Bump certbot-dns-porkbun

[andrew-codechimp]

Porkbun is changing its API URL on the 1st December 2024.

The cert-bot package has been updated so bumping the version here

See
infinityofspace/certbot_dns_porkbun#88

[nginxproxymanagerci]

Docker Image for build 1 is available on
DockerHub
as nginxproxymanager/nginx-proxy-manager-dev:pr-4169

Note: ensure you backup your NPM instance before testing this image! Especially if there are database changes
Note: this is a different docker image namespace than the official image

[jc21]

Please test this docker image and let me know if the DNS plugin change works as expected. Thanks

[andrew-codechimp]

I could not get the cert to renew but no errors in logs.
I have since moved away from Porkbun so hopefully someone else will test/pick this up.

[eimajenthat]

It's not working for me. I grabbed some screenshots, but I didn't see anything that looked like a smoking gun:

If you'd like me to check anything and get you debug data, let me know.

[eimajenthat]

I opened a shell in my NPM Docker container and renewed the cert manually without error:

[root@docker-4159c15cfdd1:/app]# certbot certonly -d *.{REDACTED}
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Obtain certificates using a DNS TXT record (if you are using Cloudflare for
DNS). (dns-cloudflare)
2: Obtain certificates using a DNS TXT record for Porkbun domains (dns-porkbun)
3: Runs an HTTP server locally which serves the necessary validation files under
the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
server already running. HTTP challenge only (wildcards not supported).
(standalone)
4: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A separate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-4] then [enter] (press 'c' to cancel): 2
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/npm-1.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for *.{REDACTED}

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/npm-1/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/npm-1/privkey.pem
This certificate expires on 2025-02-24.
These files will be updated when the certificate renews.

NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

So it seems like the Porkbun plugin for certbot is working. There's just some kind of issue when NPM tries to run it. The front end error was just a timeout. And the backend terminal didn't show anything conclusive. Maybe it's fine; just taking a little too long to complete the renewal???

[jc21]

The "certbot is already running" problem is usually because the auto cert updater is running in the background at the same time. It's definitely an annoyance.

[eimajenthat]

I tried again and the cert renewed successfully through the web UI. I think this works, and the issues I saw before were unrelated, as you said. Can we merge this? Would you like me to do any further verification to confirm?

[ly2xing]

is it possible to get this merged? porkbun dns challenge is broken right now anyway

[HoBeom]

Hello!
Regarding this PR, how can I set up a new Docker image and replace the existing one later without taking a backup of the current data?

Here’s the configuration I’m currently using:

services:
  app:
    image: 'nginxproxymanager/nginx-proxy-manager-dev:pr-4169'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

I’d like to know if there are any additional settings required to update without losing data.
Thank you in advance for your help!

[jc21]

@HoBeom that looks correct. But this PR is about to be merged and released anyway

[ly2xing]

yay, thanks everybody!