Certbot ignores flags

sidusnare · January 24, 2020, 2:46pm

Certbot is ignoring command line flags, I tell it to only create a cert and do DNS validation and it is runnuing apache2ctl for some reason and not doing DNS auth.

My domain is: solprime.net

I ran this command:
certbot certonly -d ‘solprime.net,*.solprime.net’ --preferred-challenges dns
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apache2ctl configtest.

Usage: /usr/sbin/apache2 [-D name] [-d directory] [-f file]
[-C “directive”] [-c “directive”]
[-k start|restart|graceful|graceful-stop|stop]
[-v] [-V] [-h] [-l] [-L] [-t] [-T] [-S] [-X]
Options:
-D name : define a name for use in directives
-d directory : specify an alternate initial ServerRoot
-f file : specify an alternate ServerConfigFile
-C “directive” : process directive before reading config files
-c “directive” : process directive after reading config files
-e level : show startup errors of level (see LogLevel)
-E file : log startup errors to file
-v : show version number
-V : show compile settings
-h : list available command line options (this page)
-l : list compiled in modules
-L : list available configuration directives
-t -D DUMP_VHOSTS : show parsed vhost settings
-t -D DUMP_RUN_CFG : show parsed run settings
-S : a synonym for -t -D DUMP_VHOSTS -D DUMP_RUN_CFG
-t -D DUMP_MODULES : show all loaded modules
-M : a synonym for -t -D DUMP_MODULES
-t -D DUMP_INCLUDES: show all included configuration files
-t : run syntax check for config files
-T : start without DocumentRoot(s) check
-X : debug mode (only one worker, do not detach)

How would you like to authenticate with the ACME CA?

1: Apache Web Server plugin - Beta (apache) [Misconfigured]
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): c
Could not choose appropriate plugin: authenticator could not be determined or is not installed
authenticator could not be determined or is not installed

My web server is (include version): Not supposed to matter

The operating system my web server runs on is (include version): Gentoo

My hosting provider, if applicable, is: Me

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.28.0.dev0

mnordhoff · January 24, 2020, 3:16pm

You also have to pass an argument telling it to use a different plugin. For example, to use the dns-nsone plugin for the DNS company NS1 (and not automatically configure your web server), you might use:

sudo certbot certonly --dns-nsone --dns-nsone-credentials ~/.secrets/certbot/nsone.ini -d example.com

It's not relevant to your question, but shouldn't a newer version be available?

sidusnare · January 24, 2020, 3:21pm

What is the option for me to create the records? I don’t want certbot to touch anything that isn’t the certs it’s responsible for, I’ll create the config, I’ll create the validation, it just needs to do it’s certs.

mnordhoff · January 24, 2020, 3:49pm

You can use the manual plugin, then.

We would encourage you to use a configuration that allows automated renewal, especially since Let’s Encrypt certificates are valid for only 90 days, but it’s your choice.

Certbot also has a plugin for Route 53 (but I’m not sure it’s packaged on Gentoo).

sidusnare · January 24, 2020, 3:52pm

Why can’t the manual auto-renew? I’m not going to delete the _acme-challenge record?

JuergenAuer · January 24, 2020, 3:55pm

Hi @sidusnare

please read

New order -> new token -> new _acme-challenge - record.

You don't want to do that every 60 - 85 days manual.

Osiris · January 24, 2020, 6:34pm

Not officially, but there does exist an overlay (little bit comparable with PPAs) with ebuilds for the DNS plugins. Edit: or perhaps án ebuild. Can't find one with all the plugins.

Info about overlays: Layman - Gentoo wiki (Layman is a very handy tool to manage overlays)

For NSOne there does exist an official package: app-crypt/certbot-dns-nsone – Gentoo Packages

@sidusnare Does your DNS provider have some kind of API? See this list of supported DNS providers (i.e., where a certbot plugin exists for) from the documentation of certbot: User Guide — Certbot 2.7.0.dev0 documentation
If your DNS provider isn't listed or doesn't provide an API for which a plugin exists (RFC 2136), you'll need to use the manual plugin with -a manual.

system · February 23, 2020, 6:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Modify certbot manually created certificate Help	18	3686	May 20, 2020
What's the difference between these two cerbot command Help	4	889	April 7, 2020
Certbot with NS1 plugin unrecognized arguments Server	19	5121	September 20, 2017
How to install a DNS plugin? Help	5	19798	January 27, 2019
I need help with ./certbot-auto --apache Help	20	1543	February 5, 2019

Certbot ignores flags

Related topics