terrycain / certbot-dns-azure Goto Github PK
View Code? Open in Web Editor NEWAzureDNS Certbot plugin
License: Other
AzureDNS Certbot plugin
License: Other
This allows the domain used for validation to be completely different than the domain name you are requesting a certificate for.
Here is the best example of how this works I can find:
https://cert-manager.io/docs/configuration/acme/dns01/#delegated-domains-for-dns01
Hi,
When I try to use your plugin, i get the following exception:
2022-05-01 11:23:09,325:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-05-01 11:23:09,325:ERROR:certbot._internal.error_handler:Encountered exception during recovery: TypeError: __init__() got an unexpected keyword argument 'credential_scopes'
2022-05-01 11:23:09,326:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/python3.8/dist-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/usr/local/lib/python3.8/dist-packages/certbot/_internal/main.py", line 1723, in main
return config.func(config, plugins)
File "/usr/local/lib/python3.8/dist-packages/certbot/_internal/main.py", line 1582, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/local/lib/python3.8/dist-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/local/lib/python3.8/dist-packages/certbot/_internal/client.py", line 513, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/local/lib/python3.8/dist-packages/certbot/_internal/client.py", line 441, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/local/lib/python3.8/dist-packages/certbot/_internal/client.py", line 493, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/local/lib/python3.8/dist-packages/certbot/_internal/auth_handler.py", line 86, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/local/lib/python3.8/dist-packages/certbot/plugins/dns_common.py", line 76, in perform
self._perform(domain, validation_domain_name, validation)
File "/usr/local/lib/python3.8/dist-packages/certbot_dns_azure/_internal/dns_azure.py", line 182, in _perform
client = self._get_azure_client(subscription_id)
File "/usr/local/lib/python3.8/dist-packages/certbot_dns_azure/_internal/dns_azure.py", line 268, in _get_azure_client
return DnsManagementClient(self.credential, subscription_id, None, self._arm_endpoint, credential_scopes=[self._arm_endpoint + "/.default"])
TypeError: __init__() got an unexpected keyword argument 'credential_scopes'
2022-05-01 11:23:09,326:ERROR:certbot._internal.log:An unexpected error occurred:
2022-05-01 11:23:09,326:ERROR:certbot._internal.log:TypeError: __init__() got an unexpected keyword argument 'credential_scopes'
I try to obtain a certificate using the following command:
certbot certonly --test-cert --authenticator dns-azure --preferred-challenges dns --noninteractive --agree-tos --email [email protected] --dns-azure-config /etc/azure.ini -d "test.certificate.com"
My /etc/azure.ini has the following:
dns_azure_msi_client_id = <client id of user assigned identity>
dns_azure_zone1 = certificate.com:/subscriptions/<subscription>/resourceGroups/<resource group>
Installed versions:
user@host:/home/adm# pip list | grep -E "certbot|azure-mgmt-dns"
azure-mgmt-dns 8.0.0
certbot 1.26.0
certbot-dns-azure 1.5.0
Python 3.8.10
Ubuntu 20.04.4 LTS
Hi,
I am getting an issue when i try to renew or create a new ssl cert using this plugin:
An unexpected error occurred:
pkg_resources.VersionConflict: (certbot 2.2.0 (/snap/certbot/2683/lib/python3.8/site-packages), Requirement.parse('certbot<2.0,>=1.18.0'))
Is this an issue with the plugin?
Regards
Mark
It seems there have been some releases to snap (2.0.0 and 2.0.1), but PyPis history for this project is still at 1.5.0.
Hello,
thank you for making this solution open source.
I am wondering if i can use this plugin for multilevel subdomain wildcards?
For example
*.example.com
*.staging.example.com
*.development.example.com
If so how would the configuration of the ini file look like?
I've been using this plugin for quite some time now, and as of some recent update having it connected causes certbot to crash with the following error message:
An unexpected error occurred:
pkg_resources.ContextualVersionConflict: (cryptography 38.0.1 (/snap/certbot/2414/lib/python3.8/site-packages), Requirement.parse('cryptography<38,>=0.6'), {'msal'})
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-_bnwfto2/log or re-run Certbot with -v for more details.
I confirmed that this is being caused via this plugin, since removing it allows certbot to run again.
c696da3 added a certbot>=1.18.0,<2.0
constraint to the plugin.
We recently pushed the Certbot snap out to every snap user, so the plugin is broken there due to a constraint conflict.
This was reported at https://community.letsencrypt.org/t/certbot-versionconflict-after-update-on-ubuntu/193141/5.
Would it be possible to remove the constraint and republish the snap? The plugin should otherwise work just fine with Certbot 2.x. Thank you.
I am attempting to register *.subdomain.example.com and subdomain.example.com in the same request. I always get an error that it can't validate the TXT record on one of the two domains that are listed. If I do them one at a time things seem to work just fine.
This seems like it may be the same issue that was talked about here certbot/certbot#5673
certbot certonly --authenticator dns-azure --preferred-challenges dns --noninteractive --agree-tos --email [email protected] --dns-azure-config /etc/azure.ini -d subdomain.example.com -d *.subdomain.example.com
Hi,
Any chance of adding this as a Snap package? I have Certbot installed using Snap and cannot use this plugin because of that.
Hi, thanks for your work on this, I've been able to certify multiple subdomains successfully in different dns regions. However, I've noticed an odd bug (?) where some domains won't get a DNS record at all in Azure unless they are placed at the start of the list of certbot domains. I.e. -d flakey-subdomain-1 -d flakey-subdomain-2
.
So far I've not been able to identify why this might be and I'm concerned that it may fail in the future. Is there anything I can try to figure out what would cause this?
The list of domains are in the following format:
*.[different].subdomain.domain.com
Thank you
Charles
In 0b158bb the usage of azure.core.utils.CaseInsensitiveDict
was added.
However, this implementation wasn't added until azure-core-1.25.0
.
Currently, certbot-dns-azure
only depends on azure-identity>=1.11.0
and azure-mgmt-dns>=8.0.0
. Currently, azure-mgmnt-dns
doesn't depend on azure-core
entirely and azure-identity
depends on azure-core<2.0.0,>=1.11.0
, so that's not enough either.
Perhaps it's wise to add a dependency on azure-core>=1.25.0
?
Hi,
I´m currently facing the issue that certbot renew
will fail with error:
Failed to renew certificate bag.software with error: Missing command line flag or config entry for this setting: Input the path to your Azure config INI file
My /etc/letsencrypt/renewal/domain.conf looks like:
# renew_before_expiry = 30 days
version = 1.11.0
archive_dir = /etc/letsencrypt/archive/domain
cert = /etc/letsencrypt/live/domain/cert.pem
privkey = /etc/letsencrypt/live/domain/privkey.pem
chain = /etc/letsencrypt/live/domain/chain.pem
fullchain = /etc/letsencrypt/live/domain/fullchain.pem
[renewalparams]
authenticator = dns-azure
dns-azure-config = /etc/default/certbot/azure.ini
server = https://acme-v02.api.letsencrypt.org/directory
manual_public_ip_logging_ok = None
When running certbot renew --dns-azure-config /etc/default/certbot/azure.ini
the renewal is working fine.
Is the config wrong or does this setting not work?
Thanks
I generated a config file like this:
dns_azure_sp_client_id = aaaaaa
dns_azure_sp_client_secret = bbbbbb
dns_azure_tenant_id = cccccc
dns_azure_zone1 = xxxxxx.onmicrosoft.com:/subscriptions/dddddd/resourceGroups/eeeeee
and I ran certbot
like this:
kkovacs@gitlab:~$ sudo /usr/local/bin/certbot certonly --dns-azure-config ./mycredentials.ini -d *.xxxxxx.onmicrosoft.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Obtain certificates using a DNS TXT record (if you are using Azure for DNS).
(dns-azure)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator dns-azure, Installer None
Requesting a certificate for *.xxxxxx.onmicrosoft.com
Performing the following challenges:
dns-01 challenge for xxxxxx.onmicrosoft.com
Cleaning up challenges
Failed to add TXT record to domain xxxxxx.onmicrosoft.com, error: Azure Error: ParentResourceNotFound
Message: Can not perform requested operation on nested resource. Parent resource 'xxxxxx.onmicrosoft.com' not found.
but I got the error "Azure Error: ParentResourceNotFound."
Perhaps I missed a step in setting up things on the Azure side. I have a virtual network with multiple VMs on it and I can connect to them over SSH/RDP while logged in over the P2S VPN connection via Azure AD authentication.
Dear,
I am trying to get a certificate from my domain and I am getting the following error:
Encountered exception during recovery: certbot.errors.PluginError: Failed to check TXT record for domain <my domain>, error: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint.
I have followed the example for User Assigned Managed Identity, non-interactive mode, from here:
https://certbot-dns-azure.readthedocs.io/en/latest/
Certbot version is: 1.32.1
Ubuntu Server 18.04
It seems that this issue is related to this problem:
https://stackoverflow.com/questions/67845857/can-a-user-assigned-managed-identity-be-used-locally
We are running certbot on a non-azure virtual machine. And on Line 152 of dns_azure.py we find:
return ManagedIdentityCredential(client_id=msi_client_id)
Perhaps it should use DefaultAzureCredential with the Client Id.
Thank you!
Sorry my bad english skills.
Cannot specify --dns-azure
option
$ certbot certonly --dns-azure --dns-azure-config azure.ini -d <my domain> --config-dir ./config-dir --work-dir ./work-dir --logs-dir ./logs-dir
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: ambiguous option: --dns-azure could match --dns-azure-propagation-seconds, --dns-azure-config
So I can't run the certbot command in non-interactive mode.
Is it possible to add the support of Azure AD workload identity authentication for the azure dns zone? Thanks!
certbot version 2.3.0
certbot-dns-azure version 1.5.0
While trying to update certs I noticed something peculiar.
certbot renew --cert-name test.domain.com
This tried to create the _acme_challenge TXT post in domain.com, not test.domain.com which I expected.
So I took a look at azure.ini
dns_azure_zone4 = domain.io:/subscriptions//resourceGroups/group-dns?
dns_azure_zone5 = prod.domain.io:/subscriptions//resourceGroups/group-dns
dns_azure_zone6 = test.domain.io:/subscriptions//resourceGroups/group-dns
Could it be that the top domain incorrectly got selected? I switched the order to have the top domain last.
dns_azure_zone4 = prod.domain.io:/subscriptions//resourceGroups/group-dns
dns_azure_zone5 = test.domain.io:/subscriptions//resourceGroups/group-dns
dns_azure_zone6 = domain.io:/subscriptions//resourceGroups/group-dns?
Now the renew command works fine, the _acme post ends up in the DNS for test.domain.io instead, so azure.ini seems to be order dependant.
I read through the documentation here:
https://certbot-dns-azure.readthedocs.io/en/latest/
But I could find that the azure.ini file is supposed to be order dependent and there were no examples reflecting my use case with both subdomains and the top domain.
I took a look at certbot-dns-azure code, added comments of how I understand the flow.
def _get_ids_for_domain(self, domain: str):
# domain_zoneid.items format
# key: domain.io
# value: /subscriptions/<subscription-id>/resourceGroups/group-dns
# I'm assuming the domain argument is what I'm supplying on commandline
# ie test.domain.io
try:
for azure_dns_domain, resource_group in self.domain_zoneid.items():
# If the first item in the list is the top domain
# azure_dns_domain = domain.io
# resource_group = /subscriptions/<subscription-id>/resourceGroups/group-dns
# Look to see if domain ends with key, to cover subdomains
if domain.endswith(azure_dns_domain):
# if "test.domain.io" ends with "domain.io"
# Ok, my sub domain ends with the first item in the list which is the top domain.
subscription_id = resource_group.split('/')[2]
# subscription_id = <subscription-id>
rg_name = resource_group.split('/')[4]
# rg_name = group_dns
return azure_dns_domain, subscription_id, rg_name
# return domain.io, <subscription-id>, group_dns
It seems this function will return the top domain, rather than the subdomain, if the top domain comes first in the list.
The _perform function seems to use the return azure_dns_domain, while printing error messages using the domain.
Hello, I am here through NginxProxyManager/nginx-proxy-manager#1087.
Unlike most other dns plugins your plugin needs the path to the config ini file passed in with the --dns-azure-config
flag, instead of --dns-azure-credentials
.
Maybe you could consider also supporting the --dns-azure-credentials
flag? One could just take precedence over the other, if both are specified. This way the custom flag would still be supported for current implementations, but it would also support the standard approach.
Thanks!
In the current Dockerfile gcc and required libs are not included, which is required when building on arm64.
27.10 gcc -fno-strict-overflow -Wsign-compare -DNDEBUG -g -O3 -Wall -fPIC -DFFI_BUILDING=1 -I/usr/include/ffi -I/usr/include/libffi -I/usr/local/include/python3.12 -c src/c/_cffi_backend.c -o build/temp.linux-aarch64-cpython-312/src/c/_cffi_backend.o
27.10 error: command 'gcc' failed: No such file or directory
27.10 [end of output]
27.10
27.10 note: This error originates from a subprocess, and is likely not a problem with pip.
27.10 ERROR: Failed building wheel for cffi
27.10 Failed to build cffi
27.11 ERROR: Could not build wheels for cffi, which is required to install pyproject.toml-based projects
Azure allows a principal to manage individual records of a zone. This allows to have different credentials per record.
It would be nice to clear the TXT record (setting it to blank ot '-') instead of deleting the record, so the role assignment is persisted.
IMHO, security-wise, not sure how much advantage leaving a blank record instead of deleting it, as you can query https://crt.sh/ (certificate transparency logs) for a given domain, so knowing that exists an _acme-challenge entry in a domain isn't any different at all from querying crt.sh.
Still, when combined with #14 is very useful to have a single zone to hold challenges across several domains without having multiple zones registered in Azure DNS (saving on billing, since it charges per zone + per million queries).
Hello,
For anyone wanting to use this plugin in a container I have the following example:
FROM alpine:latest
RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python
RUN python3 -m ensurepip
RUN pip3 install --no-cache --upgrade pip setuptools certbot certbot-dns-azure
The docker build command would simply be:
docker build -t certbot-azuredns -f Dockerfile .
As an example the newly created container can be used as follows (a bit brave to mount directly the host's /etc/letsencrypt directory):
docker run -it --rm --name certbot-azure-dns \
-v /etc/letsencrypt/:/etc/letsencrypt/ \
certbot-azuredns \
certbot certonly \
--authenticator dns-azure \
--preferred-challenges dns \
--agree-tos \
--email '[email protected]' \
--noninteractive \
--dns-azure-config /etc/letsencrypt/clouddns/azuredns.ini \
--domains example.com \
--domains '*.example.com'
And the contents of the azuredns.ini is as per the service principal example with 400 permission.
dns_azure_sp_client_id = AAA...
dns_azure_sp_client_secret = BBB...
dns_azure_tenant_id = CCC...
dns_azure_environment = "AzurePublicCloud"
dns_azure_zone1 = example.com:/subscriptions/DDD.../resourceGroups/rg-dns001
Please let me know if code snippet above this is adequate to be included in a subsequent PR.
Hi,
I just tried to use certbot-dns-azure
with the newly released certbot 2.0.0 and got the following stack trace:
2022-11-27 15:50:30,511:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/python3.10/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/usr/local/lib/python3.10/site-packages/certbot/_internal/main.py", line 1707, in main
plugins = plugins_disco.PluginsRegistry.find_all()
File "/usr/local/lib/python3.10/site-packages/certbot/_internal/plugins/disco.py", line 208, in find_all
cls._load_entry_point(entry_point, plugins)
File "/usr/local/lib/python3.10/site-packages/certbot/_internal/plugins/disco.py", line 215, in _load_entry_point
plugin_ep = PluginEntryPoint(entry_point)
File "/usr/local/lib/python3.10/site-packages/certbot/_internal/plugins/disco.py", line 56, in __init__
self.plugin_cls: Type[interfaces.Plugin] = entry_point.load()
File "/usr/local/lib/python3.10/site-packages/pkg_resources/__init__.py", line 2471, in load
return self.resolve()
File "/usr/local/lib/python3.10/site-packages/pkg_resources/__init__.py", line 2477, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/local/lib/python3.10/site-packages/certbot_dns_azure/_internal/dns_azure.py", line 20, in <module>
@zope.interface.implementer(interfaces.IAuthenticator)
AttributeError: module 'certbot.interfaces' has no attribute 'IAuthenticator'
2022-11-27 15:50:30,511:ERROR:certbot._internal.log:An unexpected error occurred:
2022-11-27 15:50:30,511:ERROR:certbot._internal.log:AttributeError: module 'certbot.interfaces' has no attribute 'IAuthenticator'
Seems like something does not properly work together with certbots zope interface implementations.
I haven't had the time to dig into it, but i got it working by going back to certbot==1.32.0
and acme==1.32.0
using pip.
I am trying to renew a certificate, and the DNS TXT record is not getting set for one of my two DNS zones. There have been some other similar resolved issues (#9, #35) but I'm still having a problem.
n.b. some information is redacted below and I changed the domain name to mywebsite
.
I have 2 Azure DNS Zones, mywebsite.com
and pages.mywebsite.com
. When I look on the Azure dashboard, I can see two DNS TXT records getting added to the mywebsite.com
zone, but I don't see any records for pages.mywebsite.com
. See screenshots below.
mywebsite.com
DNS Zonepages.mywebsite.com
DNS Zonesudo /usr/local/bin/certbot certificates
Output- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: mywebsite.com
Serial Number: xxx
Key Type: RSA
Domains: *.mywebsite.com *.pages.mywebsite.com
Expiry Date: 2023-06-13 23:02:30+00:00 (VALID: 1 day)
Certificate Path: /etc/letsencrypt/live/mywebsite.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mywebsite.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sudo /usr/local/bin/certbot renew --dry-run
OutputSaving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mywebsite.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for *.mywebsite.com and *.pages.mywebsite.com
Waiting 10 seconds for DNS changes to propagate
Certbot failed to authenticate some domains (authenticator: dns-azure). The Certificate Authority reported these problems:
Domain: pages.mywebsite.com
Type: unauthorized
Detail: No TXT record found at _acme-challenge.pages.mywebsite.com
Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-azure. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-azure-propagation-seconds (currently 10 seconds).
Failed to renew certificate mywebsite.com with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/mywebsite.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
As you can see, the mywebsite.com
zone has 2 entries, one called _acme-challenge
and one called _acme-challenge.pages
. I'm pretty sure the _acme-challenge.pages
one is supposed to be in the other DNS zone.
I'm not sure how to set up the configuration to fix this. I have had these certificates auto-renewing via a cron job for over a year, so I'm not sure why it failed now.
I have been changing around my certbot and certbot-dns-azure versions to try to fix this. I started today on certbot version 1.14.0 and certbot-dns-azure version 1.0.1, but I tried updating to the latest (certbot 2.6.0 and certbot-dns-azure 2.1.0). I also tried updating to certbot-dns-azure 2.2.0b0, which reverted my certbot to 2.6.0... Not sure what version to use now.
Sorry my bad english skills.
When I tried to run certbot using dns-azure as authenticator, I got the following error.
$ certbot certonly \
--authenticator dns-azure \
--preferred-challenges dns \
--noninteractive \
--agree-tos \
--email [email protected] \
--dns-azure-config azure.ini \
--config-dir config-dir/ \
--work-dir work-dir/ \
--logs-dir logs-dir/ \
--cert-name example.com \
--domains example.com
Saving debug log to /path/to/logs-dir/letsencrypt.log
Plugins selected: Authenticator dns-azure, Installer None
Account registered.
Requesting a certificate for example.com
Performing the following challenges:
dns-01 challenge for example.com
Cleaning up challenges
Encountered exception during recovery: AttributeError: 'ServicePrincipalCredentials' object has no attribute 'get_token'
An unexpected error occurred:
AttributeError: 'ServicePrincipalCredentials' object has no attribute 'get_token'
Please see the logfiles in /path/to/logs-dir for more details.
This is due to the recent version release of azure-mgmt-dns.
Versions 3.0.0 and 8.0.0 are not compatible.
I think this plugin needs to support version 8.0.0 of azure-mgmt-dns or fix the version of azure-mgmt-dns to 3.0.0, can you give me your opinion?
Created a Pull Request for each.
TTL entry is at the moment created with static value of 120 seconds, it would be better to have an option to configure the value via CLI argument like ttl-txt-dns-record
.
Example:
sudo certbot certonly \
--authenticator dns-azure \
--dns-azure-config azure.ini \
--preferred-challenges dns-01 \
--ttl-txt-dns-record 10 \
--dns-azure-propagation-seconds 10 \
--noninteractive \
--server https://acme-v02.api.letsencrypt.org/directory \
--key-type rsa -d "*.dummy.example.com" \
-m [email protected] \
--agree-tos \
--preferred-chain "ISRG Root X1" \
--force-renewal \
-v
Hi,
I'm logging in to a service principal using OIDC (using https://github.com/marketplace/actions/azure-login and yes I know how horrible the things are that led me to a solution that include running certbot in a github actions runner, and I am ashamed of doing it, don't ask) and thus don't have a service principal secret - is there a way to use that authentication, basically the authentication of az cli, with this plugin?
I believe the azure SDK:s that provide a DefaultAzureCredential
would pick this up (such as the python one), so an option to authenticate using that or AzureCliCredential
would be really helpful
4.292 error: externally-managed-environment
4.292
4.292 × This environment is externally managed
4.292 ╰─>
4.292 The system-wide python installation should be maintained using the system
4.292 package manager (apk) only.
4.292
4.292 If the package in question is not packaged already (and hence installable via
4.292 "apk add py3-somepackage"), please consider installing it inside a virtual
4.292 environment, e.g.:
PR incoming, I switched the container to python:alpine and it builds. Not exactly sure what the core issue is.
We are currently implementing a wrapper library for DNS challenge based on certbot for Azure and were facing a small issue.
Use case:
We want to use a "shared" TXT record for CName delegation, so that multiple users/identities can gather a Certficate with only one TXT record, instead of creating a dedicated TXT record for every user/identity.
The DNS Validation sometimes fails, if the challenges take place in parallel.
I believe this section is the problem:
Proposal:
Only remove TXT record entry that was validated and only set TXT record to '-' if that entry was the last one of this record
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.