nginx-proxy-manager icon indicating copy to clipboard operation
nginx-proxy-manager copied to clipboard

Published 20 hours ago verified publisher icon NginxProxyManager

Certbot could not request a new Cert via DNS Challenge via desec

Open Brottus opened this issue 2 years ago • 2 comments

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes Version 2.9.19 (5920b0c) 2022-11-08 04:56:39 UTC, OpenResty 1.19.9.1, debian 10 (buster), Certbot certbot 2.1.0
  • Have you searched for similar issues (both open and closed)?
    • Yes but never sure i searched correct way ;-)

Describe the bug [Nginx ] › ℹ info Reloading Nginx [SSL ] › ℹ info Requesting Let'sEncrypt certificates via deSEC for Cert #XX: XXXXXXXX [SSL ] › ℹ info Command: mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo 'dns_desec_token = XXXXXXXXXXXXXXXXXXX dns_desec_endpoint = https://desec.io/api/v1/' > '/etc/letsencrypt/credentials/credentials-XX' && chmod 600 '/etc/letsencrypt/credentials/credentials-XX' && pip install certbot-dns-desec~=0.3.0 && certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-XX" --agree-tos --email "XXXXXXX" --domains "XXXXXXX" --authenticator dns-desec --dns-desec-credentials "/etc/letsencrypt/credentials/credentials-X" [Nginx ] › ℹ info Reloading Nginx [Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-XX" --agree-tos --email "XXXXXXXXXXXXXX" --domains "XXXXXXXXXXX" --authenticator dns-desec --dns-desec-credentials "/etc/letsencrypt/credentials/credentials-XX" An unexpected error occurred: ModuleNotFoundError: No module named 'zope' Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-kkqcqy_0/log or re-run Certbot with -v for more details. So when requesting a new cert via DNS challenge from desec i received this error and the request as such failed

Nginx Proxy Manager Version v2.9.19

To Reproduce Steps to reproduce the behavior:

  1. Go to 'SSL Certificates'
  2. Click on 'Add SSL Certificate'
  3. Select DNS Challenge and chose desec as DNS Provider and fill out the token as shown in the box
  4. See error in the logs of the container

Expected behavior Certificate gets requested and saved accordingly or add for desec to the initial steps "pip install zope" so instead of "pip install certbot-dns-desec~=0.3.0" use instead "pip install certbot-dns-desec~=0.3.0 zope"

Additional context I fixed the issue by adding the missing module inside the container via "pip install zope" and redo the steps

Suggested Solution Please add the zope module to the docker image cause the next update will probably break it again. I'm not sure if all the parts are needed from zope or if a subset is sufficient but this was the quick way. Thank you.

Brottus avatar Dec 17 '22 17:12 Brottus

same here

AnID-Aux avatar Dec 24 '22 11:12 AnID-Aux

https://github.com/NginxProxyManager/docker-nginx-full/pull/10

dormancygrace avatar Dec 29 '22 02:12 dormancygrace

Any news about this bug being fixed?

joanfabregat avatar Jan 06 '23 22:01 joanfabregat

Workaround for me: see what the container is called: docker-ps join the Container: docker exec -it CONTAINERNAME /bin/bash then run the following: apt update && apt dist-upgrade apt install python3 python3-venv libaugeas0 python3 -m venv /opt/certbot/ pip3 install --upgrade pip pip3 install certbot==1.32.0 certbot-apache==1.32.0 acme==1.32.0 then exit the container: exit renewing the cert in the web interface was successful

AnID-Aux avatar Jan 06 '23 22:01 AnID-Aux

@AnID-Aux Thanks a lot, worked like a charm for me

joanfabregat avatar Jan 07 '23 03:01 joanfabregat

@joanfabregat you're welcome

AnID-Aux avatar Jan 07 '23 03:01 AnID-Aux

Workaround for me: see what the container is called: docker-ps join the Container: docker exec -it CONTAINERNAME /bin/bash then run the following: apt update && apt dist-upgrade apt install python3 python3-venv libaugeas0 python3 -m venv /opt/certbot/ pip3 install --upgrade pip pip3 install certbot==1.32.0 certbot-apache==1.32.0 acme==1.32.0 then exit the container: exit renewing the cert in the web interface was successful

Thanks, this works for me.

xuxintao avatar Jan 21 '23 01:01 xuxintao

Hi Everyone, just replying cause this seems still to be an issue for people. So as mentioned by @AnID-Aux you could revert back to certbot v1 as described or as mentioned by @LEDfan in the pull request https://github.com/NginxProxyManager/nginx-proxy-manager/pull/2507 just update the plugin to the latest version which has several checks to ensure that the zope package issue does not break the plugin. You could also try out to pull the docker image jc21/nginx-proxy-manager:github-pr-2507 which has that fix in place. Or as mentioned by me just install the zope package by your self. Hope this gives everyone an idea what can be done to have working version until the fix get merged. Thanks.

Brottus avatar Mar 03 '23 16:03 Brottus