I made a wildcard manually and want to change it to use this plugin, is that possible?
I have tried a --dry-run renew which seems to work when i lower the dns-propagate time, but not sure if it will be saved if i renew as i have never done it before and i can't find that much information on it.

What is the correct way to specify the credentials location in the renewal file?

The project should use type hints in all Python code. mypy should be used in GitHub Actions to verify that type hints are correctly used everywhere.

More tests should be added, and they should be run on push in GitHub Actions.

As an added bonus, code coverage should be measured and enforced in GitHub Actions as well.

The test.sh script should be moved to scripts folder to be more consistent and future proofed.

unrecognized arguments: --certbot-loopia

I try to run certbot --certbot-loopia

Hi Runfalk,

Thank you for great work with the loopia authenticator. I'm using it for wild-card domains and it is working very well for manual renewal. However, I'm having significant issues getting it working for automatic renewal of wild-card domains.

The manual renewal works well using the following command:

certbot certonly --authenticator certbot-loopia:auth --preferred-challenges=dns-01 --email [email protected] --certbot-loopia:auth-credentials /etc/letsencrypt/credentials.ini --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.myDOMAIN.se.

However, when I try to set it up automatically using a "/etc/letsencrypt/renewal/myDOMAIN.se.conf configuration file, I run into complications. I cannot get it to identify the "certbot-loopia:auth-credentials" argument. I have tried the different wording in the readme on this from ""certbot_loopia:auth_credentials", "certbot-loopia:credentials" and "certbot_loopia:credentials" but I always get errors looking at journalctl -u certbot-renewal.service

The error is:
Renewal configuration file /etc/letsencrypt/renewal/myDOMAIN.conf (cert: myDOMAIN.se) produced an unexpected error: 'Namespace' object has no attribute 'certbot_loopia:auth_credentials'. Skipping

My myDOMAIN.conf file looks like this:

# renew_before_expiry = 30 days
version = 0.28.0
archive_dir = /etc/letsencrypt/archive/myDOMAIN.se
cert = /etc/letsencrypt/live/myDOMAIN.se/cert.pem
privkey = /etc/letsencrypt/live/myDOMAIN.se/privkey.pem
chain = /etc/letsencrypt/live/myDOMAIN.se/chain.pem
fullchain = /etc/letsencrypt/live/myDOMAIN.se/fullchain.pem

# Options used in the renewal process
[renewalparams]
authenticator = certbot-loopia:auth
certbot-loopia:auth-credentials = /etc/letsencrypt/credentials.ini
account = d98eab539ee4f9765ac7d4b473edad3f
pref_challs = dns-01,
server = https://acme-v02.api.letsencrypt.org/directory

I'm running this in a minimal container running Debian 9 and Nginx.

Thank you for the help and a great tool!

Got a warning about
Plugin legacy name certbot-loopia:auth may be removed in a future version. Please use auth instead.
but it seems to work for now anyhow.

>     --authenticator certbot-loopia:auth \
>     --certbot-loopia:auth-credentials credentials.ini \
>     -d my.domain.name
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugin legacy name certbot-loopia:auth may be removed in a future version. Please use auth instead.
Plugins selected: Authenticator certbot-loopia:auth, Installer None
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel):

certbot version: 1.9.0
os: ubuntu 20.04.1

certbot-loopia==0.2.0
loopialib==0.2.0

As of 2021, certbot has deprecated its dependencies towards zope, and it should no longer be used by plugins.

See certbot/certbot#8835

The following commit removed zope from the official DNS authenticator plugins: certbot/certbot@979e21d

It would be really nice to have a snap package for this but this was the feedback from Snap Store

2021-10-26
A comment has been made on the registration request of "certbot-dns-loopia".

The reviewer provided the following comment:

Hi there,

The name was registered a few months ago by another user. Snap names are granted on a first-come, first-served basis. That said, the other user has not published any builds, so I have reached out to see if they agree to transfer the snap name to you. I'll keep you posted.

Py3.6 was EOL on 23 Dec 2021 so that should be dropped from tests and setup.py classifiers.
Make sure 3.10 is enabled instead.

Hej igen,

unfortunately I am getting this error.

Complete output:

An unexpected error occurred:
ImportError: No module named dns_resolver
Please see the logfile '/tmp/tmphBMytf' for more details.

/tmp/tmphBMytf

2017-06-05 19:27:46,859:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 9, in <module>
    load_entry_point('certbot==0.14.2', 'console_scripts', 'certbot')()
  File "build/bdist.linux-armv7l/egg/certbot/main.py", line 722, in main
    plugins = plugins_disco.PluginsRegistry.find_all()
  File "build/bdist.linux-armv7l/egg/certbot/plugins/disco.py", line 193, in find_all
    plugin_ep = PluginEntryPoint(entry_point)
  File "build/bdist.linux-armv7l/egg/certbot/plugins/disco.py", line 40, in __init__
    self.plugin_cls = entry_point.load()
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2190, in load
    ['__name__'])
  File "/home/openhabian/certbot-loopia/certbot_loopia.py", line 7, in <module>
    from acme.dns_resolver import DNS_AVAILABLE
ImportError: No module named dns_resolver

Any ideas? I see that your initial commits did not have this line #7 and instead relied on your loopialib.

Include tests in lint

The version history bloats the README file. The version history should be located under the Releases tab in GitHub instead.

On addZoneRecord and others the field customer_number is required if you are using a reseller account according to the documentation https://www.loopia.se/api/addzonerecord/

Would perhaps be nice to support it.

loopialib is used today to send API requests towards Loopia, but to streamline this project a bit we should create a minimal Loopia client inside this repo that only has the capabilities needed to perform the DNS challenge.

The motivation for this is that is makes it easier for us to maintain this project since all changes related to the Loopia API and how we want to use it can be performed directly in this repo. We also avoid getting obsolete transitive dependencies from loopialib.

It is also more in line with the official certbot DNS plugins (see the digitalocean plugin for example).

Using this plugin for certbot and seems to work perfectly.

Had some issues figuring out what permissions i was supposed to use for the Loopia API user.
Think in the end i added all the Subdomain and all the record (Create/delete/read) permssions.

If possible, add to readme the exact permissions being used by the script.

Also, thanks for publishing your work!

I have tested the plugin using Python 3.10, but we should add explicit support for it in setupy.py.

Hej,

I'm trying to install this on my Raspberry PI 3 (raspbian).

I keep on getting Compiler Error: Segmentation fault
downloading the dependency cffi.

Are you using this on an rpi?

From Loopia mail 2022-02-11
Den 23 februari 2022 kommer vi att uppgradera våra servrar och förbättra LoopiaAPI
Translated by Google
On February 23, 2022, we will upgrade our servers and improve LoopiaAPI
Will there be any update of the excellent certbot-dns-loopia?
addZoneRecord XML response:
<?xml version="1.0" encoding="UTF-8"?> <methodResponse><fault><value><struct><member><name>faultCode</name><value><int>623</int></value></member><member><name>faultString</name><value><string>Calling parameters do not match signature</string></value></member></struct></value></fault></methodResponse>

PS
Sorry, I'm not using this but it would be great if if could with the new LoopiaAPI

Today, loopialib is used for this, but to future-proof we should use a well-maintained third-party lib to perform this task.

This is also a part of removing the loopialib dependency entirely as suggested in #29

Getting this error:

Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 7, in <module>
    from certbot.main import main
  File "/usr/local/lib/python3.5/dist-packages/certbot/main.py", line 11, in <module>
    from acme import jose
  File "/usr/local/lib/python3.5/dist-packages/acme/jose/__init__.py", line 37, in <module>
    from acme.jose.interfaces import JSONDeSerializable
  File "/usr/local/lib/python3.5/dist-packages/acme/jose/interfaces.py", line 9, in <module>
    from acme.jose import util
  File "/usr/local/lib/python3.5/dist-packages/acme/jose/util.py", line 5, in <module>
    import OpenSSL
  File "/usr/local/lib/python3.5/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/local/lib/python3.5/dist-packages/OpenSSL/SSL.py", line 115, in <module>
    if _lib.Cryptography_HAS_SSL_ST:
AttributeError: module 'lib' has no attribute 'Cryptography_HAS_SSL_ST'

Not sure if I'm doing something wrong or if there's actually something missing.

Get an error running certbot -a certbot-loopia:credentials
But running certbot -a certbot-loopia:auth is valid.

Also, how to predefine credentials.ini locations?

Having issues getting this plugin to work. I installed certbot according to instructions on their website for Ubuntu 18 LTS. Then I installed pip3 with apt install python3-pip. Then I installed your plugin with pip3 install certbot-dns-loopia as root.

Getting the following error:

certbot certonly --authenticator dns-loopia --dns-loopia-credentials loopia-credentials.ini -d *.domain.com
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --dns-loopia-credentials loopia-credentials.ini

whereis certbot
certbot: /usr/bin/certbot /usr/local/bin/certbot /snap/bin/certbot

which certbot
/usr/local/bin/certbot

certbot --version
certbot 1.20.0

/usr/local/bin/certbot --version
An unexpected error occurred:
pkg_resources.ContextualVersionConflict: (cryptography 2.1.4 (/usr/lib/python3/dist-packages), Requirement.parse('cryptography>=3.3'), {'PyOpenSSL'})
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmppkmv0dph/log or re-run Certbot with -v for more details.

/usr/bin/certbot --version
certbot 1.20.0

It appears that certbot does not recognize the plugin as installed:

certbot certonly --authenticator dns-loopia -d *.domain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested dns-loopia plugin does not appear to be installed

And if I try to remove all installations of certbot and only install using pip (apt install python-pip) I get this error:

pip install certbot-dns-loopia
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
WARNING: The directory '/home/<REDACTED>/.cache/pip' or its parent directory is not owned or is not writable by the current user. The cache has been disabled. Check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
ERROR: Could not find a version that satisfies the requirement certbot-dns-loopia (from versions: none)
ERROR: No matching distribution found for certbot-dns-loopia

Any help getting this to work greatly appreciated.

So Python 2 is nearing EOL :/
Thus i now installed Python 3 and made a fresh install of certbot and also this sweet certbot plugin! :D

But now i am greeted by "Plugin legacy name certbot-loopia:auth may be removed in a future version. Please use auth instead.".
Is there a possibility that you will update your plugin for this?

Thanks !