The requested <plugin> does not appear to be installed

erglazier · January 6, 2023, 1:32am

I have 2 plugins for PowerDNS installed via pip. Certbot doesn't find either of them. It used to. I've seem similar topic in here, but nothing quite like I'm dealing with. Thanks for the help.

My domain is: voyant.com

I ran this command:
certbot certonly -n --logs-dir /var/log/certcron/_.TEMPvoyant.com --authenticator certbot-dns-powerdns:dns-powerdns -d *.voyant.com --cert-name voyant.com --agree-tos --email "devops@voyant.com"

It produced this output:
The requested certbot-dns-powerdns:dns-powerdns plugin does not appear to be installed

My web server is (include version): NA

The operating system my Certbot runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.1.0

The other domain that produces the same error

root@ply-certbot-u20-01:/srv/certbot/PDNStest# certbot certonly -n --logs-dir /var/log/certcron/_.TEMPvoyant.com --authenticator certbot-pdns:auth -d *.voyant.com --cert-name voyant.com --agree-tos --email "devops@voyant.com"
Saving debug log to /var/log/certcron/_.TEMPvoyant.com/letsencrypt.log
The requested certbot-pdns:auth plugin does not appear to be installed
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/certcron/_.TEMPvoyant.com/letsencrypt.log or re-run Certbot with -v for more details.
root@ply-certbot-u20-01:/srv/certbot/PDNStest#

root@ply-certbot-u20-01:/srv/certbot/PDNStest# pip list | grep cert
certbot                 2.1.0
certbot-dns-dnsmadeeasy 1.22.0
certbot-dns-powerdns    0.2.1
certbot-pdns            1.2.0
certifi                 2019.11.28
root@ply-certbot-u20-01:/srv/certbot/PDNStest#
root@ply-certbot-u20-01:/srv/certbot/PDNStest# certbot plugins --text
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* auth
Description: Place challenges in DNS records
Interfaces: Plugin
Entry point: auth = certbot_pdns.authenticator:Authenticator

* dns-dnsmadeeasy
Description: Obtain certificates using a DNS TXT record (if you are using DNS
Made Easy for DNS).
Interfaces: Authenticator, Plugin
Entry point: dns-dnsmadeeasy =
certbot_dns_dnsmadeeasy._internal.dns_dnsmadeeasy:Authenticator

* dns-powerdns
Description: Obtain certificates using a DNS TXT record (if you are using
PowerDNS for DNS.)
Interfaces: Authenticator, Plugin
Entry point: dns-powerdns = certbot_dns_powerdns.dns_powerdns:Authenticator

* standalone
Description: Spin up a temporary webserver
Interfaces: Authenticator, Plugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator

* webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Rip · January 6, 2023, 1:43am

Hi @erglazier (Rich) and welcome to the community!

I might be missing something, but It looks like you should be using:

Registrar WHOIS Server: whois.godaddy.com

certbot-dns-godaddy x.xx.xx plugin...

At any rate your command shows:

So whatever DNS plugin is not installed.

Some of the questions go unanswered
Hosting provider?
Are you "self hosted?"
Using godaddy?
Please advise.

_az · January 6, 2023, 2:37am

In the changes for Certbot 2.0:

3rd party plugins no longer support the dist_name:plugin_name format on the CLI and in configuration files. Use the shorter plugin_name format.

So, you'd just do:

--authenticator auth

for the PowerDNS plugin.

erglazier · January 6, 2023, 3:13am

Sorry _az, I meant to mention that I tried that as well, but it's like -a doesn't like see the argument.

root@ply-certbot-u20-01:~# certbot certonly -n --logs-dir /var/log/certcron/_.TEMPvoyant.com --authenticator auth -d *.voyant.com --cert-name voyant.com --agree-tos --email "devops@voyant.com"
Saving debug log to /var/log/certcron/_.TEMPvoyant.com/letsencrypt.log
usage:
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument -a/--authenticator: expected one argument
root@ply-certbot-u20-01:~#

rg305 · January 6, 2023, 3:14am

I suspect that "auth" is a keyword.
Try encapsulating it.

erglazier · January 6, 2023, 3:15am

Thanks for the feedback. Not using GoDaddy, and am self hosted. The plugin I'm trying to get recognized is certbot-pdns:auth

rg305 · January 6, 2023, 3:16am

That would be:
--authenticator certbot-dns-powerdns
OR
--authenticator dns-powerdns

erglazier · January 6, 2023, 3:17am

Good idea, I tried putting auth in single quotes and double quotes, but the same output.

rg305 · January 6, 2023, 3:17am

Would be:
--authenticator certbot-pdns
OR
--authenticator 'auth'

OR maybe...
--authenticator '\a\u\t\h'

erglazier · January 6, 2023, 3:24am

Thank you rg305. Here is the way is was working, before upgrading to v2.
--authenticator certbot-pdns:auth

Here's the plugin

# certbot plugins --text
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* auth
Description: Place challenges in DNS records
Interfaces: Plugin
Entry point: auth = certbot_pdns.authenticator:Authenticator

# pip list | grep certbot-pdns
certbot-pdns            1.2.0

erglazier · January 6, 2023, 3:25am

# certbot certonly -n --logs-dir /var/log/certcron/_.TEMPvoyant.com --authenticator '\a\u\t\h' -d *.voyant.com --cert-name voyant.com --agree-tos --email "devops@voyant.com"
Saving debug log to /var/log/certcron/_.TEMPvoyant.com/letsencrypt.log
The requested \a\u\t\h plugin does not appear to be installed
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/certcron/_.TEMPvoyant.com/letsencrypt.log or re-run Certbot with -v for more details.

# certbot certonly -n --logs-dir /var/log/certcron/_.TEMPvoyant.com --authenticator 'auth' -d *.voyant.com --cert-name voyant.com --agree-tos --email "devops@voyant.com"
Saving debug log to /var/log/certcron/_.TEMPvoyant.com/letsencrypt.log
usage:
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument -a/--authenticator: expected one argument

# certbot certonly -n --logs-dir /var/log/certcron/_.TEMPvoyant.com --authenticator certbot-pdns -d *.voyant.com --cert-name voyant.com --agree-tos --email "devops@voyant.com"
Saving debug log to /var/log/certcron/_.TEMPvoyant.com/letsencrypt.log
The requested certbot-pdns plugin does not appear to be installed
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/certcron/_.TEMPvoyant.com/letsencrypt.log or re-run Certbot with -v for more details.

erglazier · January 6, 2023, 3:32am

I have the other PowerDNS plugin installed as well, and the short form of that authenticator worked, so maybe I can just use that PDNS plugin?

root@ply-certbot-u20-01:~# certbot certonly -n --logs-dir /var/log/certcron/_.TEMPvoyant.com --authenticator dns-powerdns -d *.voyant.com --cert-name voyant.com --agree-tos --email "devops@voyant.com"
Saving debug log to /var/log/certcron/_.TEMPvoyant.com/letsencrypt.log
Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal; no action taken.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@ply-certbot-u20-01:~#

rg305 · January 6, 2023, 3:39am

Give that one a go, while I try to dig up some other hack to that "keyword"...

rg305 · January 6, 2023, 3:48am

Try:
--authenticator \a\u\t\h

Rip · January 6, 2023, 4:05am

Thank You.

rg305 · January 6, 2023, 4:09am

He meant Godaddy for your authoritative DNS zone.
But I guess that answer fits there too - lol

_az · January 6, 2023, 5:28am

I remember that issue from before and I got excited for a second, but I don't think that's the case here.

Following these steps, I was able to install and use the certbot-pdns plugin via the auth entrypoint:

sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip
sudo /opt/certbot/bin/pip install certbot certbot-pdns
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot
sudo certbot certonly -d example.com -a auth --dry-run

An unexpected error occurred:
FileNotFoundError: [Errno 2] No such file or directory: '/etc/letsencrypt/certbot-pdns.json'
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

rg305 · January 6, 2023, 5:33am

-a auth
--authenticator auth

Should be the same ...
But do they act the same?

erglazier · January 6, 2023, 4:22pm

-a and --authenticator behave the same way, and neither recognizes "auth". Thanks for all the suggestions, however.

erglazier · January 18, 2023, 5:06pm

I went ahead and changed to a different plugin for Power DNS certbot-dns-powerdns, because I could never get the certbot-pdns:auth working