Certbot could not request a new Cert via DNS Challenge via desec

[Brottus]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
    Version 2.9.19 (5920b0c) 2022-11-08 04:56:39 UTC, OpenResty 1.19.9.1, debian 10 (buster), Certbot certbot 2.1.0
• Have you searched for similar issues (both open and closed)?
  • Yes but never sure i searched correct way ;-)

Describe the bug
[Nginx ] › ℹ info Reloading Nginx
[SSL ] › ℹ info Requesting Let'sEncrypt certificates via deSEC for Cert #XX: XXXXXXXX
[SSL ] › ℹ info Command: mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo 'dns_desec_token = XXXXXXXXXXXXXXXXXXX
dns_desec_endpoint = https://desec.io/api/v1/' > '/etc/letsencrypt/credentials/credentials-XX' && chmod 600 '/etc/letsencrypt/credentials/credentials-XX' && pip install certbot-dns-desec~=0.3.0 && certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-XX" --agree-tos --email "XXXXXXX" --domains "XXXXXXX" --authenticator dns-desec --dns-desec-credentials "/etc/letsencrypt/credentials/credentials-X"
[Nginx ] › ℹ info Reloading Nginx
[Express ] › ⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-XX" --agree-tos --email "XXXXXXXXXXXXXX" --domains "XXXXXXXXXXX" --authenticator dns-desec --dns-desec-credentials "/etc/letsencrypt/credentials/credentials-XX"
An unexpected error occurred:
ModuleNotFoundError: No module named 'zope'
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-kkqcqy_0/log or re-run Certbot with -v for more details.
So when requesting a new cert via DNS challenge from desec i received this error and the request as such failed

Nginx Proxy Manager Version
v2.9.19

To Reproduce
Steps to reproduce the behavior:

1. Go to 'SSL Certificates'
2. Click on 'Add SSL Certificate'
3. Select DNS Challenge and chose desec as DNS Provider and fill out the token as shown in the box
4. See error in the logs of the container

Expected behavior
Certificate gets requested and saved accordingly or add for desec to the initial steps "pip install zope" so instead of "pip install certbot-dns-desec~=0.3.0" use instead "pip install certbot-dns-desec~=0.3.0 zope"

Additional context
I fixed the issue by adding the missing module inside the container via "pip install zope" and redo the steps

Suggested Solution
Please add the zope module to the docker image cause the next update will probably break it again. I'm not sure if all the parts are needed from zope or if a subset is sufficient but this was the quick way.
Thank you.

[AnID-Aux]

same here

[dormancygrace]

NginxProxyManager/docker-nginx-full#10

[joanfabregat]

Any news about this bug being fixed?

[AnID-Aux]

Workaround for me:
see what the container is called: docker-ps
join the Container: docker exec -it CONTAINERNAME /bin/bash
then run the following:
apt update && apt dist-upgrade
apt install python3 python3-venv libaugeas0
python3 -m venv /opt/certbot/
pip3 install --upgrade pip
pip3 install certbot==1.32.0 certbot-apache==1.32.0 acme==1.32.0
then exit the container: exit
renewing the cert in the web interface was successful

[joanfabregat]

@AnID-Aux Thanks a lot, worked like a charm for me

[AnID-Aux]

@joanfabregat you're welcome

[xuxintao]

Workaround for me: see what the container is called: docker-ps join the Container: docker exec -it CONTAINERNAME /bin/bash then run the following: apt update && apt dist-upgrade apt install python3 python3-venv libaugeas0 python3 -m venv /opt/certbot/ pip3 install --upgrade pip pip3 install certbot==1.32.0 certbot-apache==1.32.0 acme==1.32.0 then exit the container: exit renewing the cert in the web interface was successful

Thanks, this works for me.

[Brottus]

Hi Everyone,
just replying cause this seems still to be an issue for people. So as mentioned by @AnID-Aux you could revert back to certbot v1 as described or as mentioned by @LEDfan in the pull request #2507 just update the plugin to the latest version which has several checks to ensure that the zope package issue does not break the plugin. You could also try out to pull the docker image jc21/nginx-proxy-manager:github-pr-2507 which has that fix in place. Or as mentioned by me just install the zope package by your self.
Hope this gives everyone an idea what can be done to have working version until the fix get merged. Thanks.