Bug#1038920: python3-certbot-dns-gandi: Update from Debian 11 -> 12 leaves certificate updates broken

Norbert Preining Thu, 22 Jun 2023 23:24:14 -0700

Package: python3-certbot-dns-gandi
Version: 1.4.3-1
Severity: serious

Dear Maintainer,


with the update of certbot and the DNS Gandi plugin, the command line
arguments for requesting a certificate have changed.

This is not taken into account during upgrade, which left all domains
that are normally being renewed via the gandi plugin broken.

Above that, no warning email was sent to the admin user about this problem.

The letsencrypt.log file contains

2023-06-18 00:49:00,298:ERROR:certbot._internal.renewal:Renewal configuration 
file /etc/letsencrypt/renewal/SOOME.DOMAIN.conf (cert: SOME.DOMAIN) produced an 
unexpected error: 'Namespace' object has no attribute 
'certbot_plugin_gandi:dns_credentials'. Skipping.
2023-06-18 00:49:00,302:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 501, 
in handle_renewal_request
    renewal_candidate = _reconstitute(lineage_config, renewal_file)
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 103, 
in _reconstitute
    _restore_plugin_configs(config, renewalparams)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 173, 
in _restore_plugin_configs
    if config_item.startswith(plugin_prefix + "_") and not 
cli.set_by_cli(config_item):
                                                           
^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/cli/__init__.py", line 
489, in set_by_cli
    if not isinstance(getattr(detector, var), _Default):
                      ^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'Namespace' object has no attribute 
'certbot_plugin_gandi:dns_credentials'


Solution is to run **once** per domain the correct renew line
        certbot certonly --authenticator dns-gandi --dns-gandi-credentials 
/etc/letsencrypt/gandi/gandi.ini -d SOME.DOMAIN

Best regards

Norbert

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'oldstable-updates'), (500, 
'oldstable-security'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-certbot-dns-gandi depends on:
ii  certbot                                  2.1.0-4
ii  python3                                  3.11.2-1+b1
ii  python3-certbot [python3-certbot-abi-2]  2.1.0-4
ii  python3-requests                         2.28.1+dfsg-1

python3-certbot-dns-gandi recommends no packages.

python3-certbot-dns-gandi suggests no packages.

-- no debconf information

Bug#1038920: python3-certbot-dns-gandi: Update from Debian 11 -> 12 leaves certificate updates broken

Reply via email to