certbot-dns-linode - api permissions...

Hello,

i'm trying to set up letsencrypt on linode with the following command "wildcard":

certbot certonly --dns-linode --staging --dns-linode-credentials /root/.secrets/certbot/linode.ini --dns-linode-propagation-seconds 1000 --server https://acme-v02.api.letsencrypt.org/directory

The thing is.. with a correct api_key i got evertime:
Linode api error: [{'ERRORMESSAGE': 'Authentication failed','ERRORCODE': 4}]

which sounds only a problem with api key permissions..
However, i've been able to test some api's with success so it's not a problem with my key at all..

After reading the source, i've noticed, that is doing a request to this endpoing:
https://api.linode.com/api/?api_key=HERE_GOES_MY_API_KEY&resultFormat=JSON&api_action=domain.list
which a can't find on linode documentation.. weird..

However, doing manually to:
curl -X GET https://api.linode.com/v4/domains -H "Authorization: Bearer …"
it works perfectly..

python3-certbot-dns-linode version is (0.31.0-1)

am i missing something?

Thanks,
David.

5 Replies

Looks like support was added in a later version of certbot-dns-linode: https://github.com/certbot/certbot/commit/333ea90d1b1348933aa6e586472bb62e182bfebc

@gparent yes, but i'm using the last version which includes that already.. and it's correct with the official doc:

https://certbot-dns-linode.readthedocs.io/en/stable/_modules/certbot_dns_linode/dns_linode.html

Update:

you're correct.. the last available version "ppm" does not include that fix yet..
Updating the key with one generated at manager.linode works..

Thanks again,
David.

Since certbot is python you'd probably be able to use virtualenvs to solve the issue cleanly: https://docs.python.org/3/library/venv.html

Should someone stumble on this as I did, my solution was to use certbot-auto rather than installing certbot from the official packages

Here's my ansible yaml snippet

    - name: certbot - download
      get_url:
        url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-auto
        dest: /usr/local/bin/certbot-auto
        mode: '0755'
    - name: certbot - setup
      command: certbot-auto -qn --version
    - name: certbot - install certbot-dns-linode
      pip:
        executable: /opt/eff.org/certbot/venv/bin/pip
        name: certbot-dns-linode

Then it worked

Glad you found a solution, and I know this thread started about certbot.

However acme.sh is another great alternative. It has plenty more providers, including Linode API (and v4) and because it’s just a shell script, it’s simple enough to install and use on most OSes.

https://acme.sh/

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct