access_token cannot be found

[gdog2u]

I've tried everything I can think of to get this working. This included modifying dns_google_domains.py to dump the contents of the ConfigObj, where I can see that there is a value for "access_token", and it still did not find it.

Command I'm running

certbot certonly --authenticator 'dns-google-domains' --dns-google-domains-credentials '/var/lib/letsencrypt/dns_google_domains_credentials.ini' -d "diablo-ii.zip"

Output

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-google-domains, Installer None
Requesting a certificate for diablo-ii.zip
Performing the following challenges:
dns-01 challenge for diablo-ii.zip
Cleaning up challenges
/var/lib/letsencrypt/dns_google_domains_credentials.ini: access_token was not found in the configuration for Google Domains.

Versions

This is on Debian 5.10.179-1 (2023-05-12) x86_64 GNU/Linux and Python 3.9.2

$ pip3 show certbot certbot-dns-google-domains
Name: certbot
Version: 2.6.0
Summary: ACME client
Home-page: https://github.com/letsencrypt/letsencrypt
Author: Certbot Project
Author-email: [email protected]
License: Apache License 2.0
Location: /usr/local/lib/python3.9/dist-packages
Requires: josepy, parsedatetime, distro, pyrfc3339, acme, configobj, pytz, cryptography, setuptools, ConfigArgParse
Required-by: certbot-dns-google-domains
---
Name: certbot-dns-google-domains
Version: 0.1.11
Summary: Certbot DNS authenticator for Google Domains
Home-page: None
Author: Amir Omidi
Author-email: [email protected]
License: Apache 2.0
Location: /usr/local/lib/python3.9/dist-packages
Requires: dataclasses-json, publicsuffixlist, certbot, zope.interface

Config file

My config file is at the location shown in the command, and has the following contents, per this repo's README. I have the two lines there to see if that would fix the issue, but it did not.

$ cat /var/lib/letsencrypt/dns_google_domains_credentials.ini
access_token = <api token>
dns_google_domain_access_token = <same api token>
dns_google_domains_zone = diablo-ii.zip

letsencrypt.log

The log file in total is 12kb, let me know if you want it, and which parts.

Dumping ConfigObj

$ certbot certonly  --authenticator 'dns-google-domains' --dns-google-domains-credentials '/var/lib/letsencrypt/dns_google_domains_credentials.ini' -d "diablo-ii.zip" -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-google-domains, Installer None
Requesting a certificate for diablo-ii.zip
Performing the following challenges:
dns-01 challenge for diablo-ii.zip
{'confobj': ConfigObj({'access_token': '<api token>', 'dns_google_domain_access_token': '<same api token>', 'dns_google_domains_zone': 'diablo-ii.zip'}), 'mapper': <bound method Plugin.dest of <certbot_dns_google_domains.dns_google_domains.Authenticator object at 0x7f7b96637d30>>}
Cleaning up challenges
An unexpected error occurred:
Exception: Intentionally killed here

[aaomidi]

I'm wondering if it's potentially a permission issue on that credentials file?

[gdog2u]

I was getting a warning that the credentials was world readable, but I changed the permissions to 660, and the warning went away. This error of the access token was happening before and after this change. I'm running this as root, so permissions shouldn't be a concern, right?

[aaomidi]

No it probably shouldn't. I mean this is odd. Like we have that command running in our unit tests and it's been issuing just fine. Hmm

[aaomidi]

dns_google_domain_access_token =

It should be

dns_google_domains_access_token = <same api token>