Certbot-dns-cloudflare 2.3.1 or higher on ubuntu without snap

Hi all,

I'm trying to install certbot on my haproxy server and issue certs for the domains it proxies. My host is an LXC container on Proxmox. This means i cannot use snap.

The container is running: Ubuntu 20.04.5 LTS
The lxc host is Debian 11.3 with proxmox

Certbot was installed via apt:
certbot --version
certbot 0.40.0

And is working fine when I use it with FreeDNS (afraid.org). However, I have recently moved my DNS and CDN to Cloudflare so the certificate validation via DNS also need fixing to match the my new provider.

Without snap how can i get the latest version of "dns-cloudflare-credentials" or at least version 2.3.1 or higher which allow the use of restricted API tokens vs global API Keys?

apt-get install python3-certbot-dns-cloudflare == version: 0.39.0-1
pip install python3-certbot-dns-cloudflare == version 1.31.0

Can i maybe manually install this from somewhere?

If your Linux distribution, which you haven't mentioned by the way, does not offer an up to date version of Certbot and the Cloudflare plugin (you need 1.2.0 or newer for token support) and snap is not an option, I would recommend to install Certbot and the plugin in their own Python venv using pip.

2 Likes

OR try another ACME client - like: acme.sh

4 Likes

Thanks for steering me in the right direction, eventually this has fixed the issue:

  • use apt to install certbot: $ sudo apt install certbot
  • use pip to install the cloudflare dns: $ sudo apt install python3-pip && pip install certbot-dns-cloudflare
1 Like

For other readers, please use the pip instructions instead of mixing apt and pip.

5 Likes

Would it make make Sense to leave a note on:

  • the apt instruction page to suggest people that require plugins which are unavailable via apt to use the pip install method instead for the complete installation.
  • and the same for snap, pointing people to the pip alternative in case snap is not an option.

This might lead to less posts like mine.

What apt instruction page exactly? AFAIK all apt-related instructions on certbot.eff.org have been changed to snap.

2 Likes

It’s that exactly the problem? People that are unable to use snap all end up in a dead-end street. It would make sense to put a sign up to tell them where to go.

Yes, but that was your second bullet, I was referring to the first one.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.