rg305
August 17, 2021, 9:23am
21
So your current DSP is DYNU.
See: API | Dynu
You only need to do Authentication API Key step #1 (Obtain API Key).
Then provide those credentials to certbot
.
EDIT: I've never used DYNU with certbot
and I can't find an explicit plugin for it:
User Guide โ Certbot 1.19.0.dev0 documentation (eff.org)
But it might be RFC 2136 compliant and that plugin might work (or one of the others).
I'll try searching here and online to see if anyone has a confirmed working plugin.
eddie
August 17, 2021, 9:30am
22
Ok. I have got the API key already
1 Like
rg305
August 17, 2021, 9:33am
23
According to this page: DNS providers who easily integrate with Let's Encrypt DNS validation - Issuance Tech - Let's Encrypt Community Support (letsencrypt.org)
You might have to switch ACME clients to get DYNU API plugin support.
From certbot
to acme.sh
Still looking...
I would try using the RFC2136 plugin:
Welcome to certbot-dns-rfc2136โs documentation! โ certbot-dns-rfc2136 0 documentation
If that fails, the path of least resistance is installing acme.sh
.
[not about to write a new plugin ]
rg305
August 17, 2021, 9:38am
24
This looks promising...
certbot-dns-dynu ยท PyPI
I need to get some shut eye...
eddie
August 17, 2021, 9:45am
25
All good, mate. You have spent a great deal of your time helping me. Have a good one
1 Like
eddie
August 17, 2021, 10:29am
26
Hey, mate
Hoping you're resting now but when you have a moment later on:
sudo certbot renew --dry-run \ ~
--authenticator certbot-dns-dynu:dns-dynu \
--certbot-dns-dynu:dns-dynu-credentials ~/.dynu-credentials.ini \
[sudo] password for eddie:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/eddienetworks.ddnsfree.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugin legacy name certbot-dns-dynu:dns-dynu may be removed in a future version. Please use dns-dynu instead.
Simulating renewal of an existing certificate for *.eddienetworks.ddnsfree.com and eddienetworks.ddnsfree.com
Unsafe permissions on credentials configuration file: /home/eddie/.dynu-credentials.ini
Unsafe permissions on credentials configuration file: /home/eddie/.dynu-credentials.ini
Waiting 60 seconds for DNS changes to propagate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/eddienetworks.ddnsfree.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If there is nothing else pending, I will use this as my new cron job (without the dry-run flag).
Thanks
1 Like
rg305
August 17, 2021, 6:49pm
27
That is awesome!
Did you run it without the --dry-run
?
Please show:
certbot certificates
eddie
August 18, 2021, 1:44am
28
Hi @rg305
Here are the results of the commands:
-> sudo certbot renew \ ~
--authenticator certbot-dns-dynu:dns-dynu \
--certbot-dns-dynu:dns-dynu-credentials ~/.dynu-credentials.ini \
[sudo] password for eddie:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/eddienetworks.ddnsfree.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/eddienetworks.ddnsfree.com/fullchain.pem expires on 2021-11-13 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sudo certbot certificates ~
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: eddienetworks.ddnsfree.com
Serial Number: 47ea975a5fc8b1f254c7a6eebbe93cd9ebf
Key Type: RSA
Domains: *.eddienetworks.ddnsfree.com eddienetworks.ddnsfree.com
Expiry Date: 2021-11-13 09:30:18+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/eddienetworks.ddnsfree.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/eddienetworks.ddnsfree.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
rg305
August 18, 2021, 3:31am
29
One last file check.
Let's have a look at this file to confirm the settings for the next renewal:
And you might want to address this concern:
eddie
August 18, 2021, 5:29am
30
Ok, for the first bit:
cat /etc/letsencrypt/renewal/eddienetworks.ddnsfree.com.conf /etc/nginx/http.d
# renew_before_expiry = 30 days
version = 1.16.0
archive_dir = /etc/letsencrypt/archive/eddienetworks.ddnsfree.com
cert = /etc/letsencrypt/live/eddienetworks.ddnsfree.com/cert.pem
privkey = /etc/letsencrypt/live/eddienetworks.ddnsfree.com/privkey.pem
chain = /etc/letsencrypt/live/eddienetworks.ddnsfree.com/chain.pem
fullchain = /etc/letsencrypt/live/eddienetworks.ddnsfree.com/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = 2491055be5418d2dd416c418ca2124e3
authenticator = manual
server = https://acme-v02.api.letsencrypt.org/directory
pref_challs = dns-01,
For the second one, I tried to find some information about ownership and permissions but was unlucky.
So far the owner is myself with 644 permissions.
rg305
August 18, 2021, 5:36am
31
I was expecting to see a bit more in the renewal config file.
We'll have to see how it does in 60 days
What shows?:
ls -la /home/eddie/.dynu-credentials.ini
eddie
August 18, 2021, 5:40am
32
ls -la /home/eddie/.dynu-credentials.ini
-rw-r--r-- 1 eddie eddie 72 Aug 17 20:15 /home/eddie/.dynu-credentials.ini
rg305
August 18, 2021, 5:48am
33
hmm...
It might be complaining about that first "w" - not very likely.
Try 444 instead of 644.
If not, then it's likely that last "r".
Try 640 instead of 644.
Yeah, I'm thinking it's the last "r" that allows too much access to that file.
certbot
runs as root
so it should have all the access it needs to that file.
eddie
August 18, 2021, 5:56am
34
Hi,
640 did the trick.
Mate, thank you very much. I've been in a couple of forums and never seen anyone as helpful as you. If you don't mind, is that ok if I link this conversation in the video I used as reference?
2 Likes
rg305
August 18, 2021, 6:08am
35
Glad to hear things worked out
Yes, of course; This is a public forum and it is geared towards helping as many people as possible, anything that can help the Internet community at large with encryption is a very welcomed step.
Cheers from Miami
#FreeCuba
1 Like
system
Closed
September 17, 2021, 6:12am
37
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.