Certbot DNS plugin partially not detected

Hello,

I am writing a dns plugin to be able to perform the dns challenge with njalla. I have based this plugin on other existing plugins and am using lexicon for this. Now when I publish the plugin to PyPi and download it using pip3 install certbot-dns-njalla I am unable to get it to work with certbot. I have installed certbot from the debian / raspbian repo, so I'm on version 0.31.0

When I run certbot plugins, it lists my plugin without issue:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* certbot-dns-njalla:dns-njalla
Description: Obtain certificates using a DNS TXT record (if you are using Njalla
for DNS).
Interfaces: IAuthenticator, IPlugin
Entry point: dns-njalla = certbot_dns_njalla.dns_njalla:Authenticator

* standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator

* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

However when I then try to run the certbot with this plugin (without the required arguments at first to test whether its working) with sudo certbot certonly -a certbot-dns-njalla:dns-njalla --dry-run it no longer seems to find the plugin:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: The requested certbot-dns-njalla:dns-njalla plugin does not appear to be installed
The requested certbot-dns-njalla:dns-njalla plugin does not appear to be installed

The debug log shows the following entry which I think might be a hing:

2020-10-03 12:08:22,707:DEBUG:certbot.main:Discovered plugins: 
PluginsRegistry(
    PluginEntryPoint#manual,
    PluginEntryPoint#null,
    PluginEntryPoint#standalone,
    PluginEntryPoint#webroot
)

I'm guessing the PluginEntryPoint#null should be my plugin? But why is the entrypoint null?

All source code can be found at https://github.com/chaptergy/certbot-dns-njalla

2 Likes

Your plugin works just fine for me on Debian Buster.

I don't think so. I see the same thing, even when your plugin is detected:

2020-10-03 12:25:04,740:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-dns-njalla:dns-njalla,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)

Do certbot and sudo certbot definitely refer to the same Certbot?

3 Likes

You are right, sudo certbot plugins does not show my plugin, so apparently not. How do I install the plugin so it is available even with sudo? pip does not seem to have any options for global installation or anything similar.

2 Likes

Okay I have solved my issue. To recap: When using sudo the python path is different than when not using it, and by default pip seems to install the packages in your home directory. By prepending sudo -H to the pip command it is installed in a directory, which is used by the root user, so when sudoing the certbot, the installed plugin is found aswell.

TLDR: I used sudo -H pip3 install certbot-dns-njalla to install the plugin and it now works with sudo certbot ...

2 Likes