Certbot Cloudflare DNS Challenge error --dns-cloudflare-credentials

When certbot is showing you the error "certbot: error: unrecognized arguments: --dns-cloudflare-credentials" you might find the following helpful:

Problem

root@linlxc033:~#
root@linlxc033:~# certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/tls/certbot/cloudflare-api.key --preferred-challenges dns-01 -d "somedomain.com" -d "*.somedomain.com"
usage:
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --dns-cloudflare-credentials /root/tls/certbot/cloudflare-api.key
root@linlxc033:~#
root@linlxc033:~#

Solution

Install the required package. This is the solution if you have installed python3-certbot as an apt package:

sudo apt -y install python3-certbot-dns-cloudflare

This is the solution if you have installed certbot as a snap:

sudo snap set certbot trust-plugin-with-root=ok
sudo snap install certbot-dns-cloudflare

Example

root@linlxc033:~#
root@linlxc033:~# sudo apt -y install python3-certbot-dns-cloudflare
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
[...]
root@linlxc033:~#
root@linlxc033:~# sudo snap set certbot trust-plugin-with-root=ok
root@linlxc033:~# sudo snap install certbot-dns-cloudflare
certbot-dns-cloudflare 2.8.0 from Certbot Project (certbot-eff✓) installed
root@linlxc033:~#
root@linlxc033:~#
root@linlxc033:~# certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/tls/certbot/cloudflare-api.key --preferred-challenges dns-01 -d "somedomain.com" -d "*.somedomain.com"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for somedomain.com and *.somedomain.com   
Unsafe permissions on credentials configuration file: /root/tls/certbot/cloudflare-api.key
Waiting 10 seconds for DNS changes to propagate

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/somedomain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/somedomain.com/privkey.pem
This certificate expires on 2024-08-04.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@linlxc033:~#
root@linlxc033:~#
 
 
at No comments:
Labels: ,
Subscribe to: Posts (Atom)

Splunk UseCase for attacks against FortiGate Firewall management interfaces

If you are using Splunk as your SIEM you can try to detect attacks against your FortiGate firewalls by using the following SPL query: index...