Unable to generate certificate (using Azure plugin)

manjeet-securemation · March 31, 2022, 5:15am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cisozen.com

I ran this command: certbot certonly -d *.cisozen.com -a dns-azure --dns-azure-credentials certcred.json --dns-azure-resource-group CISOZEN-FRONTEND-TEST --config-dir ~/.certbot/config --logs-dir ~/.certbot/logs --work-dir ~/.certbot/work

It produced this output: Unsafe permissions on credentials configuration file: certcred.json
Encountered exception during recovery: TypeError: init() missing 1 required positional argument: 'credential'
An unexpected error occurred:
TypeError: init() missing 1 required positional argument: 'credential'

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.25.0

_az · March 31, 2022, 5:26am

The full stack trace from ~/.certbot/logs/letsencrypt.log might give us some more hints as to what is going wrong.

webprofusion · March 31, 2022, 9:01am

You need to create a text config file like these examples, I think you're just giving it a .json file you downloaded from Azure.:

https://certbot-dns-azure.readthedocs.io/en/latest/

e.g.:

dns_azure_sp_client_id = 912ce44a-0156-4669-ae22-c16a17d34ca5
dns_azure_sp_client_secret = E-xqXU83Y-jzTI6xe9fs2YC~mck3ZzUih9
dns_azure_tenant_id = ed1090f3-ab18-4b12-816c-599af8a88cf7

dns_azure_environment = "AzurePublicCloud"

dns_azure_zone1 = example.com:/subscriptions/c135abce-d87d-48df-936c-15596c6968a5/resourceGroups/dns1
dns_azure_zone2 = example.org:/subscriptions/99800903-fb14-4992-9aff-12eaf2744622/resourceGroups/dns2

manjeet-securemation · April 1, 2022, 1:01am

As per this link Welcome to certbot-dns-azure’s documentation! — certbot-dns-azure 0 documentation , I created a INI config file . Now I am getting following error message:

Encountered exception during recovery: json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
An unexpected error occurred:
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Could you please help me to resolve this issue? I have attached the log file.

letsencryptlog.txt (14.2 KB)

manjeet-securemation · April 1, 2022, 1:03am

Hi ,
Here is my log file. could you please have a look and help me to resolve the issue.
letsencryptlog.txt (14.2 KB)
I have created config file(INI file) and I am running following command:
certbot certonly -d *.cisozen.com -a dns-azure --dns-azure-credentials ~/.certbot/config/certconfig.ini --dns-azure-resource-group CISOZEN-FRONTEND-TEST --config-dir ~/.certbot/config --logs-dir ~/.certbot/logs --work-dir ~/.certbot/work

webprofusion · April 1, 2022, 2:40am

Just for consistency with the Welcome to certbot-dns-azure’s documentation! — certbot-dns-azure 0 documentation could you change your command to use --dns-azure-config ~/.certbot/config/certconfig.ini instead of --dns-azure-credentials, the config option seems to be the new/current way to do it. Check your azure dns plugin is up to date, I have a feeling it's old and that's the root of the confusion.

For some reason it's trying to read your ini file (which is a text format with key=value pairs as JSON (which is completely different). Looking at the errors the line numbers don't match up with the source on github, that's why I think your plugin is out of date.

If the issue persists it's probably worth asking for help on their github issues.

manjeet-securemation · April 1, 2022, 4:20am

Hi
I changed my command to use
--dns-azure-config ~/.certbot/config/certconfig.ini and it is throwing this error :
certbot: error: unrecognized arguments: --dns-azure-config

webprofusion · April 1, 2022, 4:39am

That means your version of the plugin is out of date. Time to update it/re-install it.

manjeet-securemation · April 1, 2022, 5:31am

re-installed the plugin. But now I am getting following error:

Error parsing credentials configuration: Parsing failed with several errors.
First error at line 1.

webprofusion · April 1, 2022, 5:44am

I'm out of ideas I'm afraid @manjeet-securemation - you'll need to review your configuration file to ensure it's all correctly formatted and everything is correct compared to Welcome to certbot-dns-azure’s documentation! — certbot-dns-azure 0 documentation

manjeet-securemation · April 1, 2022, 5:49am

Ok Thank you

system · May 1, 2022, 5:50am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.