Debian Stretch: how to enable certbot --dns-rfc2136?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
certbot certonly --dry-run --dns-rfc2136 --dns-rfc2136-credentials bind9_creds.ini --expand --cert-name

It produced this output:
Could not choose appropriate plugin: The requested dns-rfc2136 plugin does not appear to be installed
The requested dns-rfc2136 plugin does not appear to be installed

My web server is (include version):
Apache 2.4

The operating system my web server runs on is (include version):
Debian Stretch (+backports for certbot)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

–> I succeeded in fetching the certificate by using the --manual --preferred-challenges dns and then interactively adding the TXT records to my dns server, but to automate the renewal, I either have to script something myself (dehydrated is an example I have come across quite frequently), or I should be able to use this functionality created by the certbot devs. Unfortunately it seems that Debian Backports does not package the dns-rfc2136 plugin currently. Can anyone suggest what is the best way to accomplish automatic renewals based on DNS-01 challenges?

You can try install certbot-dns-rfc2136 via pip until the packaging situation is sorted out.

1 Like

For what it’s worth, there’s a strong chance the plugin situation will be sorted out before you need to renew this certificate. Waiting might be the best strategy.


Thank you both for these fast answers. I’ll wait 2 months and then check back. If the stretch-backports package is not updated yet, I’ll install with pip.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.