buxdehuda / strato-certbot Goto Github PK
View Code? Open in Web Editor NEWWildcard certificates for strato.de
License: The Unlicense
Wildcard certificates for strato.de
License: The Unlicense
Hey,
thansk for your work. I´m not very familiar into python.
Can you help me out with the error messages and what i´m doin worng?
Thank you a lot
`root@ap001:~# certbot certonly --manual --preferred-challenges dns --manual-auth-hook /root/cert/strato-cert/auth-hook.py --manual-cleanup-hook /root/cert/strato-cert/cleanup-hook.py -d "*.boe.de" -d "boe.de" --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert not due for renewal, but simulating renewal for dry run
Simulating renewal of an existing certificate for *.boe.de and boe.de
Performing the following challenges:
dns-01 challenge for boe.de
dns-01 challenge for boe.de
Running manual-auth-hook command: /root/cert/strato-cert/auth-hook.py
manual-auth-hook command "/root/cert/strato-cert/auth-hook.py" returned error code 1
Error output from manual-auth-hook command auth-hook.py:
Traceback (most recent call last):
File "/root/cert/strato-cert/auth-hook.py", line 38, in
main()
File "/root/cert/strato-cert/auth-hook.py", line 17, in main
auth = json.load(file)
File "/usr/lib/python3.9/json/init.py", line 293, in load
return loads(fp.read(),
File "/usr/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 4 column 5 (char 64)
Running manual-auth-hook command: /root/cert/strato-cert/auth-hook.py
manual-auth-hook command "/root/cert/strato-cert/auth-hook.py" returned error code 1
Error output from manual-auth-hook command auth-hook.py:
Traceback (most recent call last):
File "/root/cert/strato-cert/auth-hook.py", line 38, in
main()
File "/root/cert/strato-cert/auth-hook.py", line 17, in main
auth = json.load(file)
File "/usr/lib/python3.9/json/init.py", line 293, in load
return loads(fp.read(),
File "/usr/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 4 column 5 (char 64)
Waiting for verification...
Challenge failed for domain boe.de
Challenge failed for domain boe.de
dns-01 challenge for boe.de
dns-01 challenge for boe.de
Cleaning up challenges
Running manual-cleanup-hook command: /root/cert/strato-cert/cleanup-hook.py
manual-cleanup-hook command "/root/cert/strato-cert/cleanup-hook.py" returned error code 1
Error output from manual-cleanup-hook command cleanup-hook.py:
Traceback (most recent call last):
File "/root/cert/strato-cert/cleanup-hook.py", line 38, in
main()
File "/root/cert/strato-cert/cleanup-hook.py", line 17, in main
auth = json.load(file)
File "/usr/lib/python3.9/json/init.py", line 293, in load
return loads(fp.read(),
File "/usr/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 4 column 5 (char 64)
Running manual-cleanup-hook command: /root/cert/strato-cert/cleanup-hook.py
manual-cleanup-hook command "/root/cert/strato-cert/cleanup-hook.py" returned error code 1
Error output from manual-cleanup-hook command cleanup-hook.py:
Traceback (most recent call last):
File "/root/cert/strato-cert/cleanup-hook.py", line 38, in
main()
File "/root/cert/strato-cert/cleanup-hook.py", line 17, in main
auth = json.load(file)
File "/usr/lib/python3.9/json/init.py", line 293, in load
return loads(fp.read(),
File "/usr/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 4 column 5 (char 64)
Some challenges have failed.
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: boe.de
Type: unauthorized
Detail: No TXT record found at _acme-challenge.boe.de
Domain: boe.de
Type: unauthorized
Detail: No TXT record found at _acme-challenge.boe.de
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.`
Hi,
unfortunately, the Strato-login with 2FA does not work for me:
sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook $(pwd)/auth-hook.py --manual-cleanup-hook $(pwd)/cleanup-hook.py -d *.DOMAIN.de
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Requesting a certificate for *.DOMAIN.de
Performing the following challenges:
dns-01 challenge for DOMAIN.de
Running manual-auth-hook command: /home/pi/strato-certbot/auth-hook.py
Output from manual-auth-hook command auth-hook.py:
INFO: txt_key: _acme-challenge
INFO: txt_value: Jrje5ftLExHYQixodsEMnd6puYJryTKh-zOIDbGT-ns
INFO: second_level_domain_name: DOMAIN.de
INFO: domain_name: DOMAIN.de
ERROR: Parsing error on 2FA site by device name.
ERROR: Strato login not accepted.
This is what my strato-auth.json looks like:
{
"username": "username",
"password": "secrect",
"totp_secret": "EVENMORESECRET",
"totp_devicename": "iPhone",
"waiting_time": 10
}
Where is my mistake? Many thanks for helping me out!
Hi, when running the script manually using the command in your README, I get the following output:
Hook '--manual-cleanup-hook' for xxx.de reported error code 1
Hook '--manual-cleanup-hook' for xxx.de ran with output:
INFO: txt_key: _acme-challenge
INFO: txt_value: xxx
INFO: second_level_domain_name: xxx.de
INFO: domain_name: xxx.de
INFO: 2FA is not used.
ERROR: Strato login not accepted.
At first I tried having Strato 2FA disabled (without totp properties in the strato-auth.json file) and got this output. Then I enabled Strato 2FA and put the two properties into the strato-auth.json file (obviously containing the current totp secret), but I am still getting the same output (and it still says "2FA is not used").
strato-auth.json content:
{ "api_url": "https://www.strato.de/apps/CustomerService", "username": "xxx", "password": "xxx", "totp_secret": "xxx", "totp_devicename": "authy", "waiting_time": 5 }
Do you have any idea how I can fix this?
Thank you!
Hey there,
thanks for your work publishing this repo. Its wirking great for me :).
Could you please adapt the manaul as well as the json.sample to indicate that the value of waiting_time should be of type string?
Currently the config.json shows type int which leads to a python error, since isdigit() is only defined for type string and not for integer.
Thank you,
Merry xmas and an happy new year
Stephan
Hi,
thanks for your work on this amazing script! Unfortunately, I can't get it running. Thanks in advance for your help!
user@host:~/strato-certbot$ sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook $(pwd)/auth-hook.py --manual-cleanup-hook $(pwd)/cleanup-hook.py -d *.example.com -d example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
An RSA certificate named example.com already exists. Do you want to update its key
type to ECDSA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(U)pdate key type/(K)eep existing key type: K
Renewing an existing certificate for *.example.com and example.com
Hook '--manual-auth-hook' for example.com reported error code 1
Hook '--manual-auth-hook' for example.com ran with output:
INFO: txt_key: _acme-challenge
INFO: txt_value: REDACTED
INFO: second_level_domain_name: example.com
INFO: domain_name: example.com
INFO: 2FA is not used.
ERROR: Strato login not accepted.
Hook '--manual-auth-hook' for example.com reported error code 1
Hook '--manual-auth-hook' for example.com ran with output:
INFO: txt_key: _acme-challenge
INFO: txt_value: REDACTED
INFO: second_level_domain_name: example.com
INFO: domain_name: example.com
INFO: 2FA is not used.
ERROR: Strato login not accepted.
This is my redacted strato-auth.json
:
{
"username": "example",
"password": "topsecretpasswordwithsomespecialcharacters",
"totp_secret": "IWONTTELLYOU",
"totp_devicename": "example-iphone",
"waiting_time": 10
}
Why is the error "ERROR: Strato login not accepted." thrown? Or why does it say "INFO: 2FA is not used." although I have 2FA enabled?
What are the auth credentials username and password? Are these the credentials of the server or the Strato DNS?
Hi,
your script doesn't work with multiple Strato packages.
The right cID needs to be passed.
# request current cname/txt records
request = http_session.get(api_url, params={
'sessionID': session_id,
'cID': "1",
'node': "ManageDomains",
'action_show_txt_records': '',
'vhost': domain_name
})
Cheers
Henrik
While running the run.sh
It threw the following error Message
Script Unable to find image 'stratobot:latest' locally
docker: Error response from daemon: pull access denied for stratobot, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
If It helps but I dont think so:
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Codename: jammy
Kernel: 5.15.0-101-generic
Hi, I get the following error:
Simulating renewal of an existing certificate for *.domain.de
Hook '--manual-auth-hook' for domain.de ran with output:
INFO: txt_key: _acme-challenge
INFO: txt_value: xxx
INFO: second_level_domain_name: domain.de
INFO: domain_name: domain.de
ERROR: 2FA parameter is not completely set.
DEBUG: session_id: xxx
INFO: strato package id (cID): 135235
INFO: Current cname/txt records:
INFO: New cname/txt records:
INFO: - _acme-challenge TXT: xxx
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: domain.de
Type: unauthorized
Detail: No TXT record found at _acme-challenge.domain.de
Hint: The Certificate Authority failed to verify t
My strato-auth.json looks like this:
{
"api_url": "https://www.strato.de/apps/CustomerService",
"username": "xxxx",
"password": "xxxx",
"waiting_time": 30
}
I can't find the word "factor" in print(response.text), so unfortunately the script doesn't go into the if in line 58.
If I remove the word "not" here, then the script runs correctly after I have manually changed the adjustments from pull request #31.
Of course, this cannot be the solution.
I used the strato certbot plugin since a year or so.
On Monday all my txt records on the strato server were gone (cron job every Sunday at midnight). I thought Strato changes something and deleted my TXT records.
It turns out that the plugin deletes all TXT records.
dns-01 challenge for example.co
Cleaning up challenges
Running manual-cleanup-hook command: /usr/local/bin/strato-certbot/cleanup-hook.py
Output from manual-cleanup-hook command cleanup-hook.py:
INFO: txt_key: _acme-challenge
INFO: txt_value: JxCrxYdEUK84FRx0PV34bSXC3ZJhqK5ys
INFO: second_level_domain_name: example.co
INFO: domain_name: example.co
INFO: 2FA is not used.
DEBUG: session_id: 964e99252b2ef3e0dd8227ff341cca
INFO: strato package id (cID): 2
INFO: Current cname/txt records:
INFO: New cname/txt records:
Some challenges have failed.
After calling
certbot certonly --force-renew --manual --preferred-challenges dns --manual-auth-hook $(pwd)/auth-hook.py --manual-cleanup-hook $(pwd)/cleanup-hook.py --domain example.co --domain *.example.co
all TXT records are gone.
Hi,
I get the error in the title when I try your scripts.
Here’s the full log:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for DOMAIN.de
dns-01 challenge for DOMAIN.de
Running manual-auth-hook command: /home/jan/scripts/strato-certbot/auth-hook.py
Output from manual-auth-hook command auth-hook.py:
INFO: txt_key: _acme-challenge
INFO: txt_value: REMOVED
INFO: second_level_domain_name: DOMAIN.de
INFO: domain_name: DOMAIN.de
INFO: 2FA is not used.
DEBUG: session_id: REMOVED
ERROR: Domain DOMAIN.de not found in strato packages
manual-auth-hook command "/home/jan/scripts/strato-certbot/auth-hook.py" returned error code 1
Running manual-auth-hook command: /home/jan/scripts/strato-certbot/auth-hook.py
Output from manual-auth-hook command auth-hook.py:
INFO: txt_key: _acme-challenge
INFO: txt_value: REMOVED
INFO: second_level_domain_name: DOMAIN.de
INFO: domain_name: DOMAIN.de
INFO: 2FA is not used.
DEBUG: session_id: REMOVED
ERROR: Domain DOMAIN.de not found in strato packages
manual-auth-hook command "/home/jan/scripts/strato-certbot/auth-hook.py" returned error code 1
Waiting for verification...
Challenge failed for domain DOMAIN.de
Challenge failed for domain DOMAIN.de
dns-01 challenge for DOMAIN.de
dns-01 challenge for DOMAIN.de
Cleaning up challenges
Running manual-cleanup-hook command: /home/jan/scripts/strato-certbot/cleanup-hook.py
Output from manual-cleanup-hook command cleanup-hook.py:
Output from manual-cleanup-hook command cleanup-hook.py:
INFO: txt_key: _acme-challenge
INFO: txt_value: REMOVED
INFO: second_level_domain_name: DOMAIN.de
INFO: domain_name: DOMAIN.de
INFO: 2FA is not used.
DEBUG: session_id: REMOVED
ERROR: Domain DOMAIN.de not found in strato packages
manual-cleanup-hook command "/home/jan/scripts/strato-certbot/cleanup-hook.py" returned error code 1
Running manual-cleanup-hook command: /home/jan/scripts/strato-certbot/cleanup-hook.py
Output from manual-cleanup-hook command cleanup-hook.py:
INFO: txt_key: _acme-challenge
INFO: txt_value: REMOVED
INFO: second_level_domain_name: DOMAIN.de
INFO: domain_name: DOMAIN.de
INFO: 2FA is not used.
DEBUG: session_id: REMOVED
ERROR: Domain DOMAIN.de not found in strato packages
manual-cleanup-hook command "/home/jan/scripts/strato-certbot/cleanup-hook.py" returned error code 1
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: DOMAIN.de
Type: unauthorized
Detail: No TXT record found at _acme-challenge.DOMAIN.de
Domain: DOMAIN.de
Type: unauthorized
Detail: No TXT record found at _acme-challenge.DOMAIN.de
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
And this is the command I executed:
certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook /home/jan/scripts/strato-certbot/auth-hook.py --manual-cleanup-hook /home/jan/scripts/strato-certbot/cleanup-hook.py -d DOMAIN.de -d *.DOMAIN.de --dry-run
It worked a few months ago but not for two domains (wildcard). But after you fixed issue #14 I wanted to try it again.
And yes, the domain is present on strato.de.
any ideas?
When cloning the repository, cd
-ing into the project's root directory and executing the ./docker/build.sh
should build the certbot
container.
An error message is issued:
unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat <omitted-absolute-path>/strato-certbot/Dockerfile: no such file or directory
git clone https://github.com/Buxdehuda/strato-certbot.git strato-certbot
cd strato-certbot
./docker/build.sh
I guess this script doesn't work anymore because the web page uses a captcha now? Or is there a workaround or way to disable the captcha?
Thanks,
Markus
Dear all,
first of all I want to thank you for this great script!
My challenge was to sign one certificate for my domain including 2nd level domain and wildcard for subdomains:
So I cloned the repository, adjusted strato-auth.json
and ran the following syntax:
sudo certbot certonly --manual --preferred-challenges dns --manual-auth-hook $(pwd)/auth-hook.py --manual-cleanup-hook $(pwd)/cleanup-hook.py -d example.com -d *.example.com
It did not work, because certbot reported a wrong acme string. The reason is the curren workflow:
acme1
for first domain example.com
and expects dns-preperation by auth-hook.py
auth-hook.py
removes old acme strings from dns auth-hook.py
adds acme1
to dnsacme2
for the second domain/the wildcard *.example.com
and expects dns-preperation by auth-hook.py
auth-hook.py
removes old acme strings from dns including the string, we added in step 3 auth-hook.py
adds acme2
to dnscleanup-hook.py
removes all acme strings from dnsSteps 2 and 5 are good for a clean dns before inserting the acme strings, but they are the reason for the auth-fail.
Solution for me: Commenting out
strato-certbot/certbotstratoapi.py
Line 218 in 32c9a7e
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.