Certbot: no dns plugins in the ubuntu PPA

Thanks for taking the time to check for existing issues first. I don't think there's an issue tracking this specifically.

Unfortunately, our PPA is maintained by @oerdnj who is a volunteer outside of the Certbot team. We've made multiple attempts to try and contact them about packaging these plugins but haven't gotten any response.

We're looking into alternative solutions to distributing Certbot so we can avoid problems like this in the future, but in the meantime, if you want to use the DNS plugins on Ubuntu, you'll need to run Certbot in Docker.

Thanks so much for the reply and the explanation.

I'm surprised @oerdnj is hard to reach. They seem active on github, they just merged this an hour ago!

I am sorry that I don’t have more time at the moment. Is the DNS plugin already packaged for Debian? That would make it much more easier to port to PPA.

@oerdnj, the major ones are packaged for Debian. See https://salsa.debian.org/letsencrypt-team/certbot?utf8=%E2%9C%93&filter=certbot-dns.

@oerdnj, over the past couple months I've found Debian and/or Ubuntu Core Developers who said there were able to help with Certbot packaging. If you'd be interested in working with them to maintain the PPA, please let me know and I'll put you in touch.

Sure, any help is appreciated.

Great. I'll reach out to them and send you an email making the introduction.

Let me know if you'd prefer I used something other than email.

Email is fine, but for ad-hoc communication something more responsive might be used.

OK. I sent you an email introducing you to the packagers who have offered to help. Let me know if there's anything else I can do on my end.

Looks like the first DNS plugins (Cloudflare, Digital Ocean, DNSimple, RFC2136, Route53) have made it to the PPA.

Nice work :)

Thanks for all the hard work making this happen. Any chance for the google one to make it to round two?

Any updates yet? I see some certbot-dns-*-doc packages have been released to the Ubuntu Xenial PPA, but the plugins themselves are not there yet.

I don't need the cloudflare or whatever plugin, but would be happy with a working --preferred-challenges dns command.

@cyril23, many of the DNS plugins are in the PPA. See https://github.com/certbot/certbot/issues/6053#issuecomment-408598860.

I cannot give an update when the others will be available, however, maybe @NCommander can.

@bmw Are you sure any DNS plugins are already available in the PPA? So far, I only see the documentation (-doc) in the PPA. Ubuntu 16 LTS with updates 3rd Sept 2018

~$ uname -a
    Linux rechner-VirtualBox 4.4.0-134-generic #160-Ubuntu SMP Wed Aug 15 14:58:00 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
~$ lsb_release -a
    No LSB modules are available.
    Distributor ID: Ubuntu
    Description:    Ubuntu 16.04.5 LTS
    Release:    16.04
    Codename:   xenial
~$ certbot --version
    certbot 0.26.1
~$ certbot plugins
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    * apache
    Description: Apache Web Server plugin - Beta
    Interfaces: IAuthenticator, IInstaller, IPlugin
    Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT

    * standalone
    Description: Spin up a temporary webserver
    Interfaces: IAuthenticator, IPlugin
    Entry point: standalone = certbot.plugins.standalone:Authenticator

    * webroot
    Description: Place files in webroot directory
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = certbot.plugins.webroot:Authenticator
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~$ sudo apt-get install python-certbot-dns-
    python-certbot-dns-cloudflare-doc    python-certbot-dns-dnsimple-doc      python-certbot-dns-route53-doc
    python-certbot-dns-digitalocean-doc  python-certbot-dns-rfc2136-doc       
~$ sudo apt-get install python-certbot-dns-*
    Paketlisten werden gelesen... Fertig
    Abhängigkeitsbaum wird aufgebaut.       
    Statusinformationen werden eingelesen.... Fertig
    Note, selecting 'python-certbot-dns-cloudflare-doc' for glob 'python-certbot-dns-*'
    Note, selecting 'python-certbot-dns-route53-doc' for glob 'python-certbot-dns-*'
    Note, selecting 'python-certbot-dns-digitalocean-doc' for glob 'python-certbot-dns-*'
    Note, selecting 'python-certbot-dns-dnsimple-doc' for glob 'python-certbot-dns-*'
    Note, selecting 'python-certbot-dns-rfc2136-doc' for glob 'python-certbot-dns-*'
    Die folgenden zusätzlichen Pakete werden Installiert
      fonts-font-awesome fonts-lato javascript-common libjs-jquery libjs-modernizr libjs-sphinxdoc libjs-underscore
      sphinx-rtd-theme-common
    Die folgenden NEUEN Pakete werden installiert:
      fonts-font-awesome fonts-lato javascript-common libjs-jquery libjs-modernizr libjs-sphinxdoc libjs-underscore
      python-certbot-dns-cloudflare-doc python-certbot-dns-digitalocean-doc python-certbot-dns-dnsimple-doc python-certbot-dns-rfc2136-doc
      python-certbot-dns-route53-doc sphinx-rtd-theme-common
    0 aktualisiert, 13 neu installiert, 0 zu entfernen und 22 nicht aktualisiert.
    Es müssen 3.818 kB an Archiven heruntergeladen werden.
    Nach dieser Operation werden 15,8 MB Plattenplatz zusätzlich benutzt.
    Möchten Sie fortfahren? [J/n] J
    Holen:1 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-certbot-dns-cloudflare-doc all 0.23.0-1ubuntu0ppa1~ubuntu16.04.1 [22,9 kB]
    Holen:2 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 fonts-lato all 2.0-1 [2.693 kB]
    Holen:3 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-certbot-dns-digitalocean-doc all 0.23.0-2ubuntu0ppa1~ubuntu16.04.1 [22,4 kB]
    Holen:4 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-certbot-dns-dnsimple-doc all 0.23.0-2ubuntu0ppa1~ubuntu16.04.1 [20,8 kB]
    Holen:5 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-certbot-dns-rfc2136-doc all 0.24.0-2ubuntu0ppa1~ubuntu16.04.1 [1.620 B]
    Holen:6 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-certbot-dns-route53-doc all 0.23.0-2+ubuntu16.04.1+certbot+1 [23,1 kB]
    Holen:7 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 fonts-font-awesome all 4.5.0~dfsg-1 [506 kB]
    Holen:8 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 javascript-common all 11 [6.066 B]
    Holen:9 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 libjs-jquery all 1.11.3+dfsg-4 [161 kB]
    Holen:10 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 libjs-underscore all 1.7.0~dfsg-1ubuntu1 [46,7 kB]
    Holen:11 http://de.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libjs-sphinxdoc all 1.3.6-2ubuntu1.2 [57,8 kB]
    Holen:12 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 libjs-modernizr all 2.6.2+ds1-1ubuntu1 [46,7 kB]
    Holen:13 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 sphinx-rtd-theme-common all 0.1.9-1 [210 kB]
    Es wurden 3.818 kB in 0 s geholt (5.055 kB/s).    
    Vormals nicht ausgewähltes Paket fonts-lato wird gewählt.
    (Lese Datenbank ... 213858 Dateien und Verzeichnisse sind derzeit installiert.)
    Vorbereitung zum Entpacken von .../fonts-lato_2.0-1_all.deb ...
    Entpacken von fonts-lato (2.0-1) ...
    Vormals nicht ausgewähltes Paket fonts-font-awesome wird gewählt.
    Vorbereitung zum Entpacken von .../fonts-font-awesome_4.5.0~dfsg-1_all.deb ...
    Entpacken von fonts-font-awesome (4.5.0~dfsg-1) ...
    Vormals nicht ausgewähltes Paket javascript-common wird gewählt.
    Vorbereitung zum Entpacken von .../javascript-common_11_all.deb ...
    Entpacken von javascript-common (11) ...
    Vormals nicht ausgewähltes Paket libjs-jquery wird gewählt.
    Vorbereitung zum Entpacken von .../libjs-jquery_1.11.3+dfsg-4_all.deb ...
    Entpacken von libjs-jquery (1.11.3+dfsg-4) ...
    Vormals nicht ausgewähltes Paket libjs-underscore wird gewählt.
    Vorbereitung zum Entpacken von .../libjs-underscore_1.7.0~dfsg-1ubuntu1_all.deb ...
    Entpacken von libjs-underscore (1.7.0~dfsg-1ubuntu1) ...
    Vormals nicht ausgewähltes Paket libjs-sphinxdoc wird gewählt.
    Vorbereitung zum Entpacken von .../libjs-sphinxdoc_1.3.6-2ubuntu1.2_all.deb ...
    Entpacken von libjs-sphinxdoc (1.3.6-2ubuntu1.2) ...
    Vormals nicht ausgewähltes Paket libjs-modernizr wird gewählt.
    Vorbereitung zum Entpacken von .../libjs-modernizr_2.6.2+ds1-1ubuntu1_all.deb ...
    Entpacken von libjs-modernizr (2.6.2+ds1-1ubuntu1) ...
    Vormals nicht ausgewähltes Paket sphinx-rtd-theme-common wird gewählt.
    Vorbereitung zum Entpacken von .../sphinx-rtd-theme-common_0.1.9-1_all.deb ...
    Entpacken von sphinx-rtd-theme-common (0.1.9-1) ...
    Vormals nicht ausgewähltes Paket python-certbot-dns-cloudflare-doc wird gewählt.
    Vorbereitung zum Entpacken von .../python-certbot-dns-cloudflare-doc_0.23.0-1ubuntu0ppa1~ubuntu16.04.1_all.deb ...
    Entpacken von python-certbot-dns-cloudflare-doc (0.23.0-1ubuntu0ppa1~ubuntu16.04.1) ...
    Vormals nicht ausgewähltes Paket python-certbot-dns-digitalocean-doc wird gewählt.
    Vorbereitung zum Entpacken von .../python-certbot-dns-digitalocean-doc_0.23.0-2ubuntu0ppa1~ubuntu16.04.1_all.deb ...
    Entpacken von python-certbot-dns-digitalocean-doc (0.23.0-2ubuntu0ppa1~ubuntu16.04.1) ...
    Vormals nicht ausgewähltes Paket python-certbot-dns-dnsimple-doc wird gewählt.
    Vorbereitung zum Entpacken von .../python-certbot-dns-dnsimple-doc_0.23.0-2ubuntu0ppa1~ubuntu16.04.1_all.deb ...
    Entpacken von python-certbot-dns-dnsimple-doc (0.23.0-2ubuntu0ppa1~ubuntu16.04.1) ...
    Vormals nicht ausgewähltes Paket python-certbot-dns-rfc2136-doc wird gewählt.
    Vorbereitung zum Entpacken von .../python-certbot-dns-rfc2136-doc_0.24.0-2ubuntu0ppa1~ubuntu16.04.1_all.deb ...
    Entpacken von python-certbot-dns-rfc2136-doc (0.24.0-2ubuntu0ppa1~ubuntu16.04.1) ...
    Vormals nicht ausgewähltes Paket python-certbot-dns-route53-doc wird gewählt.
    Vorbereitung zum Entpacken von .../python-certbot-dns-route53-doc_0.23.0-2+ubuntu16.04.1+certbot+1_all.deb ...
    Entpacken von python-certbot-dns-route53-doc (0.23.0-2+ubuntu16.04.1+certbot+1) ...
    Trigger für fontconfig (2.11.94-0ubuntu1.1) werden verarbeitet ...
    Trigger für doc-base (0.10.7) werden verarbeitet ...
    4 hinzugefügte Doc-base-Dateien wird verarbeitet...
    Fehler in »/usr/share/doc-base/python-certbot-dns-dnsimple-doc«, Zeile 10: alle »Format«-Abschnitte sind ungültig.
    Fehler in »/usr/share/doc-base/python-certbot-dns-cloudflare-doc«, Zeile 10: alle »Format«-Abschnitte sind ungültig.
    Fehler in »/usr/share/doc-base/python-certbot-dns-digitalocean-doc«, Zeile 10: alle »Format«-Abschnitte sind ungültig.
    Fehler in »/usr/share/doc-base/python-certbot-dns-route53-doc«, Zeile 10: alle »Format«-Abschnitte sind ungültig.
    Beachten Sie: »install-docs --verbose --check Dateiname« könnte weitere Einzelheiten über die vorhergehende Fehler ausgeben.
    fonts-lato (2.0-1) wird eingerichtet ...
    fonts-font-awesome (4.5.0~dfsg-1) wird eingerichtet ...
    javascript-common (11) wird eingerichtet ...
    apache2_invoke: Enable configuration javascript-common
    libjs-jquery (1.11.3+dfsg-4) wird eingerichtet ...
    libjs-underscore (1.7.0~dfsg-1ubuntu1) wird eingerichtet ...
    libjs-sphinxdoc (1.3.6-2ubuntu1.2) wird eingerichtet ...
    libjs-modernizr (2.6.2+ds1-1ubuntu1) wird eingerichtet ...
    sphinx-rtd-theme-common (0.1.9-1) wird eingerichtet ...
    python-certbot-dns-cloudflare-doc (0.23.0-1ubuntu0ppa1~ubuntu16.04.1) wird eingerichtet ...
    python-certbot-dns-digitalocean-doc (0.23.0-2ubuntu0ppa1~ubuntu16.04.1) wird eingerichtet ...
    python-certbot-dns-dnsimple-doc (0.23.0-2ubuntu0ppa1~ubuntu16.04.1) wird eingerichtet ...
    python-certbot-dns-rfc2136-doc (0.24.0-2ubuntu0ppa1~ubuntu16.04.1) wird eingerichtet ...
    python-certbot-dns-route53-doc (0.23.0-2+ubuntu16.04.1+certbot+1) wird eingerichtet ...
~$ certbot plugins

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    * apache
    Description: Apache Web Server plugin - Beta
    Interfaces: IAuthenticator, IInstaller, IPlugin
    Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT

    * standalone
    Description: Spin up a temporary webserver
    Interfaces: IAuthenticator, IPlugin
    Entry point: standalone = certbot.plugins.standalone:Authenticator

    * webroot
    Description: Place files in webroot directory
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = certbot.plugins.webroot:Authenticator
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~$ 

The DNS packages themselves start with python3-* as that's the naming scheme for Python modules on Debian, and are currently installable:

root@perdition:/# apt-get install python3-certbot-dns-*        
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'python3-certbot-dns-route53' for glob 'python3-certbot-dns-*'
Note, selecting 'python3-certbot-dns-rfc2136' for glob 'python3-certbot-dns-*'
Note, selecting 'python3-certbot-dns-digitalocean' for glob 'python3-certbot-dns-*'
Note, selecting 'python3-certbot-dns-dnsimple' for glob 'python3-certbot-dns-*'
Note, selecting 'python3-certbot-dns-cloudflare' for glob 'python3-certbot-dns-*'
The following additional packages will be installed:
  docutils-common libyaml-0-2 python3-acme python3-asn1crypto python3-boto3 python3-botocore python3-certbot python3-certifi python3-cffi-backend python3-chardet python3-cloudflare
  python3-configargparse python3-configobj python3-cryptography python3-dateutil python3-digitalocean python3-dnspython python3-docutils python3-funcsigs python3-future python3-idna
  python3-jmespath python3-josepy python3-jsonpickle python3-lexicon python3-mock python3-openssl python3-parsedatetime python3-pbr python3-pkg-resources python3-requests
  python3-requests-file python3-requests-toolbelt python3-rfc3339 python3-roman python3-six python3-tldextract python3-tz python3-urllib3 python3-yaml python3-zope.component
  python3-zope.event python3-zope.hookable python3-zope.interface sgml-base xml-core
Suggested packages:
  python-acme-doc python-certbot-doc python-configobj-doc python-cryptography-doc python3-cryptography-vectors texlive-latex-recommended texlive-latex-base texlive-lang-french
  fonts-linuxlibertine | ttf-linux-libertine docutils-doc python-funcsigs-doc python-future-doc python3-simplejson python3-numpy python-mock-doc python-openssl-doc python3-openssl-dbg
  python3-setuptools python3-socks sgml-base-doc debhelper
Recommended packages:
  certbot python3-pil python3-pygments libpaper-utils python3-softlayer python3-icu publicsuffix
The following NEW packages will be installed:
  docutils-common libyaml-0-2 python3-acme python3-asn1crypto python3-boto3 python3-botocore python3-certbot python3-certbot-dns-cloudflare python3-certbot-dns-digitalocean
  python3-certbot-dns-dnsimple python3-certbot-dns-rfc2136 python3-certbot-dns-route53 python3-certifi python3-cffi-backend python3-chardet python3-cloudflare python3-configargparse
  python3-configobj python3-cryptography python3-dateutil python3-digitalocean python3-dnspython python3-docutils python3-funcsigs python3-future python3-idna python3-jmespath
  python3-josepy python3-jsonpickle python3-lexicon python3-mock python3-openssl python3-parsedatetime python3-pbr python3-pkg-resources python3-requests python3-requests-file
  python3-requests-toolbelt python3-rfc3339 python3-roman python3-six python3-tldextract python3-tz python3-urllib3 python3-yaml python3-zope.component python3-zope.event
  python3-zope.hookable python3-zope.interface sgml-base xml-core
0 upgraded, 51 newly installed, 0 to remove and 19 not upgraded.
Need to get 549 kB/3933 kB of archives.
After this operation, 30.0 MB of additional disk space will be used.
Do you want to continue? [Y/n] 

I've had some things come up in real life and haven't been able to work on this further beside watching my inbox so no ETA on the remaining plugins.

Thanks for the python3-* tip, it should probably be updated in the docs.

Good idea! https://github.com/certbot/website/issues/362 was created to track updating our docs to use the python3- names.

python3-certbot-dns-google is in bionic, but not yet the PPA. (It's also in Debian upstream https://packages.debian.org/search?keywords=python3-certbot-dns-google). What can we do to help get it in the PPA so we can use the newest version?

Would love to see the Linode DNS plugin in the PPA as well: https://packages.debian.org/search?suite=default&section=all&arch=any&searchon=names&keywords=python3-certbot-dns-linode

Perhaps a newer build of certbot too (0.27.1)

Is there anything here that might be able to support running simple Bind 9 on our own hosted DNS servers? That would be a huge help!

Yes. The certbot-dns-rfc2136 is able to automate DNS challenges with bind. The docs for this plugin are available at https://certbot-dns-rfc2136.readthedocs.io/en/latest/.

Could you please add dns linode to the Cetbot PPA.

WIth the upcoming death of http-sni, getting more of these dns plugins available is slowly becoming more pressing

@karlp You're talking about tls-sni-01, right? https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209

I'd also really like to see these backported to Debian stretch, as buster won't be out for a few months at least, e.g. https://packages.debian.org/sid/python3-certbot-dns-digitalocean

Does the certbot team have any updates for this?

Unfortunately the situation is same since the last time we chimed in. Some of the DNS plugins are in the PPA, but many still are not.

The PPA is run by volunteers from Debian and Ubuntu and they haven't been able to find the time to get these packages built. If someone has experience with Ubuntu packaging and would be interested in helping them with this, please let me know.

Any way to get these wildcard certs working in Linode without resorting to a docker instance?

@bmw I'm happy to try and help. They are really simple packages to build (and we are building some in a private repo ourselves currently). Can you put me in touch with whomever is currently doing the PPA packaging, so we can try and help?

@oerdnj and @NCommander, I don't know @timwsuqld, but they've offered to help out with the PPA. What is the best way for them to do that? Should they set up a separate PPA and push the packages there for you to take a look at? Is there anything in particular you'd like them to clearly track any changes made from the packages in Debian?

I have a need to use the OVH DNS plugin on Ubuntu 18.04 LTS server. While following the official Certbot documentation I discovered the package is currently missing from the Ubuntu PPA. Although not ideal my workaround, for those also stuck in this situation, is the following sequence of commands:

sudo add-apt-repository ppa:certbot/certbot
sudo apt update
wget http://ftp.uk.debian.org/debian/pool/main/l/lexicon/python3-lexicon_3.0.8-1_all.deb
wget http://ftp.uk.debian.org/debian/pool/main/p/python-certbot-dns-ovh/python3-certbot-dns-ovh_0.31.0-1_all.deb
sudo apt install ./python3-lexicon_3.0.8-1_all.deb ./python3-certbot-dns-ovh_0.31.0-1_all.deb

This at least keeps the main Certbot components updated from the PPA. For the moment the OVH plugin and Lexicon module have to be manually updated from the Debian repository. Unless anyone has a better suggestion?

@McMichaeli thank you for this workaround, as the dns plugin is still missing.
For those who needs it, lexicon 3.0.8-1 is not available anymore, you need to use:
http://ftp.uk.debian.org/debian/pool/main/l/lexicon/python3-lexicon_3.0.8-2_all.deb

Any update regarding the OVH plugin?

Unfortunately no. We're really struggling to find Debian/Ubuntu developers to help us with issues like these.

If anyone is one and would like to help, please reach out, but otherwise I doubt this issue will be resolved for a while. Our priority with the PPA right now is just keeping the packages working and getting any security fixes applied while the core Certbot team works on an alternative approach to distributing Certbot that we can more easily control/maintain.

We've basically automated the builds for the packages we need. I then just manually upload the source debs to launchpad at https://launchpad.net/~suqld/+archive/ubuntu/certbot
I never heard back from @oerdnj @NCommander and we needed the Google DNS plugins for our deployments.

I'm happy to try and publish our Gitlab CI configs that we use to build the various plugins, the main obstacle is getting the build orders correct between stages. I'm not keen on building every plugin, as there is obviously still time required to keeping it working as the plugins are updated. Maybe if the official PPA guys let me know how to assist with keeping their pipeline going I can assist there?

For people coming here: @McMichaeli and @NicolasDuran posted working examples of how to deal with certbot on ovh. Here are the complete, up-to-date scripts:

sudo add-apt-repository ppa:certbot/certbot
sudo apt update
wget http://ftp.uk.debian.org/debian/pool/main/l/lexicon/python3-lexicon_3.0.8-2_all.deb
wget http://ftp.uk.debian.org/debian/pool/main/p/python-certbot-dns-ovh/python3-certbot-dns-ovh_0.31.0-1_all.deb
sudo apt install ./python3-lexicon_3.0.8-2_all.deb ./python3-certbot-dns-ovh_0.31.0-1_all.deb

@timwsuqld, thanks again for your offer to help.

Recently a new Ubuntu developer expressed interest in trying to help us with the PPA. I'll forward along your offer to them to see if there's a way you two could collaborate here.

Brand new Ubuntu 18 install this morning.
APT updated/upgraded. Certbot repo added per instructions site.
Repo only showing docs. Not found:

EDIT:
My fault - forgot to use 'python3-' for those plugins.

sudo apt install python3-certbot-dns-route53

Can you please add all the plugins (not just apache and nginx) to suggested packages so the filenames become more obvious? Or, why not just preface 'python3-' on all if it's python 3.x? Just confusing as-is. Why some without python-3? And some with? 'Doc' has no '3' but the actual plugin does? Hmm.

EDIT: Realized the solution I posted pulls a severely outdated version of the plugin, which doesn't support Linode API v4. So it won't actually work.

Hi, was running into issues trying to install python3-certbot-dns-linode and wanted to post my solution here in case others are still running into problems. This solution requires root access.

First, I added the debian repository to my web server:

sudo add-apt-repository 'deb http://ftp.us.debian.org/debian buster main'

I got warnings about missing public keys so I added them using apt-key:

 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <key>

Finally, I created a file under /etc/apt/preferences.d/ with the following content, to make sure none of my existing packages (which I want to keep on the versions specified by the linode mirrors) got updates by mistake:

Package: *
Pin: origin "ftp.us.debian.org"
Pin-Priority: 1

If I understood apt-preferences correctly, this tells apt to only look for packages in this repo if there is no other version already installed from a different repo.

This should work for any of the cerbot-dns packages

Just as an FYI, I'm actively working on getting all of these backported to each Ubuntu release, after which they will be published in the PPA, along with updated versions of the core certbot components. It shouldn't be too much longer.

Any update on whether this effort is still progressing? The PPA is still missing the following DNS plugins:

certbot-dns-dnsmadeeasy
certbot-dns-linode
certbot-dns-luadns
certbot-dns-nsone
certbot-dns-ovh

U20.04. https://certbot.eff.org/docs/using.html#dns-plugins

~$ sudo apt-get install python3-certbot-dns-dnsmadeeasy
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package python3-certbot-dns-dnsmadeeasy

Whats available as of today:
~$ sudo apt-get install python3-certbot-
python3-certbot-apache python3-certbot-dns-linode
python3-certbot-dns-cloudflare python3-certbot-dns-ovh
python3-certbot-dns-digitalocean python3-certbot-dns-rfc2136
python3-certbot-dns-dnsimple python3-certbot-dns-route53
python3-certbot-dns-gandi python3-certbot-dns-sakuracloud
python3-certbot-dns-gehirn python3-certbot-nginx
python3-certbot-dns-google

Please add DNS Made Easy.

Thanks!

Any updates on DNS Made Easy @bmw ?

Still looking for certbot-dns-linode. This is what I see in Ubuntu 18.04.4 LTS:

$ sudo apt-get install python3-certbot-dns-linode
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package python3-certbot-dns-linode

Hi everyone - the latest version of certbot and the DNS plugins are now available as snaps. I realize this may not be a solution for everyone, but I think for the most common use case (install and autorenew/forget) this pretty much solves all issues. Installing certbot on Ubuntu via snapd is simple and painless, and finally lives up to the ease-of-use promises made by the documentation.

See the announcement here: https://community.letsencrypt.org/t/dns-plugins-now-available-as-snaps/131453

Awesome to hear. Appreciate the resolution, even after such a long wait.

Awesome to hear. Appreciate the resolution, even after such a long wait.

I'm not a contributor to the project, although I've been waiting for this myself so I wanted to make sure everyone was aware of it as soon as it was announced. But @bmw and @ohemorange deserve the kudos for making this happen.

Thanks for the kind words @ErikSwan. There were many people who worked on the Certbot snaps.

We're deprecating the PPA with the plan to make use of Certbot's SRU exception so I'm closing this issue.