-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
drop --user on pip install dns plugin #2971
drop --user on pip install dns plugin #2971
Conversation
Do not install dns_plugin into the user site because it will lack sys.path precedence to urllib3 in /opt/certbot/lib/python3.7/site-packages
Docker Image for build 1 is available on DockerHub as Note: ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes. |
PR image is functioning as expected and stable. |
Can confirm this patch fixes issues with DNS validation of SSLs through Godaddy. Should definitely be merged with the main branch. Good job @wolviex! |
Worked smoothly with Route53 as well. Thanks for the effort @wolviex 🙏 |
Doesn't fix issue with ClouDNS: #2844 |
Your proposed fix does seem to throw some issues with the TransIP API
This error can be fixed by exec-ing to the container and executing: |
Are you saying you get this same error on an fresh container pulled with the 'jc21/nginx-proxy-manager:latest' image tag? |
Good point. I may have spoken a bit to soon. When manualy applying the PR to the |
I was having the |
Appears to resolve #2844 as well |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since I can't push to your PR branch; I'd propose the line
const prepareCmd = '. /opt/certbot/bin/activate && pip install --no-cache-dir ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies + ' && deactivate';
to be changed to
const prepareCmd = '. /opt/certbot/bin/activate && pip install --upgrade pyopenssl && pip install --no-cache-dir ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies + ' && deactivate';
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR directly addresses the error Will not install to user site
and nothing else.
This is as recommended by a certbot engineer.
Please explain why the pyopenssl upgrade is to be considered a part of this PR.
I figured, since it fixes a subsequent issue, it might as well be integrated into the same PR. But if you wish, I'll create a separate PR for it. |
I thought you clarified that your issue is also present on the :latest ? It may be something that should be addressed in another module |
Crazy that this PR hasn't been merged yet with the official since it clearly fixes an issue. @jc21 still around? |
Sorry for the confusion - no, the issue is not fixed in 05307aa. I only meant it is the same fix method used in that commit, just for reference. 05307aa is also not latest (2a06384 is and my PR is on top of that). |
Ok, no problem. I hope the PR is merging soon! |
I'm almost happy to merge the PR, however I'd ask that someone (or more than one) test this image with PUID/PGID set and also test without it being set. The certbot install stuff may behave differently when the process is run as a non-root user vs a root user. |
I can confirm its working on AWS R53.
and got my cert without issues |
tested and works for me too using Route53 |
I also only have Route53 in use for my hosts, but yeah I'd like to see other certbot plugins tested too. |
I use GoDaddy, and have PUID/PGID set to 1000. This is what worked for me in the first place. |
Ok sounds good I'll merge it. |
Do not install dns_plugin (via pip) into the user site because it will lack sys.path precedence to urllib3 in /opt/certbot/lib/python3.7/site-packages.
resolves #2921 and #2844
solution recommended by certbot engineer: https://community.letsencrypt.org/t/nginx-proxy-manager-and-cert/198147
Tested with docker image 'jc21/nginx-proxy-manager:latest', Godaddy DNS API credentials and wildcard certificate.