Certbot manual-auth-hook exists but is not executable

I am following this setup to manually generate a certificate for my domain hosted by namesilo. All dependencies are installed, but when I run this:

sudo certbot certonly --manual --my.email@gmail.com --agree-tos --manual-public-ip-logging-ok --preferred-challenges=dns --manual-auth-hook authenticator.py --manual-cleanup-hook cleanup.py -d *.domain.com -d domain.com

I get the following error:

manual-auth-hook command authenticator.py exists, but is not executable.

I found a similar on this forum (Manual Auth Hook Exists But Not Executable), but I could not relate it to my case.

Can someone help me out here?

Is the authenticator.py script executable?

cleanup.py probably also should be executable.

Also, I've moved your thread to the #help section as it isn't so much a problem with issuance.

2 Likes

both python scripts have #!/usr/bin/env python3 as shebang - doesn't that make them executable?

No. 

That's just one of the few parts of making an executable script. The file permissions also need to be properly set. See linux set executable - Google Search for more info.

2 Likes

ok I did that - this is what ls -l gives me:

-rwxrwxrwx 1 root root 1075 Jun 12  2020 CHANGELOG.md
-rwxrwxrwx 1 root root 1536 Jun 12  2020 LICENSE.txt
-rwxrwxrwx 1 root root 1771 Jun 12  2020 README.md
-rwxrwxrwx 1 root root 3311 Jun 12  2020 authenticator.py
-rwxrwxrwx 1 root root 3112 Jun 12  2020 cleanup.py
-rwxrwxrwx 1 root root  187 Nov 21 12:23 config.py

Hmm, looks like the contents of the .zip release file. A little bit too much permissions, as those files should not be world writable! Not sure why certbot is complaining about that though, weird! Let me investigate.

2 Likes

I'm running this from a wsl, if that matters

Hm, I can't reproduce it on my Linux system, maybe it indeed is an issue with WSL?

Perhaps someone with access to WSL can reproduce your issue.

Also, is there any reason for using WSL? As certbot is also available for native Windows and the NameSilo authenticator and cleanup scripts might also work on Windows (not sure, the Github page doesn't mention OS compatibility).

2 Likes

I wasn't really sure how to install certbot for windows, so I went ahead and used wsl. I had a closer look, installed certbot for windows, and the execution proceeded. However, now I have a new problem:

DNS problem: NXDOMAIN looking up TXT for _acme-challenge.domain.org - check that a DNS record exists for this domain

I can ask a new question, but from what I gather is that I need to create a TXT record with _acme-challenge for my domain, correct?

The purpose of the authenticator.py script is to do that. (And cleanup.py to remove the TXT record again once it isn't necessary any longer.) You might need to increase the waiting time.

1 Like

You mean through the script? Or is there a certbot option?

I asked a new question: DNS problem: NXDOMAIN looking up TXT for _acme-challenge check that a DNS record exists for this domain

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.