Plugin dns_ovh : AttributeError: Error, key provider_name is not defined

venizia03 · December 15, 2018, 10:00am

Hello!

I used the dns_ovh plugin to get new let’s encrypt certificate. I tested it once and it was working well. I am using it on centos 7. No apache running on this server.

Yesterday I had updates for my server and since, I can not create certificates anymore.

the command is :

certbot certonly --dns-ovh --dns-ovh-credentials /root/.secrets/certbot/ovh.ini -d voyage-californie.be -d www.voyage-californie.be --email <my_email>

the error I get:

Plugins selected: Authenticator dns-ovh, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for www.voyage-californie.be
dns-01 challenge for voyage-californie.be
Cleaning up challenges
Encountered exception during recovery: 
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/error_handler.py", line 108, in _call_registered
self.funcs[-1]()
  File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 316, in _cleanup_challenges
self.auth.cleanup(achalls)
  File "/usr/lib/python2.7/site-packages/certbot/plugins/dns_common.py", line 76, in cleanup
self._cleanup(domain, validation_domain_name, validation)
  File "/usr/lib/python2.7/site-packages/certbot_dns_ovh/dns_ovh.py", line 60, in _cleanup
self._get_ovh_client().del_txt_record(domain, validation_name, validation)
  File "/usr/lib/python2.7/site-packages/certbot_dns_ovh/dns_ovh.py", line 68, in _get_ovh_client
self.ttl
  File "/usr/lib/python2.7/site-packages/certbot_dns_ovh/dns_ovh.py", line 85, in __init__
'ttl': ttl,
  File "/usr/lib/python2.7/site-packages/lexicon/providers/ovh.py", line 40, in __init__
super(Provider, self).__init__(config)
  File "/usr/lib/python2.7/site-packages/lexicon/providers/base.py", line 41, in __init__
self.config = legacy_config_resolver(config)
  File "/usr/lib/python2.7/site-packages/lexicon/config.py", line 320, in legacy_config_resolver
return ConfigResolver().with_legacy_dict(legacy_dict).with_env().with_config_dir(os.getcwd())
  File "/usr/lib/python2.7/site-packages/lexicon/config.py", line 181, in with_legacy_dict
return self.with_config_source(LegacyDictConfigSource(legacy_dict_object))
  File "/usr/lib/python2.7/site-packages/lexicon/config.py", line 285, in __init__
raise AttributeError('Error, key provider_name is not defined.'
AttributeError: Error, key provider_name is not defined.LegacyDictConfigSource cannot scope correctly the provider specific options.
An unexpected error occurred:
AttributeError: Error, key provider_name is not defined.LegacyDictConfigSource cannot scope correctly the provider specific options.
Please see the logfiles in /var/log/letsencrypt for more details.

Version installed:

certbot.noarch     0.29.1-1.el7     
python2-certbot.noarch         0.29.1-1.el7    
python2-certbot-dns-ovh.noarch     0.27.1-1.el7

Not sure what’s happening.

Thx in advance for any help!

rg305 · December 15, 2018, 10:44am

Me neither, but I would try using certbot-auto until that gets corrected:
https://certbot.eff.org/docs/install.html#id6

venizia03 · December 15, 2018, 11:51am

Tried it but certbot-auto does not recognize the --dns-ovh-credentials arguments

rg305 · December 15, 2018, 12:00pm

Well that’s no Bueno…
Maybe the ACME.SH client can help.

rg305 · December 15, 2018, 11:56pm

Or maybe someone here can help with the original problem while you look for a backup/workaround plan.

@JuergenAuer
@_az
@mnordhoff
@Osiris

venizia03 · December 16, 2018, 7:23am

I think the issue is due to the version of the ovh plugin on my system: 0.27.1 (certbot is 0.29).

Checking the master code on github, we can see that the provider_name is defined here (file dns_ovh.py) :

self.provider = ovh.Provider({
 'provider_name': 'ovh',
 'auth_entrypoint': endpoint,
   ....
})

Checking the code for version 0.27, I can see this is missing in it. I installed the dns-ovh plugin from the epel repository. Looks like they forget to update the dns-ovh plugin

And in fact, if I check all plugins, it’s the same (except for dns-cloudflare). I still have the 0.27 version for them.

Needs to see how to revert certbot to 0.27 or to push the update of the plugins in epel repo.

Have a nice sunday

rg305 · December 16, 2018, 7:26am

Have you looked at ACME.SH ?

mnordhoff · December 16, 2018, 7:42am

For what it's worth, apparently this was:

github.com/certbot/certbot

Lexicon configuration system changing.

opened 06:11PM - 04 Nov 18 UTC

closed 10:07PM - 05 Nov 18 UTC

AnalogJ

area: dns

Hey, Lexicon's internal configuration system will be changing soon, once http…s://github.com/AnalogJ/lexicon/pull/302 is merged. @adferrand's PR reorganizes and refactors a not-insignificant portion of the lexicon engine and adds a much more robust config storage solution based on node's `nconf` library. His changes are backwards compatible when `lexicon` where possible, however there may be some issues for projects using `lexicon` as a library due to class/function refactoring. Since you guys use `lexicon` as a library, I wanted to give you a heads up incase there's any changes in your integration/test suite you need to prepare. Timeline for merging the PR is next couple of days unless there are any concerns. -Jason cc @bmw @adferrand

github.com/certbot/certbot

Lexicon v3 compatibility

certbot:master ← adferrand:lexicon_v3_compatibility

opened 09:23PM - 05 Nov 18 UTC

adferrand

+15 -1

Lexicon will soon move to a new major version after my PR AnalogJ/lexicon#302 is… merged. As discussed in #6472, this implies breaking changes that needs to be integrated in dns plugins that are backed by Lexicon. This PR ensures that theses plugins will work both if Lexicon 2.x and Lexicon 3.x. Tested on live API with OVH plugin on both Lexicon versions.

Your Certbot DNS plugins are old and your Lexicon library is new and they're not compatible.

adferrand · December 16, 2018, 8:24am

It is worth it ^^

As an immediate mitigation, Lexicon should be downgraded to latest version for 2.x.

As a long term solution, EPEL should provide up to date Certbot DNS plugins, or at least in coherence with Certbot itself.

venizia03 · December 16, 2018, 2:06pm

It looks like plugins for certbot are under testing (I checked the testing branch for epel packages and there, the plugin package have the same release than the certbot package). Normally they have to spend 15 days in the testing branch before being deployed.

adferrand · December 16, 2018, 2:21pm

Indeed, I discussed with the certbot integrator for EPEL, he confirmed that. In less than one week and half, the new packages that are currently in the testing area will drop in stable, so the issue will resolve itself without explicit intervention.

However, he informed me of a mechanism that speed up the switch from testing to stable. It is in fact this mechanism that made certbot and lexicon, and some dns plugins, moving fastly to stable, before the other dns plugins.

So you can go to the relevant packages, in https://bodhi.fedoraproject.org, and make comments on them to be deployed. With enough votes, switch will be triggered without the default delay.

venizia03 · December 16, 2018, 2:31pm

just done it. Thx!

I need to create new certificates asap and so I will downgrade the certbot package to last version until the new dns-ovh plugin will be available in EPEL.

adferrand · December 16, 2018, 2:51pm

It is lexicon that you need to downgrade. If downgrading certbot make it happen because of transitive dependency relations, so do it. Otherwise, downgrade lexicon directly. Certbot does not require 3.x for now.

venizia03 · December 16, 2018, 4:29pm

aarrgh yum does not allow me to downgrade lexicon

adferrand · December 16, 2018, 4:56pm

yum downgrade python2-dns-lexicon-2.7.9-1.el7 ?

venizia03 · December 16, 2018, 5:07pm

It’s what i have done but it said « nothing to do »

system · January 15, 2019, 5:07pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.