850218ccd2ea9ad2b9993cb6216b5faa242555681799123a/certbot_dns_aliyun-2.0.0-py2.py3-none-any.whl
Collecting acme>=2.0.0 (from certbot-dns-aliyun)
  Could not find a version that satisfies the requirement acme>=2.0.0 (from certbot-dns-aliyun) (from versions: 0.0.0.dev20151006, 0.0.0.dev20151008, 0.0.0.dev20151017, 0.0.0.dev20151020, 0.0.0.dev20151021, 0.0.0.dev20151024, 0.0.0.dev20151030, 0.0.0.dev20151104, 0.0.0.dev20151107, 0.0.0.dev20151108, 0.0.0.dev20151114, 0.0.0.dev20151123, 0.0.0.dev20151201, 0.1.0, 0.1.1, 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.10.0, 0.10.1, 0.10.2, 0.11.0, 0.11.1, 0.12.0, 0.13.0, 0.14.0, 0.14.1, 0.14.2, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.20.0, 0.21.0, 0.21.1, 0.22.0, 0.22.1, 0.22.2, 0.23.0, 0.24.0, 0.25.0, 0.25.1, 0.26.0, 0.26.1, 0.27.0, 0.27.1, 0.28.0, 0.29.0, 0.29.1, 0.30.0, 0.30.1, 0.30.2, 0.31.0, 0.32.0, 0.33.0, 0.33.1, 0.34.0, 0.34.1, 0.34.2, 0.35.0, 0.35.1, 0.36.0, 0.37.0, 0.37.1, 0.37.2, 0.38.0, 0.39.0, 0.40.0, 0.40.1, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.10.1, 1.11.0)
No matching distribution found for acme>=2.0.0 (from certbot-dns-aliyun)

certbot_dns_aliyun.alidns.AliError: SecurityToken is mandatory for this action

Hi, it seems that the extension does not work with STS credentials, since there is no way to specify the token. Please correct me if I am wrong.

证书到期后，renew遇到问题

证书到期后，运行 certbot-auto renew 时遇到一下错误：

Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert (test.com) from /etc/letsencrypt/renewal/test.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.

需要做额外设置吗？