nginx-proxy-manager icon indicating copy to clipboard operation
nginx-proxy-manager copied to clipboard

Published 20 hours ago verified publisher icon NginxProxyManager

Bugfix: Fix certbot plugin installation issues

Open plantysnake opened this issue 2 years ago • 6 comments

Now plug-ins for certbot should be installing not into the system, but into certbot venv.

plantysnake avatar Nov 18 '22 12:11 plantysnake 

[2022-11-18T12:11:45.353Z] $ /app/node_modules/.bin/eslint .

[2022-11-18T12:11:45.353Z] 

[2022-11-18T12:11:45.353Z] /app/internal/certificate.js

[2022-11-18T12:11:45.353Z]   878:3    error  This group of assignments is not aligned  align-assignments/align-assignments

[2022-11-18T12:11:45.353Z]   878:177  error  Strings must use singlequote              quotes

[2022-11-18T12:11:45.353Z] 

[2022-11-18T12:11:45.353Z] /app/setup.js

[2022-11-18T12:11:45.353Z]   172:5   error  This group of assignments is not aligned  align-assignments/align-assignments

[2022-11-18T12:11:45.353Z]   192:94  error  Strings must use singlequote              quotes

[2022-11-18T12:11:45.353Z] 

[2022-11-18T12:11:45.353Z] ✖ 4 problems (4 errors, 0 warnings)

[2022-11-18T12:11:45.353Z]   4 errors and 0 warnings potentially fixable with the `--fix` option.

Once this passes and builds an image we can test further

jc21 avatar Nov 20 '22 22:11 jc21

Hi, I have tested this PR and it seems to not quite work yet. I get this error when activating the venv and then running certbot:

Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 5, in <module>
    from certbot.main import main
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in <module>
    from certbot._internal import main as internal_main
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 19, in <module>
    import josepy as jose
  File "/opt/certbot/lib/python3.7/site-packages/josepy/__init__.py", line 40, in <module>
    from josepy.json_util import (
  File "/opt/certbot/lib/python3.7/site-packages/josepy/json_util.py", line 14, in <module>
    from OpenSSL import crypto
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1517, in <module>
    class X509StoreFlags(object):
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags
    CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

The solution for me was to upgrade the PyOpenSSL package to version 22.1.0. After that all is OK and all python deps are nicely installed into the certbot venv. Now renewing + getting LetsEncrypt certs works again using DNS plugins.

EDIT: I'm using the transip DNS plugin.

rmoesbergen avatar Dec 02 '22 14:12 rmoesbergen

There's an updated Docker image with a possible fix ( see PR #2411 ):

jc21/nginx-proxy-manager:github-pr-2411

Please test this and report your findings in the PR comments. Also note that renewals are also failing, so make sure to check the expiry of your certificates to prevent unexpected downtime.

Tried this one... with success (for hetzner; used tag: jc21/nginx-proxy-manager:github-pr-2411)

the first ~10 minutes i get following error of multiple instances 
Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-80" --agree-tos --email "EMAIL_REMOVED" --domains "*.EXAMPLE.dev,EXAMPLE.dev" --authenticator dns-hetzner --dns-hetzner-credentials "/etc/letsencrypt/credentials/credentials-80"
Another instance of Certbot is already running.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-0d844pcc/log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

After ~10 minutes its working again

image

kcastner avatar Dec 05 '22 09:12 kcastner

works for me too, thanks.

DjSni avatar Dec 31 '22 06:12 DjSni

This branch worked for me with GoDaddy DNS Challenge / API key/secret and adding a wildcard certificate. Thanks!

jerimiah797 avatar Dec 31 '22 22:12 jerimiah797

Tested this branch with certbot-dns-route53 successfully. I ended up here based on basically the same error with the route53 provider on a pi 3b running 'linux/arm/v7'.

kevin7s-io avatar Jan 20 '23 13:01 kevin7s-io

Docker Image for build 3 is available on DockerHub as jc21/nginx-proxy-manager:github-pr-2411

Note: ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.

nginxproxymanagerci[bot] avatar Mar 08 '23 06:03 nginxproxymanagerci[bot]