How to install certbot-dns-ovh?

On the documentation page there are no installation instructions. https://certbot-dns-ovh.readthedocs.io/en/stable/

I installed this plugin before on ubuntu 16.04 about a year ago. That time i was using the command python3 -m pip install certbot-dns-ovh. Which i’m sure i grabbed from a documentation somewhere (i can’t find this documentation anymore). However this command no longer works because i get the following issue https://github.com/certbot/certbot/issues/7718

Does anyone know how to install this plugin?

I prefer not use docker if that’s possible.

The certbot-dns-ovh plugin was never packaged by the Ubuntu PPA maintainers - though some others were.

It’s probably easier to use something like acme.sh if you need DNS plugins, at least until the packaging situation has improved.

If you use certbot-auto rather than the apt package, it’s “kind of” possible to muddle through and get the DNS plugins. It basically involves modifying your cronjob to ensure that the OVH plugin is always installed, with:

/opt/eff.org/certbot/venv/bin/pip install certbot-dns-ovh

For example, if the regular cron job was:

0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew

You might change it to:

0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && (/opt/eff.org/certbot/venv/bin/pip install certbot-dns-ovh; /usr/local/bin/certbot-auto renew)

Not exactly elegant or supported but it avoids problems with incompatible packages.

1 Like

Hi _az thanks for your answer. I commented the line i had

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

And put a new line

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && (/opt/eff.org/certbot/venv/bin/pip install certbot-dns-ovh && certbot -q renew)

How can i initialize cerbot with the parameters i was passing before? I like to do an unattended installation. Before i was doing:

certbot -m $LETSENCRYPT_EMAIL --dns-ovh-propagation-seconds 60 --dns-ovh-credentials $CREDENTIALS_PATH --redirect --agree-tos -a dns-ovh -i nginx -d "*.$HOSTNAME" -d $HOSTNAME --server https://acme-v02.api.letsencrypt.org/directory

Should i run this same code once to set everything up?

By the way, i noticed that certbot-auto help menu is changing when you call it a second time. I’m not sure why that is.

First time

#» /usr/local/bin/certbot-auto --help
Usage: certbot-auto [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
to both this script and certbot will be downloaded and installed. After
ensuring you have the latest versions installed, certbot will be invoked with
all arguments you have provided.

Help for certbot itself cannot be provided until it is installed.

  --debug                                   attempt experimental installation
  -h, --help                                print this help
  -n, --non-interactive, --noninteractive   run without asking for user input
  --no-bootstrap                            do not install OS dependencies
  --no-permissions-check                    do not warn about file system permissions
  --no-self-upgrade                         do not download updates
  --os-packages-only                        install OS dependencies and exit
  --install-only                            install certbot, upgrade if needed, and exit
  -v, --verbose                             provide more output
  -q, --quiet                               provide only update/error output;
                                            implies --non-interactive

All arguments are accepted and forwarded to the Certbot client when run.

Second time

#» /usr/local/bin/certbot-auto --help

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  certbot-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. The most common SUBCOMMANDS and flags are:

obtain, install, and renew certificates:
    (default) run   Obtain & install a certificate in your current webserver
    certonly        Obtain or renew a certificate, but do not install it
    renew           Renew all previously obtained certificates that are near
expiry
    enhance         Add security enhancements to your existing configuration
   -d DOMAINS       Comma-separated list of domains to obtain a certificate for

  --apache          Use the Apache plugin for authentication & installation
  --standalone      Run a standalone webserver for authentication
  --nginx           Use the Nginx plugin for authentication & installation
  --webroot         Place files in a server's webroot folder for authentication
  --manual          Obtain certificates interactively, or using shell script
hooks

   -n               Run non-interactively
  --test-cert       Obtain a test certificate from a staging server
  --dry-run         Test "renew" or "certonly" without saving any certificates
to disk

manage certificates:
    certificates    Display information about certificates you have from Certbot
    revoke          Revoke a certificate (supply --cert-name or --cert-path)
    delete          Delete a certificate (supply --cert-name)

manage your account:
    register        Create an ACME account
    unregister      Deactivate an ACME account
    update_account  Update an ACME account
  --agree-tos       Agree to the ACME server's Subscriber Agreement
   -m EMAIL         Email address for important account notifications

More detailed help:

  -h, --help [TOPIC]    print this message, or detailed help on a topic;
                        the available TOPICS are:

   all, automation, commands, paths, security, testing, or any of the
   subcommands or plugins (certonly, renew, install, register, nginx,
   apache, standalone, webroot, etc.)
  -h all                print a detailed help page including all topics
  --version             print the version number
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

It's because

The first time you run certbot-auto, it downloads and installs a copy of certbot. Prior to that, the Certbot software itself isn't present on your system.

schoen, is it so that certbot-auto replaces certbot? And should i pass flags to certbot-auto instead?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.