为什么 certbot-dns-cloudflare 插件不安装在 aws linux
Why doesn't certbot-dns-cloudflare plugin install under aws linux
我有一个带有单个 ec2 实例的弹性 beanstalk,我需要在部署期间安装 SSL 证书,此时无法通过 DNS 上 A 记录给出的 IP 地址访问服务器。我想将 LetsEncrypt 与 certbot-dns-cloudflare 插件一起使用,以自动获取并安装证书。我创建了一个包含我的 cloudflare api 密钥的 cloudflare 凭据文件,以便插件可以请求 cloudflare 创建 DNS TXT 记录并使用它来进行域名所有权验证。
我在尝试使用此处描述的方法安装 certbot 时遇到了一些问题 https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt (EPEL libraries not containing certbot), and appeared to have better luck using the cerbot-auto install method here https://medium.com/@mohan08p/install-and-renew-lets-encrypt-ssl-on-amazon-ami-6d3e0a61693。
到目前为止我的流程是:
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto --debug --install-only
这似乎是为了安装 certbot,我没有看到任何错误消息。
接下来我这样做:
$ cd /opt/eff.org/certbot/venv
$ source bin/activate
$ sudo pip install certbot-dns-cloudflare
... cut short for brevity ...
Collecting zope.event (from zope.component->certbot>=0.21.1->certbot-dns-cloudflare)
Downloading https://files.pythonhosted.org/packages/c5/96/361edb421a077a4c208b4a5c212737d78ae03ce67fbbcd01621c49f332d1/zope.event-4.4-py2.py3-none-any.whl
Collecting pycparser (from cffi!=1.11.3,>=1.7->cryptography>=0.8->acme>=0.21.1->certbot-dns-cloudflare)
Downloading https://files.pythonhosted.org/packages/68/9e/49196946aee219aead1290e00d1e7fdeab8567783e83e1b9ab5585e6206a/pycparser-2.19.tar.gz (158kB)
100% |################################| 163kB 7.9MB/s
Collecting zope.proxy (from zope.deferredimport>=4.2.1->zope.component->certbot>=0.21.1->certbot-dns-cloudflare)
Downloading https://files.pythonhosted.org/packages/7c/f5/e9ed65cdf8c93d24d7512ef89e21b241bc9ae75d90bc8608cc142f4c26f9/zope.proxy-4.3.1.tar.gz (43kB)
100% |################################| 51kB 12.1MB/s
Installing collected packages: funcsigs, pbr, six, mock, zope.interface, chardet, idna, certifi, urllib3, asn1crypto, enum34, pycparser, cffi, ipaddress, cryptography, PyOpenSSL, requests, requests-toolbelt, pytz, pyrfc3339, josepy, acme, future, parsedatetime, ConfigArgParse, zope.hookable, zope.proxy, zope.deferredimport, zope.deprecation, zope.event, zope.component, certbot, jsonlines, cloudflare, certbot-dns-cloudflare
Found existing installation: six 1.8.0
Uninstalling six-1.8.0:
Successfully uninstalled six-1.8.0
Found existing installation: chardet 2.0.1
DEPRECATION: Uninstalling a distutils installed project (chardet) has been deprecated and will be removed in a future version. This is due to the fact that uninstalling a distutils project will only partially uninstall the project.
Uninstalling chardet-2.0.1:
Successfully uninstalled chardet-2.0.1
Found existing installation: urllib3 1.8.2
Uninstalling urllib3-1.8.2:
Successfully uninstalled urllib3-1.8.2
Running setup.py install for pycparser ... done
Found existing installation: requests 1.2.3
Uninstalling requests-1.2.3:
Successfully uninstalled requests-1.2.3
Running setup.py install for future ... done
Running setup.py install for ConfigArgParse ... done
Running setup.py install for zope.hookable ... done
Running setup.py install for zope.proxy ... done
Running setup.py install for cloudflare ... done
Successfully installed ConfigArgParse-0.13.0 PyOpenSSL-18.0.0 acme-0.29.1 asn1crypto-0.24.0 certbot-0.29.1 certbot-dns-cloudflare-0.29.1 certifi-2018.11.29 cffi-1.11.5 chardet-3.0.4 cloudflare-2.1.0 cryptography-2.4.2 enum34-1.1.6 funcsigs-1.0.2 future-0.17.1 idna-2.8 ipaddress-1.0.22 josepy-1.1.0 jsonlines-1.2.0 mock-2.0.0 parsedatetime-2.4 pbr-5.1.1 pycparser-2.19 pyrfc3339-1.1 pytz-2018.7 requests-2.21.0 requests-toolbelt-0.8.0 six-1.12.0 urllib3-1.24.1 zope.component-4.5 zope.deferredimport-4.3 zope.deprecation-4.4.0 zope.event-4.4 zope.hookable-4.2.0 zope.interface-4.6.0 zope.proxy-4.3.1
You are using pip version 9.0.3, however version 18.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
在清单中,我看到 cloudflare 插件已成功安装的迹象。但是,当我列出插件时,我没有看到它:
$ sudo ./certbot-auto plugins
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
* nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
* standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
使用插件尝试 运行 certbot-auto 失败如下:
$ sudo ./certbot-auto certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini --dns-cloudflare-propagation-seconds 60 -d my-domain.com
usage:
certbot-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --dns-cloudflare-credentials /home/ec2-user/.secrets/certbot/cloudflare.ini --dns-cloudflare-propagation-seconds 60
有人可以指教吗?
谢谢
这最终对我有用:
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto --debug --install-only
$ whereis certbot
certbot: /usr/local/bin/certbot
$ cd /opt/eff.org/certbot/venv
$ source bin/activate
$ sudo pip install certbot-dns-cloudflare
$ deactivate
$ sudo /usr/local/bin/certbot plugins
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* dns-cloudflare
Description: Obtain certificates using a DNS TXT record (if you are using
Cloudflare for DNS).
Interfaces: IAuthenticator, IPlugin
Entry point: dns-cloudflare =
certbot_dns_cloudflare.dns_cloudflare:Authenticator
* standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
如果将此合并到根目录下 运行 的 .ebextensions/01-packages/install-packages.conf 中,您需要添加一些内容以创建以下文件,其中包含您的 cloudflare 电子邮件和 api密钥在 /root/.secrets/certbot/cloudflare.ini
$ sudo mkdir /root/.secrets/certbot
$ sudo chmod 700 /.secrets
$ sudo su
# printf 'dns_cloudflare_email = <your-cf-email>\ndns_cloudflare_api_key = <your-cf-api-key' > /root/.secrets/certbot/cloudflare.ini
# printf 'A\nn\nn\n' | /usr/local/bin/certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini --dns-cloudflare-propagation-seconds 60 -d my-domain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for my-domain.com
Waiting 60 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/my-domain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/my-domain.com/privkey.pem
Your cert will expire on 2019-03-17. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
对我来说,certbot 安装在两个位置 /usr/local/bin/certbot 可以正常工作,默认 /usr/bin/certbot 找不到新安装的插件。
我正在使用 which certbot、certbot plugins 和 /usr/local/bin/certbot plugins 来调试它。
希望这对某人有所帮助。
我在尝试在 Amazon Linux 上安装 certbot cloudflare 插件时遇到了同样的问题。我尝试了一些不同的东西,但下面的工作使用 pip 即
sudo yum install -y python-pip
pip install --upgrade pip
pip install certbot-dns-cloudflare
我有一个带有单个 ec2 实例的弹性 beanstalk,我需要在部署期间安装 SSL 证书,此时无法通过 DNS 上 A 记录给出的 IP 地址访问服务器。我想将 LetsEncrypt 与 certbot-dns-cloudflare 插件一起使用,以自动获取并安装证书。我创建了一个包含我的 cloudflare api 密钥的 cloudflare 凭据文件,以便插件可以请求 cloudflare 创建 DNS TXT 记录并使用它来进行域名所有权验证。
我在尝试使用此处描述的方法安装 certbot 时遇到了一些问题 https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt (EPEL libraries not containing certbot), and appeared to have better luck using the cerbot-auto install method here https://medium.com/@mohan08p/install-and-renew-lets-encrypt-ssl-on-amazon-ami-6d3e0a61693。
到目前为止我的流程是:
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto --debug --install-only
这似乎是为了安装 certbot,我没有看到任何错误消息。 接下来我这样做:
$ cd /opt/eff.org/certbot/venv
$ source bin/activate
$ sudo pip install certbot-dns-cloudflare
... cut short for brevity ...
Collecting zope.event (from zope.component->certbot>=0.21.1->certbot-dns-cloudflare)
Downloading https://files.pythonhosted.org/packages/c5/96/361edb421a077a4c208b4a5c212737d78ae03ce67fbbcd01621c49f332d1/zope.event-4.4-py2.py3-none-any.whl
Collecting pycparser (from cffi!=1.11.3,>=1.7->cryptography>=0.8->acme>=0.21.1->certbot-dns-cloudflare)
Downloading https://files.pythonhosted.org/packages/68/9e/49196946aee219aead1290e00d1e7fdeab8567783e83e1b9ab5585e6206a/pycparser-2.19.tar.gz (158kB)
100% |################################| 163kB 7.9MB/s
Collecting zope.proxy (from zope.deferredimport>=4.2.1->zope.component->certbot>=0.21.1->certbot-dns-cloudflare)
Downloading https://files.pythonhosted.org/packages/7c/f5/e9ed65cdf8c93d24d7512ef89e21b241bc9ae75d90bc8608cc142f4c26f9/zope.proxy-4.3.1.tar.gz (43kB)
100% |################################| 51kB 12.1MB/s
Installing collected packages: funcsigs, pbr, six, mock, zope.interface, chardet, idna, certifi, urllib3, asn1crypto, enum34, pycparser, cffi, ipaddress, cryptography, PyOpenSSL, requests, requests-toolbelt, pytz, pyrfc3339, josepy, acme, future, parsedatetime, ConfigArgParse, zope.hookable, zope.proxy, zope.deferredimport, zope.deprecation, zope.event, zope.component, certbot, jsonlines, cloudflare, certbot-dns-cloudflare
Found existing installation: six 1.8.0
Uninstalling six-1.8.0:
Successfully uninstalled six-1.8.0
Found existing installation: chardet 2.0.1
DEPRECATION: Uninstalling a distutils installed project (chardet) has been deprecated and will be removed in a future version. This is due to the fact that uninstalling a distutils project will only partially uninstall the project.
Uninstalling chardet-2.0.1:
Successfully uninstalled chardet-2.0.1
Found existing installation: urllib3 1.8.2
Uninstalling urllib3-1.8.2:
Successfully uninstalled urllib3-1.8.2
Running setup.py install for pycparser ... done
Found existing installation: requests 1.2.3
Uninstalling requests-1.2.3:
Successfully uninstalled requests-1.2.3
Running setup.py install for future ... done
Running setup.py install for ConfigArgParse ... done
Running setup.py install for zope.hookable ... done
Running setup.py install for zope.proxy ... done
Running setup.py install for cloudflare ... done
Successfully installed ConfigArgParse-0.13.0 PyOpenSSL-18.0.0 acme-0.29.1 asn1crypto-0.24.0 certbot-0.29.1 certbot-dns-cloudflare-0.29.1 certifi-2018.11.29 cffi-1.11.5 chardet-3.0.4 cloudflare-2.1.0 cryptography-2.4.2 enum34-1.1.6 funcsigs-1.0.2 future-0.17.1 idna-2.8 ipaddress-1.0.22 josepy-1.1.0 jsonlines-1.2.0 mock-2.0.0 parsedatetime-2.4 pbr-5.1.1 pycparser-2.19 pyrfc3339-1.1 pytz-2018.7 requests-2.21.0 requests-toolbelt-0.8.0 six-1.12.0 urllib3-1.24.1 zope.component-4.5 zope.deferredimport-4.3 zope.deprecation-4.4.0 zope.event-4.4 zope.hookable-4.2.0 zope.interface-4.6.0 zope.proxy-4.3.1
You are using pip version 9.0.3, however version 18.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
在清单中,我看到 cloudflare 插件已成功安装的迹象。但是,当我列出插件时,我没有看到它:
$ sudo ./certbot-auto plugins
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
* nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
* standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
使用插件尝试 运行 certbot-auto 失败如下:
$ sudo ./certbot-auto certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini --dns-cloudflare-propagation-seconds 60 -d my-domain.com
usage:
certbot-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --dns-cloudflare-credentials /home/ec2-user/.secrets/certbot/cloudflare.ini --dns-cloudflare-propagation-seconds 60
有人可以指教吗? 谢谢
这最终对我有用:
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto --debug --install-only
$ whereis certbot
certbot: /usr/local/bin/certbot
$ cd /opt/eff.org/certbot/venv
$ source bin/activate
$ sudo pip install certbot-dns-cloudflare
$ deactivate
$ sudo /usr/local/bin/certbot plugins
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* dns-cloudflare
Description: Obtain certificates using a DNS TXT record (if you are using
Cloudflare for DNS).
Interfaces: IAuthenticator, IPlugin
Entry point: dns-cloudflare =
certbot_dns_cloudflare.dns_cloudflare:Authenticator
* standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
如果将此合并到根目录下 运行 的 .ebextensions/01-packages/install-packages.conf 中,您需要添加一些内容以创建以下文件,其中包含您的 cloudflare 电子邮件和 api密钥在 /root/.secrets/certbot/cloudflare.ini
$ sudo mkdir /root/.secrets/certbot
$ sudo chmod 700 /.secrets
$ sudo su
# printf 'dns_cloudflare_email = <your-cf-email>\ndns_cloudflare_api_key = <your-cf-api-key' > /root/.secrets/certbot/cloudflare.ini
# printf 'A\nn\nn\n' | /usr/local/bin/certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini --dns-cloudflare-propagation-seconds 60 -d my-domain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for my-domain.com
Waiting 60 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/my-domain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/my-domain.com/privkey.pem
Your cert will expire on 2019-03-17. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
对我来说,certbot 安装在两个位置 /usr/local/bin/certbot 可以正常工作,默认 /usr/bin/certbot 找不到新安装的插件。
我正在使用 which certbot、certbot plugins 和 /usr/local/bin/certbot plugins 来调试它。
希望这对某人有所帮助。
我在尝试在 Amazon Linux 上安装 certbot cloudflare 插件时遇到了同样的问题。我尝试了一些不同的东西,但下面的工作使用 pip 即
sudo yum install -y python-pip
pip install --upgrade pip
pip install certbot-dns-cloudflare