Plugin dns_ovh : AttributeError: Error, key provider_name is not defined


#1

Hello!

I used the dns_ovh plugin to get new let’s encrypt certificate. I tested it once and it was working well. I am using it on centos 7. No apache running on this server.

Yesterday I had updates for my server and since, I can not create certificates anymore.

the command is :

certbot certonly --dns-ovh --dns-ovh-credentials /root/.secrets/certbot/ovh.ini -d voyage-californie.be -d www.voyage-californie.be --email <my_email>

the error I get:

Plugins selected: Authenticator dns-ovh, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for www.voyage-californie.be
dns-01 challenge for voyage-californie.be
Cleaning up challenges
Encountered exception during recovery: 
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/error_handler.py", line 108, in _call_registered
self.funcs[-1]()
  File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 316, in _cleanup_challenges
self.auth.cleanup(achalls)
  File "/usr/lib/python2.7/site-packages/certbot/plugins/dns_common.py", line 76, in cleanup
self._cleanup(domain, validation_domain_name, validation)
  File "/usr/lib/python2.7/site-packages/certbot_dns_ovh/dns_ovh.py", line 60, in _cleanup
self._get_ovh_client().del_txt_record(domain, validation_name, validation)
  File "/usr/lib/python2.7/site-packages/certbot_dns_ovh/dns_ovh.py", line 68, in _get_ovh_client
self.ttl
  File "/usr/lib/python2.7/site-packages/certbot_dns_ovh/dns_ovh.py", line 85, in __init__
'ttl': ttl,
  File "/usr/lib/python2.7/site-packages/lexicon/providers/ovh.py", line 40, in __init__
super(Provider, self).__init__(config)
  File "/usr/lib/python2.7/site-packages/lexicon/providers/base.py", line 41, in __init__
self.config = legacy_config_resolver(config)
  File "/usr/lib/python2.7/site-packages/lexicon/config.py", line 320, in legacy_config_resolver
return ConfigResolver().with_legacy_dict(legacy_dict).with_env().with_config_dir(os.getcwd())
  File "/usr/lib/python2.7/site-packages/lexicon/config.py", line 181, in with_legacy_dict
return self.with_config_source(LegacyDictConfigSource(legacy_dict_object))
  File "/usr/lib/python2.7/site-packages/lexicon/config.py", line 285, in __init__
raise AttributeError('Error, key provider_name is not defined.'
AttributeError: Error, key provider_name is not defined.LegacyDictConfigSource cannot scope correctly the provider specific options.
An unexpected error occurred:
AttributeError: Error, key provider_name is not defined.LegacyDictConfigSource cannot scope correctly the provider specific options.
Please see the logfiles in /var/log/letsencrypt for more details.

Version installed:

certbot.noarch     0.29.1-1.el7     
python2-certbot.noarch         0.29.1-1.el7    
python2-certbot-dns-ovh.noarch     0.27.1-1.el7

Not sure what’s happening.

Thx in advance for any help!


#2

Me neither, but I would try using certbot-auto until that gets corrected:


#3

Tried it but certbot-auto does not recognize the --dns-ovh-credentials arguments :frowning:


#4

Well that’s no Bueno…
Maybe the ACME.SH client can help.


#5

Or maybe someone here can help with the original problem while you look for a backup/workaround plan.

@JuergenAuer
@_az
@mnordhoff
@Osiris


#6

I think the issue is due to the version of the ovh plugin on my system: 0.27.1 (certbot is 0.29).

Checking the master code on github, we can see that the provider_name is defined here (file dns_ovh.py) :

self.provider = ovh.Provider({
 'provider_name': 'ovh',
 'auth_entrypoint': endpoint,
   ....
})  

Checking the code for version 0.27, I can see this is missing in it. I installed the dns-ovh plugin from the epel repository. Looks like they forget to update the dns-ovh plugin :frowning:

And in fact, if I check all plugins, it’s the same (except for dns-cloudflare). I still have the 0.27 version for them.

Needs to see how to revert certbot to 0.27 or to push the update of the plugins in epel repo.

Have a nice sunday :slight_smile:


#7

Have you looked at ACME.SH ?


#8

For what it’s worth, apparently this was:

Your Certbot DNS plugins are old and your Lexicon library is new and they’re not compatible. :slightly_frowning_face:


#9

It is worth it ^^

As an immediate mitigation, Lexicon should be downgraded to latest version for 2.x.

As a long term solution, EPEL should provide up to date Certbot DNS plugins, or at least in coherence with Certbot itself.


#10

It looks like plugins for certbot are under testing (I checked the testing branch for epel packages and there, the plugin package have the same release than the certbot package). Normally they have to spend 15 days in the testing branch before being deployed.


#11

Indeed, I discussed with the certbot integrator for EPEL, he confirmed that. In less than one week and half, the new packages that are currently in the testing area will drop in stable, so the issue will resolve itself without explicit intervention.

However, he informed me of a mechanism that speed up the switch from testing to stable. It is in fact this mechanism that made certbot and lexicon, and some dns plugins, moving fastly to stable, before the other dns plugins.

So you can go to the relevant packages, in https://bodhi.fedoraproject.org, and make comments on them to be deployed. With enough votes, switch will be triggered without the default delay.


#12

just done it. Thx!

I need to create new certificates asap and so I will downgrade the certbot package to last version until the new dns-ovh plugin will be available in EPEL.


#13

It is lexicon that you need to downgrade. If downgrading certbot make it happen because of transitive dependency relations, so do it. Otherwise, downgrade lexicon directly. Certbot does not require 3.x for now.


#14

aarrgh yum does not allow me to downgrade lexicon :frowning:


#15

yum downgrade python2-dns-lexicon-2.7.9-1.el7 ?


#16

It’s what i have done but it said « nothing to do »


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.