certbot.errors.PluginError: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru

Help
1

Hello!

My domain is:

I ran this command:
/snap/bin/certbot certonly -a dns-multi
--dns-multi-credentials=/etc/letsencrypt/dns-multi.ini
-d "*.integris.ru"
--dry-run -vv
It produced this output:

Storing nonce: PhrlapXBZn-F-Wl1ne2ZtR4qYj0ewXKm38Iq3uQguoD8aMJs_Ys
Performing the following challenges:
dns-01 challenge for integris.ru
Configuring lego for provider cloudns with 2 options
Asking lego to create record 77mwqjEzugUhA7TpB40RWCaksTi-xCXQMcsmwp3Ledw for domain integris.ru
Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 90, in perform
    LegoClient.present(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 161, in present
    LegoClient._raise_for_response(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 193, in _raise_for_response
    raise errors.PluginError(resp["error"])
certbot.errors.PluginError: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.

Calling registered functions
Cleaning up challenges
Asking lego to clean up record 77mwqjEzugUhA7TpB40RWCaksTi-xCXQMcsmwp3Ledw for domain integris.ru
Cleanup of integris.ru failed: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.

My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 20.04.4 LTS
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot --version
certbot 2.11.0

cat /etc/letsencrypt/dns-multi.ini

dns_multi_provider = cloudns
CLOUDNS_AUTH_ID=redacted
CLOUDNS_AUTH_PASSWORD=redacted lego --email redacted --dns cloudns --domains *.integris.ru run

auth-id: with password created, and i am trying to use it.

Why is this error happens and how can i fix it ?
Thanks

P.S. If i edit dns-multi.ini to this

dns_multi_provider = cloudns
CLOUDNS_AUTH_ID=23054
CLOUDNS_AUTH_PASSWORD=2NM3T5PVYIA
lego --email redacted@integris.ru --dns cloudns --domains *.integris.ru run

or

dns_multi_provider = cloudns
CLOUDNS_AUTH_ID=redacted \
CLOUDNS_AUTH_PASSWORD=redacted \
lego --email redacted@integris.ru --dns cloudns --domains *.integris.ru run

I got error

certbot.errors.PluginError: Error parsing credentials configuration '/etc/letsencrypt/dns-multi.ini': Invalid line ('lego --email redacted@integris.ru --dns cloudns --domains *.integris.ru run') (matched as neither section nor keyword) at line 4.
Error parsing credentials configuration '/etc/letsencrypt/dns-multi.ini': Invalid line ('lego --email redacted@integris.ru --dns cloudns --domains *.integris.ru run') (matched as neither section nor keyword) at line 4.
2

Why are you including that lego --email (...) line in dns-multi.ini to begin with? I can't find such a thing in the certbot-dns-multi documentation.

Lego is a different ACME client than Certbot. certbot-dns-multi uses it internally. You shouldn't need to call lego manually, not on the command line nor anywhere in the configuration file.

3 Likes
3

the page i found this app is GitHub - alexzorin/certbot-dns-multi: Certbot DNS plugin supporting multiple providers, using github.com/go-acme/lego where is written

## Usage

`certbot-dns-multi` is controlled via a credentials file.

1. Head to https://go-acme.github.io/lego/dns/ a

where i search for my provider and see this example
https://go-acme.github.io/lego/dns/cloudns/

CLOUDNS_AUTH_ID=xxxx \
CLOUDNS_AUTH_PASSWORD=yyyy \
lego --email you@example.com --dns cloudns --domains my.example.org run

if my ini is like that
cat /etc/letsencrypt/dns-multi.ini

dns_multi_provider = cloudns
CLOUDNS_AUTH_ID=redacted \
CLOUDNS_AUTH_PASSWORD=redacted \

than i have an error while running this command

/snap/bin/certbot certonly -a dns-multi \
                                        --dns-multi-credentials=/etc/letsencrypt/dns-multi.ini \
                                        -d "*.integris.ru" \
                                        --dry-run -vv

Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator dns-multi and installer None
Single candidate plugin: * dns-multi
Description: Obtain certificate using any of lego's supported DNS providers
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='dns-multi', value='certbot_dns_multi._internal.dns_multi:Authenticator', group='certbot.plugins')
Initialized: <certbot_dns_multi._internal.dns_multi.Authenticator object at 0x7f754bea9370>
Prep: True
Selected authenticator <certbot_dns_multi._internal.dns_multi.Authenticator object at 0x7f754bea9370> and installer None
Plugins selected: Authenticator dns-multi, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/155999803', new_authzr_uri=None, terms_of_service=None), c6ce5a32d55094abdc7f506e776a6292, Meta(creation_dt=datetime.datetime(2024, 7, 16, 12, 23, 6, tzinfo=<UTC>), creation_host='bkc.integris.ru', register_to_eff=None))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 820
Received response:
HTTP 200
Server: nginx
Date: Wed, 17 Jul 2024 06:56:14 GMT
Content-Type: application/json
Content-Length: 820
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert",
  "xpvef0D63Z8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
Notifying user: Simulating a certificate request for *.integris.ru
Simulating a certificate request for *.integris.ru
Requesting fresh nonce
Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Wed, 17 Jul 2024 06:56:14 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: ROLR2NAwuxIQgCbCMQCM5YBHNOwqiS_sbw_DxFPQBb9dEGr0grs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


Storing nonce: ROLR2NAwuxIQgCbCMQCM5YBHNOwqiS_sbw_DxFPQBb9dEGr0grs
JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "*.integris.ru"\n    }\n  ]\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTU5OTk4MDMiLCAibm9uY2UiOiAiUk9MUjJOQXd1eElRZ0NiQ01RQ001WUJITk93cWlTX3Nid19EeEZQUUJiOWRFR3IwZ3JzIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "doiD1eiopnISsjB0Km-YZ7evyNlzJw7nHv1vrUUlqw6QemMCVkTEX1QRciFxVuPL7y7Mraw9V5cq-vcTOY4sndzEWTOW4Fn91zuuazYp7KyMX6q5-Zx1DJ8ZdNDkjuAFurteK7y5EK6tEgh0X-d-oFL2L4i3qEGQQyQqE_QHpdbFLSjJ2LlZI1Ga_gEXQvoGRwKT-0PMRMdHteocAJo8k4xP4ZgpMAQRjMwMPdnqtPViedLQRlF6ZHU_Gt9r0m1_SWNUFn2ikfSfjJ3l-HsxTX4FJBrw8BhM-jBcHJ-YTpijP3blgRQS0vK5DtWMy8BKf8IwxqmCgTNfKsyrNvBJ-A",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIiouaW50ZWdyaXMucnUiCiAgICB9CiAgXQp9"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 352
Received response:
HTTP 201
Server: nginx
Date: Wed, 17 Jul 2024 06:56:14 GMT
Content-Type: application/json
Content-Length: 352
Connection: keep-alive
Boulder-Requester: 155999803
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/155999803/17832629023
Replay-Nonce: ROLR2NAwCJEuzUXFDV7xhq-dQBqW_LrqIwt-Uc1CXGf43jjK-nI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2024-07-23T14:06:01Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.integris.ru"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13186190743"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/155999803/17832629023"
}
Storing nonce: ROLR2NAwCJEuzUXFDV7xhq-dQBqW_LrqIwt-Uc1CXGf43jjK-nI
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13186190743:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTU5OTk4MDMiLCAibm9uY2UiOiAiUk9MUjJOQXdDSkV1elVYRkRWN3hocS1kUUJxV19McnFJd3QtVWMxQ1hHZjQzampLLW5JIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzEzMTg2MTkwNzQzIn0",
  "signature": "AksMzK-Ju9HY3lP6yOgbYBJIwcCpg02NckiZBE0joIO7dnqeejWpWP8bf4Yn_FmkDG-b2XahP5ndrX9fZwdxG_CcuB0Uq_vdXzwZzIfM2T7oTUtPaG6eUQMaQSxQpWtYJsKa7tabQg6q7IC2cjR3lmvSA6I4cv_EzUHJn4-Cr2gK2kBmy7XOFkiyVe6_LfxMDPim2MEMqNcRQGUfT04Dl6wT0FX21_019YGUlZxvG8eXYL6RGY2e7bsBMkqN7wBCOshnBtG701wiu8uc37GKqRgIjM-YPAxUKv4g_9MnXQdJp2kizI3ubyZzBxjPLXDF-Lphz1jtVGC94IGZrKYAbA",
  "payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/13186190743 HTTP/1.1" 200 392
Received response:
HTTP 200
Server: nginx
Date: Wed, 17 Jul 2024 06:56:14 GMT
Content-Type: application/json
Content-Length: 392
Connection: keep-alive
Boulder-Requester: 155999803
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: zuRnlMmXoUYDVlGNkGZ_dHRiUuyCwiFtaAXbQ7LFRkaSFbF5ND0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "integris.ru"
  },
  "status": "pending",
  "expires": "2024-07-23T14:06:01Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13186190743/Bc2k9w",
      "status": "pending",
      "token": "1avPDwdozr57vmcBRWkXoz001uwRQnYvWunK_kKUvbU"
    }
  ],
  "wildcard": true
}
Storing nonce: zuRnlMmXoUYDVlGNkGZ_dHRiUuyCwiFtaAXbQ7LFRkaSFbF5ND0
Performing the following challenges:
dns-01 challenge for integris.ru
Configuring lego for provider cloudns with 2 options
Asking lego to create record 77mwqjEzugUhA7TpB40RWCaksTi-xCXQMcsmwp3Ledw for domain integris.ru
Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 90, in perform
    LegoClient.present(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 161, in present
    LegoClient._raise_for_response(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 193, in _raise_for_response
    raise errors.PluginError(resp["error"])
certbot.errors.PluginError: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.

Calling registered functions
Cleaning up challenges
Asking lego to clean up record 77mwqjEzugUhA7TpB40RWCaksTi-xCXQMcsmwp3Ledw for domain integris.ru
Cleanup of integris.ru failed: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.
Cleanup error was
Traceback (most recent call last):
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 90, in perform
    LegoClient.present(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 161, in present
    LegoClient._raise_for_response(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 193, in _raise_for_response
    raise errors.PluginError(resp["error"])
certbot.errors.PluginError: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 116, in cleanup
    LegoClient.cleanup(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 176, in cleanup
    LegoClient._raise_for_response(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 193, in _raise_for_response
    raise errors.PluginError(resp["error"])
certbot.errors.PluginError: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.
Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3834/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 90, in perform
    LegoClient.present(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 161, in present
    LegoClient._raise_for_response(
  File "/snap/certbot-dns-multi/current/lib/python3.8/site-packages/certbot_dns_multi/_internal/dns_multi.py", line 193, in _raise_for_response
    raise errors.PluginError(resp["error"])
certbot.errors.PluginError: ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.
ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.
4

Yes, but those are the instructions for usage of lego directly. The instructions for certbot-dns-multi are just related to the configuration file. You should combine both instructions by taking the environment variables for direct usage with lego from the lego documentation into the configuration file instructions for certbot-dns-multi.

Also, you should not use \ in the configuration file.

1 Like
5

It's hard to imaging what should i do when i first met the whole proccess.
Anyway
i got the same error, why?

ClouDNS: zone integris.ru not found for authFQDN _acme-challenge.integris.ru.

cat /etc/letsencrypt/dns-multi.ini

dns_multi_provider = cloudns
CLOUDNS_AUTH_ID=redatced
CLOUDNS_AUTH_PASSWORD=redatced

What am i doing wrong now ?

6

"We have checked your account and we can see that you are on Free plan, that unfortunately does not support API access. "

2 Likes
7

It could be explained in moreedetail, I agree. Especially if one doesn't have much experience with these kinds of things.

Well, that's a bummer. Also very unfortunate this isn't documented anywhere. The ClouDNS API documentation at ClouDNS: Access and Authentication mentions "Reseller API", which suggests API access is only for resellers?

2 Likes
8

no, if you change the plan from free to any - API will work, it can be done even for a trial time, but after trial will stop, so trial can be used only for checking. You can't renew without API. The only way is using "by host renew". In my case certbot from apt is broken (some python issues) so i use snap certbot.

1 Like
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.