certbot / certbot

Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Can't use certbot/dns-cloudflare, missing python3-certbot-dns-cloudflare?

PhilM-IT opened this issue · comments

My operating system is (include version):

Docker image certbot/dns-cloudflare:arm64v8-latest (tried the nightly too) running from ubuntu 22.04 on a RPi-4b

I installed Certbot with (snap, OS package manager, pip, certbot-auto, etc):

n/a - I pulled the official built docker image

I ran this command and it produced this output:

Docker compose file contains:
command:
- "certonly" #don't install
- "-n" #non-interactive
- "--agree-tos"
- "--dns-cloudflare --dns-cloudflare-credentials ~/conf/cloudflare.ini"

Additional values are provided for the domain etc.

Any point "--dns-cloudflare-credentials" is included in the command list (inline with another command or as it's own entry, I receive the following error (calling out the full command line that includes "--dns-cloudflare-credentials")
"certbot: error: unrecognized arguments: --dns-cloudflare --dns-cloudflare-credentials ~/conf/cloudflare.ini"

Certbot's behavior differed from what I expected because:

I expect it to parse and use the credentials from the file.

From what I can tell the base docker image used and the plugin setup for installation don't install a requirement, python3-certbot-dns-cloudflare, which is needed for the "--dns-cloudflare-credentials" flag to work

Here is a Certbot log showing the issue (if available):

Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.

mmhb-certbot | usage:
mmhb-certbot | certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
mmhb-certbot |
mmhb-certbot | Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
mmhb-certbot | it will attempt to use a webserver both for obtaining and installing the
mmhb-certbot | certificate.
mmhb-certbot | certbot: error: unrecognized arguments: --dns-cloudflare --dns-cloudflare-credentials ~/conf/cloudflare.ini
mmhb-certbot exited with code 2

Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:

n/a, just want the docker to get the cert not install

Hi,

You cannot combine two flags into a single entry like that.

This works in a shell, because a shell automatically splits them up into separate arguments.

However, Docker Compose passes them verbatim, so it's the equivalent of running:

# certbot certonly -d example.com "--dns-cloudflare --dns-cloudflare-credentials=cloudflare.ini" --dry-run
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --dns-cloudflare --dns-cloudflare-credentials=cloudflare.ini

A full working example would be:

version: '3'
services:
  certbot:
    image: certbot/dns-cloudflare:arm64v8-latest
    command:
      - certonly
      - --non-interactive
      - --staging
      - --agree-tos
      - --register-unsafely-without-email
      - --dns-cloudflare
      - --dns-cloudflare-credentials="/etc/letsencrypt/cloudflare-creds.ini"
      - -d example.com

Hi,

You cannot combine two flags into a single entry like that.

This works in a shell, because a shell automatically splits them up into separate arguments.

However, Docker Compose passes them verbatim, so it's the equivalent of running:

# certbot certonly -d example.com "--dns-cloudflare --dns-cloudflare-credentials=cloudflare.ini" --dry-run
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --dns-cloudflare --dns-cloudflare-credentials=cloudflare.ini

A full working example would be:

version: '3'
services:
  certbot:
    image: certbot/dns-cloudflare:arm64v8-latest
    command:
      - certonly
      - --non-interactive
      - --staging
      - --agree-tos
      - --register-unsafely-without-email
      - --dns-cloudflare
      - --dns-cloudflare-credentials="/etc/letsencrypt/cloudflare-creds.ini"
      - -d example.com

Thanks for the example, you were correct but in my case the working command entry doesn't use double quotes.

  • --dns-cloudflare-credentials=/etc/letsencrypt/cloudflare-creds.ini