Certbot Certificates for both Main and Backup servers

johnrb68 · May 29, 2020, 11:57pm

I have been trying to get certificates for both main and back up servers for well over a year now.

Ubuntu 18.04 - Apache/2.4.29

Rsync is a setup/security permissions nightmare (numerous Operation not permitted - failed: Permission denied for files). I have not found an easy clean way to do it this way.

Supposedly because I use DNS Made Easy, I can use their API and a Certbot Plugin for this, but…

I have never been able to get this to work, and the instructions are poorly written and seem to be outdated.
For example, I just tried again, and I get this back when trying to install the plugin (from the page https://certbot.eff.org/lets-encrypt/ubuntubionic-apache for Wildcards):

sudo apt-get install python3-certbot-dns-dns_dnsmadeeasy
Unable to locate package python3-certbot-dns-dns_dnsmadeeasy

Does anyone have any working solutions for getting Certificates for both Main and Backup servers?

I spend an hour or so every week looking at different posts and trying to get these things to work, with no luck. I have 6 servers around the world that I update and maintain everything else with out any issues, why does this seem to be such a hard thing to do?

I am sure I am not the only one trying to do this.
Maybe I should suggest this as a feature, for Certbot to be able to be run on the Backup server and get the certificate itself from the corresponding Main server as an option, with some sort of key file on the Main server for validation?

I don’t know, I’m just getting tired of trying to find a relatively simple working solution to this.

Thanks, if anyone has any suggestions. I’m about to give up on this, I’ve spent way too much time on trying to get a working solution.

stevenzhu · May 30, 2020, 12:21am

So just before you give up, give acme.sh a try.
You don’t need to use certbot for every server, and there are clearly other clients available.

What you experienced is that plugin is not available for your system’s APT repository. (Did you install all the PPAs as requested?)

Just a fair warning as a previous DME user… The support team claim that they might charge for record updates in DME (like how they did with constellix), I’m not sure if they are doing that or not, but if they did implement that, using DNS validation will incur some fees (per record / transaction update) every time the certificate renew.

mnordhoff · May 30, 2020, 1:54am

If there were a package for it, it would be called python3-certbot-dns-dnsmadeeasy. But Ubuntu's repositories and the PPA only include debs for some of the Certbot DNS plugins, and that is not one of them.

https://packages.ubuntu.com/search?keywords=python3-certbot-dns

Edit:

The dns-dnsmadeeasy plugin is available via Docker, if you like Docker.

https://certbot.eff.org/docs/install.html#running-with-docker

The Certbot project also has snaps, but I don't know if they include the DNS plugins.

system · June 29, 2020, 2:03am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.