Update DomainOffensive certbot plugin #4235
Conversation
|
@DFS-90 Hi/Grüße! As this is my first contribution to the repo and you beeing the initial contributor on the DomainOffensive certbot i would love your feedback on this. This is also a "for your information" for you personally. That said, for everyone: I currently have no environment to test the changes and would appreciate any feedback on this. |
|
Docker Image for build 1 is available on Note: ensure you backup your NPM instance before testing this image! Especially if there are database changes |
|
@FabianK3 are you able to use the docker image mentioned to conduct your tests? |
jc21
added
the
requires-verification
|
@jc21 I currently have no domain/service on hand to end-to-end test the provider, deploying/testing the image isn't the issue for me. I might be able to do it at the end of the year, but i can't promise that at the moment. |
|
Can I ask then, why do you want to update this dns plugin when you don't use it? |
|
@jc21 Perhaps i didn't put it clearly enough! As for why i updated the provider: I am sure the current provider implementation does what it is supposed to do. From a conversation with the do.de provider support i was informed that they do provide an API and linked me to their certbot implementation. I then realized it was a new fork in their name of the current provider used in NPM and my thought was it may be more future-proof to use their own fork instead of the current should any changes arise in the future. Tl;dr: I have relations to do.de and i like to give back to this project. :) (Merry Christmas!) |
|
Ok great I'll wait for you (or someone) to test it then. If you would like CI to rebuild the PR docker image for you, simply leave a comment here with only this text in the body: |
|
I guess no one wants to test it. I'll release it and wait for complaints. |
|
I found this PR today because it breaks renewal for all existing certificates using this provider. sed -i 's/dns-do$/dns-domainoffensive/g' /etc/letsencrypt/renewal/*.conf
sed -i 's/dns_do_credentials/dns_domainoffensive_credentials/g' /etc/letsencrypt/renewal/*.conf
sed -i 's/dns_do_api_token/dns_domainoffensive_api_token/g' /etc/letsencrypt/credentials/credentials-*Also I assume it won't even work for new ones since the |
Perhaps another approach would've been wiser. 😁 |
|
Perhaps instead of reverting it, we could just add the fix from @chindocaine ? |
|
I also don't know if it would be possible to run the above mentioned fixes for the renewal in an automated way. I'm also not quite sure what would be the better way to go, revert the change (some people, including me, might have modified their config already, so for them it would break again) or keep it and hope that everyone who is affected by it will find this thread to know how to fix it. Anyway, if we keep the new plugin, at least the config should be fixed to use |
In NginxProxyManager#4235 the certbot plugin for do.de (Domain Offensive) was updated to use the more official version. One necessary line modification was missed, resulting in an error when creating a new certificate.
Summary
This PR replaces the current DomainOffensive (do.de) cert bot with the new official version.
The current do certbot repo has been forked by DomainOffensive and seems to be the official bot now.
Changes
Basically i have replaced the current certbot-dns-plugins config with the new repository and python package.
Looking into the new repository of DomainOffensive, i don't see any new additions or changes, yet i think using the official certbot seems to be a good thing for future versions.