dehydrated doesn't call le-godaddy-dns Python hook #242

New Issue

adam · 2025-12-29T01:19:39+01:00

adam commented

2025-12-29 01:19:39 +01:00

Originally created by @roschler on GitHub (Aug 12, 2017).

I have dehydrated and the le-godaddy-dns Python configured on my system. But I don't think dehydrated is calling the hook nor does it throw any error messages. Here is my command line:

./dehydrated --config /home/user9/config  --hook /home/user9/le-godaddy-dns/godaddy.py --cron

When I run this in my bash script that sets the GoDaddy production key and secret, it immediately returns with the usual message about registering first. I already have registered and I see my account in the account directory. Also if I run the register command again it tells me that I am already registered.

As an additional test, I ran the godaddy.py script directly from the command line. It immediately throws an error message telling me the GoDaddy key/secret can't be found. This is of course because I am running it outside my script that exports those variables and then launches dehydrated with the le-godaddy-dns hook.

As a final test I ran the dehydrated command line shown above outside of the script that sets the GoDaddy key/secret. There were no error messages complaining about the key/secret not being found. There weren't any error messages at all, just the reminder to be registered and the info message saying that the output should tell me where my certs are. There was no such output. Also, I triple-checked the certs directory set in my config file and it is empty. As I said, I don't believe the Python hook script is being run at all.

My belief is that the hook is not being run and dehydrated is failing silently. What can I do to fix this?

Originally created by @roschler on GitHub (Aug 12, 2017). I have dehydrated and the le-godaddy-dns Python configured on my system. But I don't think dehydrated is calling the hook nor does it throw any error messages. Here is my command line: ./dehydrated --config /home/user9/config --hook /home/user9/le-godaddy-dns/godaddy.py --cron When I run this in my bash script that sets the GoDaddy production key and secret, it immediately returns with the usual message about registering first. I already have registered and I see my account in the account directory. Also if I run the register command again it tells me that I am already registered. As an additional test, I ran the godaddy.py script directly from the command line. It immediately throws an error message telling me the GoDaddy key/secret can't be found. This is of course because I am running it outside my script that exports those variables and then launches dehydrated with the le-godaddy-dns hook. As a final test I ran the dehydrated command line shown above outside of the script that sets the GoDaddy key/secret. **There were no error messages complaining about the key/secret not being found**. There weren't any error messages at all, just the reminder to be registered and the info message saying that the output should tell me where my certs are. There was no such output. Also, I triple-checked the certs directory set in my config file and it is empty. As I said, I don't believe the Python hook script is being run at all. My belief is that the hook is not being run and dehydrated is failing silently. What can I do to fix this?

adam closed this issue

2025-12-29 01:19:39 +01:00

adam commented

2025-12-29 01:19:40 +01:00

@roschler commented on GitHub (Aug 12, 2017):

It looks like the actual accounts directory and the directories where dehydrated looks for the accounts directory got out of sync somehow. I figured this out after I sprinkled variable dump ECHO statements in the dehydrated script until I sussed out the problem. It might be helpful to add the line "'accounts' directory not found. If you already registered make sure your accounts directory is <put expected places here", so that people know the reason they are seeing the register reminder is because the script can't find that directory.

Unfortunately I'm now getting the following error during the le-godaddy-dns hook execution. I'll post a full help request on the le-godaddy-dns forum:

{'message': 'The given domain is not registered, or does not have a zone file', 'name': '_Class', 'code': 'UNKNOWN_DOMAIN'}

@roschler commented on GitHub (Aug 12, 2017): It looks like the actual accounts directory and the directories where dehydrated looks for the accounts directory got out of sync somehow. I figured this out after I sprinkled variable dump ECHO statements in the dehydrated script until I sussed out the problem. It might be helpful to add the line "'accounts' directory not found. If you already registered make sure your accounts directory is <put expected places here", so that people know the reason they are seeing the register reminder is because the script can't find that directory. Unfortunately I'm now getting the following error during the le-godaddy-dns hook execution. I'll post a full help request on the le-godaddy-dns forum: {'message': 'The given domain is not registered, or does not have a zone file', 'name': '_Class', 'code': 'UNKNOWN_DOMAIN'}

adam commented

2025-12-29 01:19:41 +01:00

@roschler commented on GitHub (Aug 12, 2017):

I'm hitting all the speed bumps. That error occurred because I was adding the "www" form of the domain name and it turns out that domain did not have a "www" DNS entry. The error went away when I altered domains.txt and only submitted the non-www domain name (no sub-domain at all).

Unfortunately I am now getting the error below from dehydrated (note, there is no "rate limiting" error message). I don't know how to decipher the "wrong tag" error messages shown below:

Signing domains...
Generating private key...
Generating signing request...
Requesting challenge for gotchatbot.com...
Already validated!
Requesting certificate...
Checking certificate...
ERROR: failed to run x509 -text (Exitcode: 1)
Details:
unable to load certificate
140583927391904:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1338:
140583927391904:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:390:Type=X509
140583927391904:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:

@roschler commented on GitHub (Aug 12, 2017): I'm hitting all the speed bumps. That error occurred because I was adding the "www" form of the domain name and it turns out that domain did not have a "www" DNS entry. The error went away when I altered domains.txt and only submitted the non-www domain name (no sub-domain at all). Unfortunately I am now getting the error below from dehydrated (note, there is no "rate limiting" error message). I don't know how to decipher the "wrong tag" error messages shown below: Signing domains... Generating private key... Generating signing request... Requesting challenge for gotchatbot.com... Already validated! Requesting certificate... Checking certificate... ERROR: failed to run x509 -text (Exitcode: 1) Details: unable to load certificate 140583927391904:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1338: 140583927391904:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:390:Type=X509 140583927391904:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:

adam commented

2025-12-29 01:19:41 +01:00

@lukas2511 commented on GitHub (Aug 12, 2017):

Are you running dehydrated from the debian repositories? Can you try the latest master version?

@lukas2511 commented on GitHub (Aug 12, 2017): Are you running dehydrated from the debian repositories? Can you try the latest master version?

adam commented

2025-12-29 01:19:42 +01:00

@roschler commented on GitHub (Aug 12, 2017):

I cloned the dehydrated repository directly.

Do you know where those errors are coming from? As far as I can tell, dehydrated is a shell script yes? The errors are coming from C source (e.g. - tasn_dec.c) so what "entity" is responsible for those messages?

@roschler commented on GitHub (Aug 12, 2017): I cloned the dehydrated repository directly. Do you know where those errors are coming from? As far as I can tell, dehydrated is a shell script yes? The errors are coming from C source (e.g. - tasn_dec.c) so what "entity" is responsible for those messages?

adam commented

2025-12-29 01:19:42 +01:00

@lukas2511 commented on GitHub (Aug 13, 2017):

Those errors are coming from openssl, can you post the output of dehydrated --version? Ideally close this ticket (I don't give support for hook scripts, especially not those made by others) and create a new one with a better title and more details on what exactly you are doing. Without any information I'll not be able to debug that openssl error.

Also the "problem" you have with the accounts directory is actually a feature, by default it's always looking next to the config file, and if you temporarily create a file somewhere else and try to use it the script will also change location for the accounts directory. This is documented behavior and I will not add warnings for something like that.

@lukas2511 commented on GitHub (Aug 13, 2017): Those errors are coming from openssl, can you post the output of `dehydrated --version`? Ideally close this ticket (I don't give support for hook scripts, especially not those made by others) and create a new one with a better title and more details on what exactly you are doing. Without any information I'll not be able to debug that openssl error. Also the "problem" you have with the accounts directory is actually a feature, by default it's always looking next to the config file, and if you temporarily create a file somewhere else and try to use it the script will also change location for the accounts directory. This is documented behavior and I will not add warnings for something like that.

adam referenced this issue

2025-12-29 01:29:02 +01:00

[PR #242] [MERGED] Introduce per cert configuration directory DOMAINS_D #765

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#242