Wildcard certs on Ubuntu 16.04 is STILL impossible?

BrettD · November 19, 2018, 2:26am

Ubuntu 16.04 with Apache 2.4 is surely a common platform.

Yet after renewing wildcard certs manually for most of a year and spending an hour searching the net for solutions, I cannot find a way to accomplish what should be a common need: to renew wildcard certificates other than manually. Really?

I just wasted time figuring out my required BIND DDNS config to interface with certbot, and now it seems I can’t actually get a plugin installed to work with it? Which i didn’t realize wasn’t part of certbot-auto already - “help” command line argument implies that is IS available.

Is there a way to install the dns-rfc2136 plugin to certbot-auto? I’m quite willing to do some manual work here but I need some hints. Or no Ubuntu PPA that can solve this basic and what is surely a common use case?

mnordhoff · November 19, 2018, 2:30am

certbot-auto unfortunately doesn’t package any of the DNS plugins.

The official Certbot PPA packages several of them, including the dns-rfc2136 plugin.

https://launchpad.net/~certbot/+archive/ubuntu/certbot

sudo apt install certbot python3-certbot-apache python3-certbot-dns-rfc2136

danb35 · November 19, 2018, 3:02am

…or, of course, use a client with really strong DNS support like acme.sh.

BrettD · November 19, 2018, 3:55am

Thanks. Now I have the same problem as reported all year, here:

github.com/certbot/certbot

'_openssl' has no function, constant or global variable named 'Cryptography_HAS_RSA_OAEP_MD'

opened 07:54AM - 02 Mar 18 UTC

closed 02:23AM - 03 Jul 20 UTC

mhsabbagh

help wanted area: debian / ubuntu area: pyca needs-update

## My operating system is (include version): Ubuntu 16.04. ## I install…ed Certbot with (certbot-auto, OS package manager, pip, etc): APT repository from the official website (ppa:certbot/certbot). ## I ran this command and it produced this output: ``` root@myserver:/etc/php/7.0/fpm/pool.d# certbot --nginx Traceback (most recent call last): File "/usr/bin/certbot", line 11, in <module> load_entry_point('certbot==0.21.1', 'console_scripts', 'certbot')() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 561, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2631, in load_entry_point return ep.load() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2291, in load return self.resolve() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2297, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) File "/usr/lib/python3/dist-packages/certbot/main.py", line 10, in <module> import josepy as jose File "/usr/lib/python3/dist-packages/josepy/__init__.py", line 41, in <module> from josepy.interfaces import JSONDeSerializable File "/usr/lib/python3/dist-packages/josepy/interfaces.py", line 8, in <module> from josepy import errors, util File "/usr/lib/python3/dist-packages/josepy/util.py", line 4, in <module> import OpenSSL File "/usr/lib/python3/dist-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import crypto, SSL File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 16, in <module> from OpenSSL._util import ( File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 6, in <module> from cryptography.hazmat.bindings.openssl.binding import Binding File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 156, in <module> Binding.init_static_locks() File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 137, in init_static_locks cls._ensure_ffi_initialized() File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 124, in _ensure_ffi_initialized cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES) File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 84, in build_conditional_library if not getattr(lib, condition): AttributeError: cffi library '_openssl' has no function, constant or global variable named 'Cryptography_HAS_RSA_OAEP_MD' ``` ## Certbot's behavior differed from what I expected because: It didn't work, crashed on start.

specifically the random error reported by creativetags on Mar 5] ('_openssl' has no function, constant or global variable named 'Cryptography_HAS_RSA_OAEP_MD' · Issue #5651 · certbot/certbot · GitHub)

Thank you for your suggestion regardless.

BrettD · November 19, 2018, 3:56am

Thank you! I forgot about the other clients and will look at this.

Buffalo · December 14, 2018, 4:25am

I put a thread in “Servers” which describes getting LE, BIND, DNSSEC, acme.sh,
and wildcards working on Ubuntu 18.04. It might help you with your situation.

system · January 13, 2019, 4:25am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.