Letsencrypt-gandi


#1

hello experts,

i want to use the letsencrypt-plugin from gandi.net with a simple hosting package.
https://github.com/Gandi/letsencrypt-gandi letsencrypt-gandi

I followed every step from the readme, but i am having issues with the commands, i allways get an “file or directory” did not exist error message. Not sure if i am missing something ?.

Installation:

Enter the directory and use the pip executable distributed with letsencrypt to install the plugin ~ $ git clone https://github.com/Gandi/letsencrypt-gandi.git ~ $ cd letsencrypt-gandi ~/letsencrypt-gandi $ ~/.local/share/letsencrypt/bin/pip install -e . < gives me a file not found error

and for creating the certificate:

~/letsencrypt $ ./letsencrypt-auto run --domains macbroadcast.org\ --authenticator letsencrypt-gandi:gandi-shs \ --letsencrypt-gandi:gandi-shs-name wordpress \ --letsencrypt-gandi:gandi-shs-vhost macbroadcast.org\ --letsencrypt-gandi:gandi-shs-api-key xxxxxxxxxxxxxxxxxxxx\ --installer letsencrypt-gandi:gandi-shs

same here “file or directory not found”

Thanks in advance


Cloudflare + Lets encrypt + gandi simple hosting
#2

I’m not understanding fully. Which command do you get “file or directory” did not exist error ?

did the “git clone” command work OK without errors ?
What about the install command ?


#3

hey there,
I forgot to mention that i am on ubuntu, git clone worked fine,yes, i am talking about the install command after “cd letsencrypt-gandi”

~/letsencrypt-gandi $ ~/.local/share/letsencrypt/bin/pip install -e .

I dont even know what it means.

Thanks


#4

have you already installed the letsencrypt (certbot) client ? (which is a requirement of that plugin)


#5

yes, i installed certbot for ubuntu from the EFF site.

`macbroadcast@macbroadcast:~$ sudo letsencrypt renew --dry-run
[sudo] Passwort für macbroadcast:
** DRY RUN: simulating ‘letsencrypt renew’ close to cert expiry
** (The test certificates below have not been saved.)

No renewals were attempted.
** DRY RUN: simulating ‘letsencrypt renew’ close to cert expiry
** (The test certificates above have not been saved.)
macbroadcast@macbroadcast:~$ cd development
macbroadcast@macbroadcast:~/development$ cd letsencrypt-gandi
macbroadcast@macbroadcast:~/development/letsencrypt-gandi$ sudo /letsencrypt-gandi $ ~/.local/share/letsencrypt/bin/pip install -e .
sudo: /letsencrypt-gandi: command not found
macbroadcast@macbroadcast:~/development/letsencrypt-gandi$
`


#6

Which method did you use to install certbot ? (it depends which version of ubuntu you are on ). using apt-get or wget ?


#7

I am on 16.04 TLS, so I thought apt-get would be ok


#8

Yes, that’s fine - in which case you shouldn’t need to do the “~/.local/share/letsencrypt/bin/pip install -e .” command. The instructions on that plugin look a little out of date.

What happens if you run

letsencrypt run --domains macbroadcast.org
–authenticator letsencrypt-gandi:gandi-shs
–letsencrypt-gandi:gandi-shs-name wordpress
–letsencrypt-gandi:gandi-shs-vhost macbroadcast.org
–letsencrypt-gandi:gandi-shs-api-key API-KEY
–installer letsencrypt-gandi:gandi-shs


#9

hmmm,its getting closer :slight_smile:

letsencrypt: error: unrecognized arguments: letsencrypt-gandi:gandi-shs

Thanks for your help , maybe i should open an issue on their github ?


#10

Yes, I think It’s getting close to the point where you need to raise an issue with the author of that plugin.

Looking at the certbot documentation on third party plugins you may be able to use

letsencrypt run --domains macbroadcast.org
–gandi
–letsencrypt-gandi:gandi-shs-name wordpress
–letsencrypt-gandi:gandi-shs-vhost macbroadcast.org
–letsencrypt-gandi:gandi-shs-api-key API-KEY
–installer letsencrypt-gandi:gandi-shs


#11

Thanks a lot for your help @serverco i made some progress , after i changed the keys i get thru the installation prozess , now i have a permission problem:

xxxxx@sftp.dc1.gpaas.net’s password:
Connected to sftp.dc1.gpaas.net.
sftp> exit
Permission denied (publickey,password).
Couldn’t read packet: Connection reset by peer
Permission denied (publickey,password).
Couldn’t read packet: Connection reset by peer
Permission denied (publickey,password).
Couldn’t read packet: Connection reset by peer
Couldn’t place file in domain: vhosts/macbroadcast.org/htdocs//.well-known/acme-challenge

But i am able to login without my password, just using keys to:

macbroadcast@macbroadcast:~$ sftp xxxxx@sftp.dc1.gpaas.net
Connected to sftp.dc1.gpaas.net.
sftp>


#12

I’m assuming that your host doesn’t insist on keys and does allow sftp via password.

The plugin does say

If the connection via sftp works, but the script still has authentication issues, make sure you have added your SSH Key to ssh-agent on your computer (see the Requirements section for instructions).

Personally, I wrote the getssl script for automating certificates remotely - which will allow you to upload the validation tokens, and certificates, on the server. if you wanted to try a different approach.


#13

Hi, I’m having the same problem trying to use letsencrypt-gandi on Debian Stretch. When I tried the solution from this thread (with my site information substituted):

`letsencrypt run --domains macbroadcast.org \
--gandi \
--letsencrypt-gandi:gandi-shs-name wordpress \
--letsencrypt-gandi:gandi-shs-vhost macbroadcast.org \
--letsencrypt-gandi:gandi-shs-api-key API-KEY \
--installer letsencrypt-gandi:gandi-shs`

I got an error

`letsencrypt: error: unrecognized arguments: --gandi --letsencrypt-gandi:gandi-shs-name`

etc…

Perhaps the gandi plugin needs to be installed? Or the certbot syntax has changed?


#14

I think you would need to install the gandi plugin - yes. the instructions are on the gandi plugin page . As above I don’t personally use the gandi plugin, hence can’t debug fully ( although there may be others around who do ).


#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.