addon-nginx-proxy-manager icon indicating copy to clipboard operation
addon-nginx-proxy-manager copied to clipboard

Published 20 hours ago verified publisher icon hassio-addons

certbot google DNS challenge auth fails

Open gearlbrace opened this issue 3 years ago • 1 comments

When attempting to issue a certificate with certbot using Google DNS challenge, get the following log output:

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-17" --agree-tos --email "REDACTED" --domains "REDACTED" --authenticator dns-google --dns-google-credentials "/etc/letsencrypt/credentials/credentials-17" --dns-google-propagation-seconds 60
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Encountered exception during recovery: certbot.errors.PluginError: Error parsing credentials file '/etc/letsencrypt/credentials/credentials-17': [('PEM routines', 'get_name', 'no start line')]
Error parsing credentials file '/etc/letsencrypt/credentials/credentials-17': [('PEM routines', 'get_name', 'no start line')]
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /data/logs/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:398:12)
    at ChildProcess.emit (node:events:527:28)
    at maybeClose (node:internal/child_process:1092:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)

This happens after pasting in the json

{
  "type": "service_account",
  "project_id": "REDACTED",
  "private_key_id": "REDACTED",
  "private_key": "-----BEGIN PRIVATE KEY-----REDACTED-----END PRIVATE KEY-----\n",
  "client_email": "[email protected]",
  "client_id": "REDACTED",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/certbot%40REDACTED.iam.gserviceaccount.com"
}

I fired up a docker container of upstream jc21/nginx-proxy-manager:2.9.18 (same version that your Dockerfile pulls) on a host and was able to successfully generate a certificate using the same json content. It looks like either certbot-dns-google is a missing dependency or the UI is munging the pasted json.

gearlbrace avatar Aug 16 '22 00:08 gearlbrace

Also seeing this same issue. Looks like the meta field is getting mangled going into the database.

ryanjerskine avatar Sep 15 '22 00:09 ryanjerskine

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues. Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!

github-actions[bot] avatar Oct 15 '22 08:10 github-actions[bot]