BrettD
November 19, 2018, 2:26am
1
Ubuntu 16.04 with Apache 2.4 is surely a common platform.
Yet after renewing wildcard certs manually for most of a year and spending an hour searching the net for solutions, I cannot find a way to accomplish what should be a common need: to renew wildcard certificates other than manually. Really?
I just wasted time figuring out my required BIND DDNS config to interface with certbot, and now it seems I can’t actually get a plugin installed to work with it? Which i didn’t realize wasn’t part of certbot-auto already - “help” command line argument implies that is IS available.
Is there a way to install the dns-rfc2136 plugin to certbot-auto? I’m quite willing to do some manual work here but I need some hints. Or no Ubuntu PPA that can solve this basic and what is surely a common use case?
certbot-auto unfortunately doesn’t package any of the DNS plugins.
The official Certbot PPA packages several of them, including the dns-rfc2136 plugin.
https://launchpad.net/~certbot/+archive/ubuntu/certbot
sudo apt install certbot python3-certbot-apache python3-certbot-dns-rfc2136
danb35
November 19, 2018, 3:02am
3
…or, of course, use a client with really strong DNS support like acme.sh.
2 Likes
BrettD
November 19, 2018, 3:55am
4
Thanks. Now I have the same problem as reported all year, here:
opened 07:54AM - 02 Mar 18 UTC
closed 02:23AM - 03 Jul 20 UTC
help wanted
area: debian / ubuntu
area: pyca
needs-update
## My operating system is (include version):
Ubuntu 16.04.
## I install… ed Certbot with (certbot-auto, OS package manager, pip, etc):
APT repository from the official website (ppa:certbot/certbot).
## I ran this command and it produced this output:
```
root@myserver:/etc/php/7.0/fpm/pool.d# certbot --nginx
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.21.1', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 561, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2631, in load_entry_point
return ep.load()
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2291, in load
return self.resolve()
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2297, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 10, in <module>
import josepy as jose
File "/usr/lib/python3/dist-packages/josepy/__init__.py", line 41, in <module>
from josepy.interfaces import JSONDeSerializable
File "/usr/lib/python3/dist-packages/josepy/interfaces.py", line 8, in <module>
from josepy import errors, util
File "/usr/lib/python3/dist-packages/josepy/util.py", line 4, in <module>
import OpenSSL
File "/usr/lib/python3/dist-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 16, in <module>
from OpenSSL._util import (
File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 6, in <module>
from cryptography.hazmat.bindings.openssl.binding import Binding
File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 156, in <module>
Binding.init_static_locks()
File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 137, in init_static_locks
cls._ensure_ffi_initialized()
File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 124, in _ensure_ffi_initialized
cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES)
File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 84, in build_conditional_library
if not getattr(lib, condition):
AttributeError: cffi library '_openssl' has no function, constant or global variable named 'Cryptography_HAS_RSA_OAEP_MD'
```
## Certbot's behavior differed from what I expected because:
It didn't work, crashed on start.
specifically the random error reported by creativetags on Mar 5] ('_openssl' has no function, constant or global variable named 'Cryptography_HAS_RSA_OAEP_MD' · Issue #5651 · certbot/certbot · GitHub )
Thank you for your suggestion regardless.
BrettD
November 19, 2018, 3:56am
5
Thank you! I forgot about the other clients and will look at this.
Buffalo
December 14, 2018, 4:25am
6
I put a thread in “Servers” which describes getting LE, BIND, DNSSEC, acme.sh,
and wildcards working on Ubuntu 18.04. It might help you with your situation.
system
Closed
January 13, 2019, 4:25am
7
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.