I am using dns-rfc2136 in multiple servers but today on a bionic ubuntu i have a problem:
first i installed certbot and add plugin:
sudo apt install python3-certbot-dns-rfc2136
Then i did create my credential file named /etc/bind/c.ini
:
# Target DNS server
dns_rfc2136_server=127.0.0.1
# Target DNS port
dns_rfc2136_port=53
# TSIG key name
dns_rfc2136_name=keyname.
# TSIG key secret
dns_rfc2136_secret=xxxx...xxx$
# TSIG key algorithm
dns_rfc2136_algorithm=HMAC-SHA512
after that i run the command:
sudo certbot certonly --manual-public-ip-logging-ok --agree-tos --dns-rfc2136 --dns-rfc2136-credentials /etc/bind/c.ini -d "example.com" -d "*.example.com"
But this errors accures:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-rfc2136, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for example.com
dns-01 challenge for example.com
Unsafe permissions on credentials configuration file: /etc/bind/c.ini
Cleaning up challenges
Encountered exception during recovery:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/dns_common.py", line 57, in perform
self._perform(domain, validation_domain_name, validation)
File "/usr/lib/python3/dist-packages/certbot_dns_rfc2136/dns_rfc2136.py", line 76, in _perform
self._get_rfc2136_client().add_txt_record(validation_name, validation, self.ttl)
File "/usr/lib/python3/dist-packages/certbot_dns_rfc2136/dns_rfc2136.py", line 87, in _get_rfc2136_client
dns.tsig.HMAC_MD5))
File "/usr/lib/python3/dist-packages/certbot_dns_rfc2136/dns_rfc2136.py", line 98, in __init__
key_name: key_secret
File "/usr/lib/python3/dist-packages/dns/tsigkeyring.py", line 33, in from_text
secret = base64.decodestring(maybe_encode(textring[keytext]))
File "/usr/lib/python3.6/base64.py", line 554, in decodestring
return decodebytes(s)
File "/usr/lib/python3.6/base64.py", line 546, in decodebytes
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/error_handler.py", line 108, in _call_registered
self.funcs[-1]()
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 323, in _cleanup_challenges
self.auth.cleanup(achalls)
File "/usr/lib/python3/dist-packages/certbot/plugins/dns_common.py", line 76, in cleanup
self._cleanup(domain, validation_domain_name, validation)
File "/usr/lib/python3/dist-packages/certbot_dns_rfc2136/dns_rfc2136.py", line 79, in _cleanup
self._get_rfc2136_client().del_txt_record(validation_name, validation)
File "/usr/lib/python3/dist-packages/certbot_dns_rfc2136/dns_rfc2136.py", line 87, in _get_rfc2136_client
dns.tsig.HMAC_MD5))
File "/usr/lib/python3/dist-packages/certbot_dns_rfc2136/dns_rfc2136.py", line 98, in __init__
key_name: key_secret
File "/usr/lib/python3/dist-packages/dns/tsigkeyring.py", line 33, in from_text
secret = base64.decodestring(maybe_encode(textring[keytext]))
File "/usr/lib/python3.6/base64.py", line 554, in decodestring
return decodebytes(s)
File "/usr/lib/python3.6/base64.py", line 546, in decodebytes
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
An unexpected error occurred:
binascii.Error: Incorrect padding
Any idea?