Wildcard certs on Ubuntu 16.04 is STILL impossible?

BrettD · November 19, 2018, 2:26am

Ubuntu 16.04 with Apache 2.4 is surely a common platform.

Yet after renewing wildcard certs manually for most of a year and spending an hour searching the net for solutions, I cannot find a way to accomplish what should be a common need: to renew wildcard certificates other than manually. Really?

I just wasted time figuring out my required BIND DDNS config to interface with certbot, and now it seems I can’t actually get a plugin installed to work with it? Which i didn’t realize wasn’t part of certbot-auto already - “help” command line argument implies that is IS available.

Is there a way to install the dns-rfc2136 plugin to certbot-auto? I’m quite willing to do some manual work here but I need some hints. Or no Ubuntu PPA that can solve this basic and what is surely a common use case?

mnordhoff · November 19, 2018, 2:30am

certbot-auto unfortunately doesn’t package any of the DNS plugins.

The official Certbot PPA packages several of them, including the dns-rfc2136 plugin.

https://launchpad.net/~certbot/+archive/ubuntu/certbot

sudo apt install certbot python3-certbot-apache python3-certbot-dns-rfc2136

danb35 · November 19, 2018, 3:02am

…or, of course, use a client with really strong DNS support like acme.sh.

BrettD · November 19, 2018, 3:55am

Thanks. Now I have the same problem as reported all year, here:

github.com/certbot/certbot

'_openssl' has no function, constant or global variable named 'Cryptography_HAS_RSA_OAEP_MD'

opened 07:54AM - 02 Mar 18 UTC

closed 02:23AM - 03 Jul 20 UTC

mhsabbagh

help wanted area: debian / ubuntu area: pyca needs-update

## My operating system is (include version): Ubuntu 16.04. ## I install…ed Certbot with (certbot-auto, OS package manager, pip, etc): APT repository from the official website (ppa:certbot/certbot). ## I ran this command and it produced this output: ``` root@myserver:/etc/php/7.0/fpm/pool.d# certbot --nginx Traceback (most recent call last): File "/usr/bin/certbot", line 11, in <module> load_entry_point('certbot==0.21.1', 'console_scripts', 'certbot')() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 561, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2631, in load_entry_point return ep.load() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2291, in load return self.resolve() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2297, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) File "/usr/lib/python3/dist-packages/certbot/main.py", line 10, in <module> import josepy as jose File "/usr/lib/python3/dist-packages/josepy/__init__.py", line 41, in <module> from josepy.interfaces import JSONDeSerializable File "/usr/lib/python3/dist-packages/josepy/interfaces.py", line 8, in <module> from josepy import errors, util File "/usr/lib/python3/dist-packages/josepy/util.py", line 4, in <module> import OpenSSL File "/usr/lib/python3/dist-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import crypto, SSL File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 16, in <module> from OpenSSL._util import ( File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 6, in <module> from cryptography.hazmat.bindings.openssl.binding import Binding File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 156, in <module> Binding.init_static_locks() File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 137, in init_static_locks cls._ensure_ffi_initialized() File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 124, in _ensure_ffi_initialized cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES) File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 84, in build_conditional_library if not getattr(lib, condition): AttributeError: cffi library '_openssl' has no function, constant or global variable named 'Cryptography_HAS_RSA_OAEP_MD' ``` ## Certbot's behavior differed from what I expected because: It didn't work, crashed on start.

specifically the random error reported by creativetags on Mar 5] ('_openssl' has no function, constant or global variable named 'Cryptography_HAS_RSA_OAEP_MD' · Issue #5651 · certbot/certbot · GitHub)

Thank you for your suggestion regardless.

BrettD · November 19, 2018, 3:56am

Thank you! I forgot about the other clients and will look at this.

Buffalo · December 14, 2018, 4:25am

I put a thread in “Servers” which describes getting LE, BIND, DNSSEC, acme.sh,
and wildcards working on Ubuntu 18.04. It might help you with your situation.

Topic		Replies	Views
Ubuntu 16.04 PPA: How long until Certbot 0.22.0 available? Feature Requests	39	20454	July 3, 2018
I need help with ./certbot-auto --apache Help	20	1588	February 5, 2019
Certbot: Requesting support installing wildcard certs on Apache/Ubuntu Help	3	764	November 5, 2020
I'm Sure its been asked Wild Card Certs and DNS Server Help	22	2777	January 14, 2020
How to get Certbot 0.22 on Apache Ubuntu 17.04 Help	2	2578	April 18, 2018

Wildcard certs on Ubuntu 16.04 is STILL impossible?

Related topics