Third party plugins with SNAP installation?

Background: I want to automate my wildcard certificate through NameCheap DNS provider. I would like to use Standalone DNS Authenticator plugin for Certbot to accomplish this. However, there seems to be a gap between the "old" certbot-auto framework and this new Snap-based installation. I am using other Namecheap dns features (email forwarding, for example) so switching to digitalocean name services is undesirable. None of the other certbot installation methods appear to be supported...

How can I use (or modify) the existing third-party DNS plugin to work in a modern (2022) certbot installation?


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
mycology.zone

I ran this command:
snap install certbot-dns-standalone

It produced this output:
error: snap "certbot-dns-standalone" not found

My web server is (include version):
nginx/1.18.0

The operating system my web server runs on is (include version):
Debian GNU/Linux 11 (bullseye)

My hosting provider, if applicable, is:
digitalocean

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.27.0

That plugin hasn't been updated since October 2020, I don't know if it can be made to work with snap version of certbot.

According to current certbot documentation, certbot can work with these DNS systems:
image

maybe one of them can solve your problem.
Otherwise, have you considered using any other ACME client?

2 Likes

I don't have access to snap, so I can't test anything with it, but doesn't the snap Python also use the local machines Python path to search for possible libraries?

2 Likes

So, you mean install that old plug-in (as before snap) and then snap version of certbot should find it?
Worth the try, I guess.

1 Like

I am willing to modify the project to work with the current framework, but I'm kind of lost in the developer documentation. Any pointers to getting started, that aren't outdated? There's not a clear line between the "old" and "new" frameworks.

I don't see any way to automate any of these with NameCheap DNS.

No, do you have any pointers? I don't want to manually intervene evrery 2-3 months. I am open to other solutions.

I have no idea how to answer this question... I tried installing the plugin with pip3 and the certbot didn't find it... beyond that i'm lost! Do you have any pointers to more information about this?

Yes ... or I am interested in updating the old plugin to work with the new framework. I just don't know how to go about doing that.

Example:
./acme.sh --issue --dns dns_namecheap -d example.com -d *.example.com

3 Likes

This looks promising! I thought I couldn't get namecheap API access (https://www.namecheap.com/support/knowledgebase/article.aspx/9739/63/api-faq/#c), but it looks like I can add $50 to my account to turn it on. Alternatively I might be able to do a standalone dns server like the plugin I referenced, using this acme client. Thanks for the link! I'll update with my results.

1 Like

Probably not. I would not be surprised if snap certbot comes with its own python, its own openssl, its own root store...

Snap is the reason I abandoned Ubuntu. My f*cking password manager couldn't speak to f*cking Firefox anymore.

3 Likes

Or you can use different authoritative dns servers. I use cloudflare with the single domain I bought on namecheap.

3 Likes

It does indeed.. If the Python versions differ between Snaps version and the local system version, it wouldn't work I think. But if the local system happens to also have libraries for the same Python version as Snap, why wouldn't it be able to work?

I myself won't be using snap also. I can't even run it on my OpenRC Gentoo. And I don't want to use it. Terrible waste of resources, those containers containing everything.

4 Likes

Because it's not flatpak.

1 Like

Flatpack packages can use Python libraries from outside of the container?

2 Likes

I'm not sure.

But they share runtimes.

1 Like

I mentioned that I'm using other Namecheap features that make this undesirable.. such as their email forwarding service. If automating the wildcard certificates proves infeasible, I'll change nameservers.

Can't say I blame you. I'm disappointed that they don't support certbot-auto or the pip installation any more.

I was talking about snap specifically. Certbot can be installed using pip perfectly.

2 Likes

Good to know... the official docs say "installing Certbot through pip is only supported on a best effort basis and when using a virtual environment," which was rather offputting. With your testimonial, I'll give pip a shot. :+1:t5:

1 Like

It's not ideal, especially regarding updating et cetera, which has to be done manually within the virtual environment. But it's also certainly not impossible and sometimes one of the only viable methods.

And IMO everything is better than snap.. :stuck_out_tongue:

3 Likes