buxdehuda / strato-certbot Goto Github PK
View Code? Open in Web Editor NEWWildcard certificates for strato.de
License: The Unlicense
strato-certbot's People
Contributors
Stargazers
Watchers
Forkers
pixeljonas asdbigmac florian-sattler mennoo123 maflo321 be-mler ruboka jasminhacker onemarcfifty parkingomat vince6e74 hvoss hartmann-daniel wurstmitdurst schlabeedv roboticsalign rezoran himbeles gschenck kbruegge sascha988 thejezzi xamafe hacksbugsandrockandroll ccharon puerling thomaskuijper janicijaho sq4 septatrix hlarcstrato-certbot's Issues
Error Messages on exec
Hey,
thansk for your work. I´m not very familiar into python.
Can you help me out with the error messages and what i´m doin worng?
Thank you a lot
`root@ap001:~# certbot certonly --manual --preferred-challenges dns --manual-auth-hook /root/cert/strato-cert/auth-hook.py --manual-cleanup-hook /root/cert/strato-cert/cleanup-hook.py -d "*.boe.de" -d "boe.de" --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert not due for renewal, but simulating renewal for dry run
Simulating renewal of an existing certificate for *.boe.de and boe.de
Performing the following challenges:
dns-01 challenge for boe.de
dns-01 challenge for boe.de
Running manual-auth-hook command: /root/cert/strato-cert/auth-hook.py
manual-auth-hook command "/root/cert/strato-cert/auth-hook.py" returned error code 1
Error output from manual-auth-hook command auth-hook.py:
Traceback (most recent call last):
File "/root/cert/strato-cert/auth-hook.py", line 38, in
main()
File "/root/cert/strato-cert/auth-hook.py", line 17, in main
auth = json.load(file)
File "/usr/lib/python3.9/json/init.py", line 293, in load
return loads(fp.read(),
File "/usr/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 4 column 5 (char 64)
Running manual-auth-hook command: /root/cert/strato-cert/auth-hook.py
manual-auth-hook command "/root/cert/strato-cert/auth-hook.py" returned error code 1
Error output from manual-auth-hook command auth-hook.py:
Traceback (most recent call last):
File "/root/cert/strato-cert/auth-hook.py", line 38, in
main()
File "/root/cert/strato-cert/auth-hook.py", line 17, in main
auth = json.load(file)
File "/usr/lib/python3.9/json/init.py", line 293, in load
return loads(fp.read(),
File "/usr/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 4 column 5 (char 64)
Waiting for verification...
Challenge failed for domain boe.de
Challenge failed for domain boe.de
dns-01 challenge for boe.de
dns-01 challenge for boe.de
Cleaning up challenges
Running manual-cleanup-hook command: /root/cert/strato-cert/cleanup-hook.py
manual-cleanup-hook command "/root/cert/strato-cert/cleanup-hook.py" returned error code 1
Error output from manual-cleanup-hook command cleanup-hook.py:
Traceback (most recent call last):
File "/root/cert/strato-cert/cleanup-hook.py", line 38, in
main()
File "/root/cert/strato-cert/cleanup-hook.py", line 17, in main
auth = json.load(file)
File "/usr/lib/python3.9/json/init.py", line 293, in load
return loads(fp.read(),
File "/usr/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 4 column 5 (char 64)
Running manual-cleanup-hook command: /root/cert/strato-cert/cleanup-hook.py
manual-cleanup-hook command "/root/cert/strato-cert/cleanup-hook.py" returned error code 1
Error output from manual-cleanup-hook command cleanup-hook.py:
Traceback (most recent call last):
File "/root/cert/strato-cert/cleanup-hook.py", line 38, in
main()
File "/root/cert/strato-cert/cleanup-hook.py", line 17, in main
auth = json.load(file)
File "/usr/lib/python3.9/json/init.py", line 293, in load
return loads(fp.read(),
File "/usr/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 4 column 5 (char 64)
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: boe.de
Type: unauthorized
Detail: No TXT record found at _acme-challenge.boe.deDomain: boe.de
Type: unauthorized
Detail: No TXT record found at _acme-challenge.boe.deTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.`
ERROR: Parsing error on 2FA site by device name.
Hi,
unfortunately, the Strato-login with 2FA does not work for me:
sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook $(pwd)/auth-hook.py --manual-cleanup-hook $(pwd)/cleanup-hook.py -d *.DOMAIN.de
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Requesting a certificate for *.DOMAIN.de
Performing the following challenges:
dns-01 challenge for DOMAIN.de
Running manual-auth-hook command: /home/pi/strato-certbot/auth-hook.py
Output from manual-auth-hook command auth-hook.py:
INFO: txt_key: _acme-challenge
INFO: txt_value: Jrje5ftLExHYQixodsEMnd6puYJryTKh-zOIDbGT-ns
INFO: second_level_domain_name: DOMAIN.de
INFO: domain_name: DOMAIN.de
ERROR: Parsing error on 2FA site by device name.
ERROR: Strato login not accepted.
This is what my strato-auth.json looks like:
{
"username": "username",
"password": "secrect",
"totp_secret": "EVENMORESECRET",
"totp_devicename": "iPhone",
"waiting_time": 10
}
Where is my mistake? Many thanks for helping me out!
ERROR: Strato login not accepted.
Hi, when running the script manually using the command in your README, I get the following output:
Hook '--manual-cleanup-hook' for xxx.de reported error code 1
Hook '--manual-cleanup-hook' for xxx.de ran with output:
INFO: txt_key: _acme-challenge
INFO: txt_value: xxx
INFO: second_level_domain_name: xxx.de
INFO: domain_name: xxx.de
INFO: 2FA is not used.
ERROR: Strato login not accepted.
At first I tried having Strato 2FA disabled (without totp properties in the strato-auth.json file) and got this output. Then I enabled Strato 2FA and put the two properties into the strato-auth.json file (obviously containing the current totp secret), but I am still getting the same output (and it still says "2FA is not used").
strato-auth.json content:
{ "api_url": "https://www.strato.de/apps/CustomerService", "username": "xxx", "password": "xxx", "totp_secret": "xxx", "totp_devicename": "authy", "waiting_time": 5 }
Do you have any idea how I can fix this?
Thank you!
Waiting time should be string
Hey there,
thanks for your work publishing this repo. Its wirking great for me :).
Could you please adapt the manaul as well as the json.sample to indicate that the value of waiting_time should be of type string?
Currently the config.json shows type int which leads to a python error, since isdigit() is only defined for type string and not for integer.
Thank you,
Merry xmas and an happy new year
Stephan
Strato login not accepted
Hi,
thanks for your work on this amazing script! Unfortunately, I can't get it running. Thanks in advance for your help!
user@host:~/strato-certbot$ sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook $(pwd)/auth-hook.py --manual-cleanup-hook $(pwd)/cleanup-hook.py -d *.example.com -d example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
An RSA certificate named example.com already exists. Do you want to update its key
type to ECDSA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(U)pdate key type/(K)eep existing key type: K
Renewing an existing certificate for *.example.com and example.com
Hook '--manual-auth-hook' for example.com reported error code 1
Hook '--manual-auth-hook' for example.com ran with output:
INFO: txt_key: _acme-challenge
INFO: txt_value: REDACTED
INFO: second_level_domain_name: example.com
INFO: domain_name: example.com
INFO: 2FA is not used.
ERROR: Strato login not accepted.
Hook '--manual-auth-hook' for example.com reported error code 1
Hook '--manual-auth-hook' for example.com ran with output:
INFO: txt_key: _acme-challenge
INFO: txt_value: REDACTED
INFO: second_level_domain_name: example.com
INFO: domain_name: example.com
INFO: 2FA is not used.
ERROR: Strato login not accepted.This is my redacted strato-auth.json:
{
"username": "example",
"password": "topsecretpasswordwithsomespecialcharacters",
"totp_secret": "IWONTTELLYOU",
"totp_devicename": "example-iphone",
"waiting_time": 10
}Why is the error "ERROR: Strato login not accepted." thrown? Or why does it say "INFO: 2FA is not used." although I have 2FA enabled?
Auth Credentials
What are the auth credentials username and password? Are these the credentials of the server or the Strato DNS?
Doesn't work with multiple Strato packages
Hi,
your script doesn't work with multiple Strato packages.
The right cID needs to be passed.
# request current cname/txt records
request = http_session.get(api_url, params={
'sessionID': session_id,
'cID': "1",
'node': "ManageDomains",
'action_show_txt_records': '',
'vhost': domain_name
})
Cheers
Henrik
stratobot:latest not found
While running the run.sh
It threw the following error Message
Script Unable to find image 'stratobot:latest' locally
docker: Error response from daemon: pull access denied for stratobot, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
If It helps but I dont think so:
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Codename: jammy
Kernel: 5.15.0-101-generic
Login without 2FA fails
Hi, I get the following error:
Simulating renewal of an existing certificate for *.domain.de
Hook '--manual-auth-hook' for domain.de ran with output:
INFO: txt_key: _acme-challenge
INFO: txt_value: xxx
INFO: second_level_domain_name: domain.de
INFO: domain_name: domain.de
ERROR: 2FA parameter is not completely set.
DEBUG: session_id: xxx
INFO: strato package id (cID): 135235
INFO: Current cname/txt records:
INFO: New cname/txt records:
INFO: - _acme-challenge TXT: xxx
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: domain.de
Type: unauthorized
Detail: No TXT record found at _acme-challenge.domain.de
Hint: The Certificate Authority failed to verify t
My strato-auth.json looks like this:
{
"api_url": "https://www.strato.de/apps/CustomerService",
"username": "xxxx",
"password": "xxxx",
"waiting_time": 30
}
I can't find the word "factor" in print(response.text), so unfortunately the script doesn't go into the if in line 58.
If I remove the word "not" here, then the script runs correctly after I have manually changed the adjustments from pull request #31.
Of course, this cannot be the solution.
plugin seems not to work anymore.
I used the strato certbot plugin since a year or so.
On Monday all my txt records on the strato server were gone (cron job every Sunday at midnight). I thought Strato changes something and deleted my TXT records.
It turns out that the plugin deletes all TXT records.
dns-01 challenge for example.co
Cleaning up challenges
Running manual-cleanup-hook command: /usr/local/bin/strato-certbot/cleanup-hook.py
Output from manual-cleanup-hook command cleanup-hook.py:
INFO: txt_key: _acme-challenge
INFO: txt_value: JxCrxYdEUK84FRx0PV34bSXC3ZJhqK5ys
INFO: second_level_domain_name: example.co
INFO: domain_name: example.co
INFO: 2FA is not used.
DEBUG: session_id: 964e99252b2ef3e0dd8227ff341cca
INFO: strato package id (cID): 2
INFO: Current cname/txt records:
INFO: New cname/txt records:
Some challenges have failed.
After calling
certbot certonly --force-renew --manual --preferred-challenges dns --manual-auth-hook $(pwd)/auth-hook.py --manual-cleanup-hook $(pwd)/cleanup-hook.py --domain example.co --domain *.example.co
all TXT records are gone.
ERROR: Domain DOMAIN.de not found in strato packages
Hi,
I get the error in the title when I try your scripts.
Here’s the full log:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for DOMAIN.de
dns-01 challenge for DOMAIN.de
Running manual-auth-hook command: /home/jan/scripts/strato-certbot/auth-hook.py
Output from manual-auth-hook command auth-hook.py:
INFO: txt_key: _acme-challenge
INFO: txt_value: REMOVED
INFO: second_level_domain_name: DOMAIN.de
INFO: domain_name: DOMAIN.de
INFO: 2FA is not used.
DEBUG: session_id: REMOVED
ERROR: Domain DOMAIN.de not found in strato packages
manual-auth-hook command "/home/jan/scripts/strato-certbot/auth-hook.py" returned error code 1
Running manual-auth-hook command: /home/jan/scripts/strato-certbot/auth-hook.py
Output from manual-auth-hook command auth-hook.py:
INFO: txt_key: _acme-challenge
INFO: txt_value: REMOVED
INFO: second_level_domain_name: DOMAIN.de
INFO: domain_name: DOMAIN.de
INFO: 2FA is not used.
DEBUG: session_id: REMOVED
ERROR: Domain DOMAIN.de not found in strato packages
manual-auth-hook command "/home/jan/scripts/strato-certbot/auth-hook.py" returned error code 1
Waiting for verification...
Challenge failed for domain DOMAIN.de
Challenge failed for domain DOMAIN.de
dns-01 challenge for DOMAIN.de
dns-01 challenge for DOMAIN.de
Cleaning up challenges
Running manual-cleanup-hook command: /home/jan/scripts/strato-certbot/cleanup-hook.py
Output from manual-cleanup-hook command cleanup-hook.py:
Output from manual-cleanup-hook command cleanup-hook.py:
INFO: txt_key: _acme-challenge
INFO: txt_value: REMOVED
INFO: second_level_domain_name: DOMAIN.de
INFO: domain_name: DOMAIN.de
INFO: 2FA is not used.
DEBUG: session_id: REMOVED
ERROR: Domain DOMAIN.de not found in strato packages
manual-cleanup-hook command "/home/jan/scripts/strato-certbot/cleanup-hook.py" returned error code 1
Running manual-cleanup-hook command: /home/jan/scripts/strato-certbot/cleanup-hook.py
Output from manual-cleanup-hook command cleanup-hook.py:
INFO: txt_key: _acme-challenge
INFO: txt_value: REMOVED
INFO: second_level_domain_name: DOMAIN.de
INFO: domain_name: DOMAIN.de
INFO: 2FA is not used.
DEBUG: session_id: REMOVED
ERROR: Domain DOMAIN.de not found in strato packages
manual-cleanup-hook command "/home/jan/scripts/strato-certbot/cleanup-hook.py" returned error code 1
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: DOMAIN.de
Type: unauthorized
Detail: No TXT record found at _acme-challenge.DOMAIN.de
Domain: DOMAIN.de
Type: unauthorized
Detail: No TXT record found at _acme-challenge.DOMAIN.de
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
And this is the command I executed:
certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook /home/jan/scripts/strato-certbot/auth-hook.py --manual-cleanup-hook /home/jan/scripts/strato-certbot/cleanup-hook.py -d DOMAIN.de -d *.DOMAIN.de --dry-run
It worked a few months ago but not for two domains (wildcard). But after you fixed issue #14 I wanted to try it again.
And yes, the domain is present on strato.de.
any ideas?
Dockerfile not found when executing build.sh
Expected
When cloning the repository, cd-ing into the project's root directory and executing the ./docker/build.sh should build the certbot container.
Actual
An error message is issued:
unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat <omitted-absolute-path>/strato-certbot/Dockerfile: no such file or directory
Steps to reproduce
- Execute
git clone https://github.com/Buxdehuda/strato-certbot.git strato-certbot - Execute
cd strato-certbot - Execute
./docker/build.sh
captcha
I guess this script doesn't work anymore because the web page uses a captcha now? Or is there a workaround or way to disable the captcha?
Thanks,
Markus
Auth error when using two or more domains
Dear all,
first of all I want to thank you for this great script!
My challenge was to sign one certificate for my domain including 2nd level domain and wildcard for subdomains:
- example.com
- *.example.com
So I cloned the repository, adjusted strato-auth.json and ran the following syntax:
sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook $(pwd)/auth-hook.py --manual-cleanup-hook $(pwd)/cleanup-hook.py -d example.com -d *.example.com
It did not work, because certbot reported a wrong acme string. The reason is the curren workflow:
- certbot provides an acme string
acme1for first domainexample.comand expects dns-preperation byauth-hook.py auth-hook.pyremoves old acme strings from dnsauth-hook.pyaddsacme1to dns- certbot provides a second acme string
acme2for the second domain/the wildcard*.example.comand expects dns-preperation byauth-hook.py auth-hook.pyremoves old acme strings from dns including the string, we added in step 3auth-hook.pyaddsacme2to dns- now certbot only finds one acme string and fails.
cleanup-hook.pyremoves all acme strings from dns
Steps 2 and 5 are good for a clean dns before inserting the acme strings, but they are the reason for the auth-fail.
Solution for me: Commenting out
strato-certbot/certbotstratoapi.py
Line 218 in 32c9a7e
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.