View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions certbot-dns-linode - api permissions...
Log in to Ask a Question

certbot-dns-linode - api permissions...

linux development network

Hello,

i'm trying to set up letsencrypt on linode with the following command "wildcard":

certbot certonly --dns-linode --staging --dns-linode-credentials /root/.secrets/certbot/linode.ini --dns-linode-propagation-seconds 1000 --server https://acme-v02.api.letsencrypt.org/directory

The thing is.. with a correct api_key i got evertime:
Linode api error: [{'ERRORMESSAGE': 'Authentication failed','ERRORCODE': 4}]

which sounds only a problem with api key permissions..
However, i've been able to test some api's with success so it's not a problem with my key at all..

After reading the source, i've noticed, that is doing a request to this endpoing:
https://api.linode.com/api/?api_key=HERE_GOES_MY_API_KEY&resultFormat=JSON&api_action=domain.list
which a can't find on linode documentation.. weird..

However, doing manually to:
curl -X GET https://api.linode.com/v4/domains -H "Authorization: Bearer …"
it works perfectly..

python3-certbot-dns-linode version is (0.31.0-1)

am i missing something?

Thanks,
David.

5 Replies

Looks like support was added in a later version of certbot-dns-linode: https://github.com/certbot/certbot/commit/333ea90d1b1348933aa6e586472bb62e182bfebc

@gparent yes, but i'm using the last version which includes that already.. and it's correct with the official doc:

https://certbot-dns-linode.readthedocs.io/en/stable/_modules/certbot_dns_linode/dns_linode.html

Update:

you're correct.. the last available version "ppm" does not include that fix yet..
Updating the key with one generated at manager.linode works..

Thanks again,
David.

Since certbot is python you'd probably be able to use virtualenvs to solve the issue cleanly: https://docs.python.org/3/library/venv.html

Should someone stumble on this as I did, my solution was to use certbot-auto rather than installing certbot from the official packages

Here's my ansible yaml snippet

    - name: certbot - download
      get_url:
        url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-auto
        dest: /usr/local/bin/certbot-auto
        mode: '0755'
    - name: certbot - setup
      command: certbot-auto -qn --version
    - name: certbot - install certbot-dns-linode
      pip:
        executable: /opt/eff.org/certbot/venv/bin/pip
        name: certbot-dns-linode

Then it worked

Glad you found a solution, and I know this thread started about certbot.

However acme.sh is another great alternative. It has plenty more providers, including Linode API (and v4) and because it’s just a shell script, it’s simple enough to install and use on most OSes.

https://acme.sh/

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct