System: Ubuntu 16
UID: root
Auth: dns-route53 plugin installed under pip/global.
I can renew just fine using the plugin if I become root and do certbot renew
.
If I let certbot.service
try and do it, I get this in logs:
2019-06-07 19:36:24,969:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2019-06-07 19:36:24,969:DEBUG:certbot.plugins.selection:Requested authenticator dns-route53 and installer None
2019-06-07 19:36:24,970:DEBUG:certbot.plugins.selection:No candidate plugin
2019-06-07 19:36:24,970:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2019-06-07 19:36:24,970:INFO:certbot.main:Could not choose appropriate plugin: The requested dns-route53 plugin does not appear to be installed
2019-06-07 19:36:24,970:WARNING:certbot.renewal:Attempting to renew cert (wildcard.domain.com) from /etc/letsencrypt/renewal/wildcard.domain.com.conf produced an unexpected error: The requested dns-route53 plugin does not appear to be installed. Skipping.
2019-06-07 19:36:24,970:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 452, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1187, in renew_cert
installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
File "/usr/lib/python3/dist-packages/certbot/plugins/selection.py", line 237, in choose_configurator_plugins
diagnose_configurator_problem("authenticator", req_auth, plugins)
File "/usr/lib/python3/dist-packages/certbot/plugins/selection.py", line 341, in diagnose_configurator_problem
raise errors.PluginSelectionError(msg)
certbot.errors.PluginSelectionError: The requested dns-route53 plugin does not appear to be installed
If do it from command line log:
2019-06-07 19:52:44,291:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2019-06-07 19:52:44,292:DEBUG:certbot.plugins.selection:Requested authenticator dns-route53 and installer None
2019-06-07 19:52:44,298:DEBUG:botocore.hooks:Changing event name from creating-client-class.iot-data to creating-client-class.iot-data-plane
2019-06-07 19:52:44,302:DEBUG:botocore.hooks:Changing event name from before-call.apigateway to before-call.api-gateway
2019-06-07 19:52:44,302:DEBUG:botocore.hooks:Changing event name from request-created.machinelearning.Predict to request-created.machine-learning.Predict
2019-06-07 19:52:44,304:DEBUG:botocore.hooks:Changing event name from before-parameter-build.autoscaling.CreateLaunchConfiguration to before-parameter-build.auto-scaling.CreateLaunchConfiguration
2019-06-07 19:52:44,304:DEBUG:botocore.hooks:Changing event name from before-parameter-build.route53 to before-parameter-build.route-53
2019-06-07 19:52:44,305:DEBUG:botocore.hooks:Changing event name from request-created.cloudsearchdomain.Search to request-created.cloudsearch-domain.Search
2019-06-07 19:52:44,305:DEBUG:botocore.hooks:Changing event name from docs.*.autoscaling.CreateLaunchConfiguration.complete-section to docs.*.auto-scaling.CreateLaunchConfiguration.complete-section
2019-06-07 19:52:44,308:DEBUG:botocore.hooks:Changing event name from before-parameter-build.cloudsearchdomain.Search to before-parameter-build.cloudsearch-domain.Search
2019-06-07 19:52:44,308:DEBUG:botocore.hooks:Changing event name from docs.*.cloudsearchdomain.Search.complete-section to docs.*.cloudsearch-domain.Search.complete-section
2019-06-07 19:52:44,308:DEBUG:botocore.hooks:Changing event name from before-parameter-build.logs.CreateExportTask to before-parameter-build.cloudwatch-logs.CreateExportTask
etc.... (it works)
# certbot plugins
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* dns-route53
Description: Obtain certificates using a DNS TXT record (if you are using AWS
Route53 for DNS).
Interfaces: IAuthenticator, IPlugin
Entry point: dns-route53 = certbot_dns_route53.dns_route53:Authenticator
* standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
And it’s log:
2019-06-07 20:17:25,512:DEBUG:certbot.main:certbot version: 0.35.0
2019-06-07 20:17:25,512:DEBUG:certbot.main:Arguments: []
2019-06-07 20:17:25,512:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-route53:auth,PluginEntryPoint#dns-route53,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-06-07 20:17:25,520:DEBUG:certbot.log:Root logging level set at 20
2019-06-07 20:17:25,521:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-06-07 20:17:25,521:DEBUG:certbot.main:Expected interfaces: None
2019-06-07 20:17:25,522:DEBUG:certbot.main:Filtered plugins: PluginsRegistry(PluginEntryPoint#dns-route53,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
A path/pip issue is all I can think of, but am at a loss on where the problem is.