certbot-dns-godaddy==2.9.0

[nicandris]

Hey, just updated to the latest docker img and i get the following error

[2/28/2024] [5:46:24 PM] [Global   ] › ⬤  debug     CMD: . /opt/certbot/bin/activate && pip install --no-cache-dir  certbot-dns-godaddy==$(certbot --version | grep -Eo '[0-9](\.[0-9]+)+')  && deactivate
[2/28/2024] [5:46:25 PM] [Certbot  ] › ✖  error     ERROR: Could not find a version that satisfies the requirement certbot-dns-godaddy==2.9.0 (from versions: 0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 2.6.0, 2.7.4, 2.8.0)
ERROR: No matching distribution found for certbot-dns-godaddy==2.9.0**

I don't see such version in pypi

[nicandris]

for anyone else encountering this, for now hardcode the version 2.8.0 in global/certbot-dns-plugins.json

                "name": "GoDaddy",
                "package_name": "certbot-dns-godaddy",
                "version": "~=2.8.0",
                "dependencies": "",
                "credentials": "dns_godaddy_secret = 0123456789abcdef0123456789abcdef01234567\ndns_godaddy_key = abcdef0123456789abcdef01234567abcdef0123",
                "full_plugin_name": "dns-godaddy"
        },

[innosflew]

Yeah, I also have this issue.

[ukewea]

On my Raspberry Pi 4 (arm64) using image with 2.11.1 tag, I have to change to "version": "~=2.6.0", or I would encounter the Failed to renew certificate npm-2 with error: Error determining zone identifier for __domain__: 404 Client Error: Not Found for url: https://api.godaddy.com/v1/domains/__domain__ error when renewing certificate.

[TheRealVira]

Fixed it by installing a specific certbot version:

pip3 install certbot==2.8

This works, because it sets all dependency plugin versions to 2.8 as declared in global/certbot-dns-plugins.json:

...
        "godaddy": {
                "name": "GoDaddy",
                "package_name": "certbot-dns-godaddy",
                "version": "=={{certbot-version}}",
...
        }

The issue is that currently certbot-dns-godaddy v2.8 is their latest version: https://github.com/miigotu/certbot-dns-godaddy

[shayaknyc]

How would one go about getting this fixed in the docker container?

[TheRealVira]

How would one go about getting this fixed in the docker container?

https://stackoverflow.com/questions/30172605/how-do-i-get-into-a-docker-containers-shell#30173220

[shayaknyc]

How would one go about getting this fixed in the docker container?

https://stackoverflow.com/questions/30172605/how-do-i-get-into-a-docker-containers-shell#30173220

I know how to get INSIDE the container and execute things inside of it, but once you stop, reboot, etc, all changes are lost, so how do we make this change permanent?

[nicandris]

How would one go about getting this fixed in the docker container?

copy the file from this repo, place it somewhere on your machine, do the change, and mount it in docker

it should be mounted to /app/global/certbot-dns-plugins.json

[snorkrat]

How would one go about getting this fixed in the docker container?

copy the file from this repo, place it somewhere on your machine, do the change, and mount it in docker

it should be mounted to /app/global/certbot-dns-plugins.json

Thanks, that fixed it for me!

[shayaknyc]

Me too!

[wolviex]

I created a pull request to pin the certbos-dns-godaddy version at the latest, v2.8.0, which should resolve this.

I ran into some other issues for me, namely an issue with certbot/plugins/dns_common_lexicon.py regarding the recent update about delegated subdomains.
They aren't specifically related to this, but try this PR at your own risk. I'd appreciate the feedback if anyone else can test and confirm.
Docker Image for build 1 is available on DockerHub as jc21/nginx-proxy-manager:github-pr-3639

[CameronMunroe]

In my initial testing it seems I have fallen onto issues with subdomains with wildcards possibly mentioned by @wolviex.

*.sub.example.com for example will route the API request to sub.example.com instead of example.com on the GoDaddy API. Causing a 404 error.

Unsure if this issue is an upstream certbot change or NPM.

[Red3nzo]

Currently running into this error after downgrading to certbot==2.8.

Error determining zone identifier for <DOMAIN>: 401 Client Error: Unauthorized for url: https://api.godaddy.com/v1/domains/<DOMAIN>.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

Does anyone have any suggestions? Would the jc21/nginx-proxy-manager:github-pr-3639 image pull fix this?

[wolviex]

Would the jc21/nginx-proxy-manager:github-pr-3639 image pull fix this?

No, jc21/nginx-proxy-manager:github-pr-3639 would only remove the need for manually downgrading Certbot to 2.8.
I believe your issue is the same as I noted above regarding subdomain delegation.
I believe this was introduced in the dns_common_lexicon plugin in certbot/pull/9821 and I suspect that certbot-dns-godaddy needs to accommodate for it. If something happens on that front, I can post updates to this issue.

TL;DR The Error determining zone identifier is not an NPM issue

HERE BE DRAGONS
I haven't had a chance to dig in yet, but the workaround for me was to remove/comment out the line:
204: 'delegated': domain, in
/opt/certbot/lib/python3.11/site-packages/certbot/plugins/dns_common_lexicon.py
This is a pain in the ass, and I never recommend changing site-package files.

[Red3nzo]

remove/comment out the line: 204: 'delegated': domain,

I'm not familiar with python, I edited the site-package file & rerun the SSL Certificate creation & got the same Error determining zone identifier.

Do I have to recompile the certbot package @wolviex?

[wolviex]

Do I have to recompile the certbot package @wolviex?

You may need to restart the container

[Red3nzo]

Container was restarted & the problem still persists, line of code is commented out as well.
LexiconDNSAuthenticator._resolve_domain raises an error