acme-dns-auth.py doesn't work for me

Question

acme-dns-auth.py doesn't work for me

etcware opened this issue 5 years ago · 3 comments

When I run certbot with the suggested command line I receive the following error:

Hook command "/etc/letsencrypt/acme-dns-auth.py" returned error code 1
Error output from acme-dns-auth.py:
Traceback (most recent call last):
  File "/etc/letsencrypt/acme-dns-auth.py", line 145, in <module>
    account = client.register_account(ALLOW_FROM)
  File "/etc/letsencrypt/acme-dns-auth.py", line 47, in register_account
    res = requests.post(self.acmedns_url+"/register")
  File "/usr/lib/python2.7/dist-packages/requests/api.py", line 116, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='localhost', port=81): Max retries exceeded with url: /register (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_record', 'wrong version number')],)",),))

These are the versions I have on python-requests. Do you have any suggestion?

# python -m requests.help
{
  "chardet": {
    "version": "3.0.4"
  }, 
  "cryptography": {
    "version": "2.6.1"
  }, 
  "idna": {
    "version": "2.6"
  }, 
  "implementation": {
    "name": "CPython", 
    "version": "2.7.16"
  }, 
  "platform": {
    "release": "4.19.0-6-amd64", 
    "system": "Linux"
  }, 
  "pyOpenSSL": {
    "openssl_version": "1010102f", 
    "version": "19.0.0"
  }, 
  "requests": {
    "version": "2.21.0"
  }, 
  "system_ssl": {
    "version": "1010103f"
  }, 
  "urllib3": {
    "version": "1.24.1"
  }, 
  "using_pyopenssl": true
}

Answer 1 · 2019-11-01T16:10:39.000Z

I had a similar error when working with ACME-DNS directly.

Do you get the same error when you try testing the process: https://github.com/joohoi/acme-dns#testing-it-out

I fixed mine by updating to the latest version and making sure it successfully received a LE cert.

Answer 2 · 2021-11-04T22:02:40.000Z

@etcware Still an issue for you or can this be closed?

Were you running your tests against a self-hosted version of acme-dns? Were you running against letsencrypt staging?

Answer 3 · 2024-08-28T20:48:31.000Z

acme-dns server does not retrieve a Let's Encrypt certificate for localhost as this is not allowed by LE.
It retrieves a certificate for its domain.
You must use that domain to connect to the acme-dns server, otherwise you get a certifcate error (non matching domains).

I wrote my own acme-dns-client that works with certbot and acme.sh.
Please have a look here: https://github.com/maddes-b/acme-dns-client-2
Feedback welcome.