search

dlapiduz / certbot-s3front

Certbot CLI plugin for S3/CloudFront validation and installation
MIT License
584 stars 70 forks source link

Connection to IAM fails #46

Closed marko-tuononen closed 6 years ago

marko-tuononen commented 7 years ago

I have setup certbot-s3front and everything on AWS side as per instructions. While executing command from the "How to use it" section (using my own credentials, etc)

certbot --agree-tos -a certbot-s3front:auth \
--certbot-s3front:auth-s3-bucket tuononen.eu \
--certbot-s3front:auth-s3-region eu-west-1 \
-i certbot-s3front:installer \
--certbot-s3front:installer-cf-distribution-id <<REMOVED>>  \
-d tuononen.eu

I receive the following error:

Found credentials in environment variables.
Starting new HTTPS connection (1): iam.Ireland.amazonaws.com
Starting new HTTPS connection (2): iam.Ireland.amazonaws.com
Starting new HTTPS connection (3): iam.Ireland.amazonaws.com
Starting new HTTPS connection (4): iam.Ireland.amazonaws.com
Starting new HTTPS connection (5): iam.Ireland.amazonaws.com
An unexpected error occurred:
EndpointConnectionError: Could not connect to the endpoint URL: "https://iam.Ireland.amazonaws.com/"
Please see the logfiles in /var/log/letsencrypt for more details.

From /var/log/letsencrypt/letsencrypt.log

2017-03-05 12:33:43,233:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/certbot/client.py", line 389, in deploy_certificate
    fullchain_path=fullchain_path)
  File "/usr/local/lib/python2.7/dist-packages/certbot_s3front/installer.py", line 67, in deploy_cert
    CertificateChain=chain
  File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 253, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 530, in _make_api_call
    operation_model, request_dict)
  File "/usr/local/lib/python2.7/dist-packages/botocore/endpoint.py", line 141, in make_request
    return self._send_request(request_dict, operation_model)
  File "/usr/local/lib/python2.7/dist-packages/botocore/endpoint.py", line 170, in _send_request
    success_response, exception):
  File "/usr/local/lib/python2.7/dist-packages/botocore/endpoint.py", line 249, in _needs_retry
    caught_exception=caught_exception, request_dict=request_dict)
  File "/usr/local/lib/python2.7/dist-packages/botocore/hooks.py", line 227, in emit
    return self._emit(event_name, kwargs)
  File "/usr/local/lib/python2.7/dist-packages/botocore/hooks.py", line 210, in _emit
    response = handler(**kwargs)
  File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 183, in __call__
    if self._checker(attempts, response, caught_exception):
  File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 251, in __call__
    caught_exception)
  File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 277, in _should_retry
    return self._checker(attempt_number, response, caught_exception)
  File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 317, in __call__
    caught_exception)
  File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 223, in __call__
    attempt_number, caught_exception)
  File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 359, in _check_caught_exception
    raise caught_exception
EndpointConnectionError: Could not connect to the endpoint URL: "https://iam.Ireland.amazonaws.com/"

2017-03-05 12:33:43,233:DEBUG:certbot.error_handler:Calling registered functions
2017-03-05 12:33:43,233:DEBUG:certbot.reporter:Reporting to user: Unable to install the certificate
2017-03-05 12:33:43,234:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 11, in <module>
    sys.exit(main())
  File "/usr/local/lib/python2.7/dist-packages/certbot/main.py", line 896, in main
    return config.func(config, plugins)
  File "/usr/local/lib/python2.7/dist-packages/certbot/main.py", line 613, in run
    _install_cert(config, le_client, domains, new_lineage)
  File "/usr/local/lib/python2.7/dist-packages/certbot/main.py", line 478, in _install_cert
    path_provider.cert_path, path_provider.chain_path, path_provider.fullchain_path)
  File "/usr/local/lib/python2.7/dist-packages/certbot/client.py", line 389, in deploy_certificate
    fullchain_path=fullchain_path)
  File "/usr/local/lib/python2.7/dist-packages/certbot_s3front/installer.py", line 67, in deploy_cert
    CertificateChain=chain
  File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 253, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 530, in _make_api_call
    operation_model, request_dict)
  File "/usr/local/lib/python2.7/dist-packages/botocore/endpoint.py", line 141, in make_request
    return self._send_request(request_dict, operation_model)
  File "/usr/local/lib/python2.7/dist-packages/botocore/endpoint.py", line 170, in _send_request
    success_response, exception):
  File "/usr/local/lib/python2.7/dist-packages/botocore/endpoint.py", line 249, in _needs_retry
    caught_exception=caught_exception, request_dict=request_dict)
  File "/usr/local/lib/python2.7/dist-packages/botocore/hooks.py", line 227, in emit
    return self._emit(event_name, kwargs)
  File "/usr/local/lib/python2.7/dist-packages/botocore/hooks.py", line 210, in _emit
    response = handler(**kwargs)
  File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 183, in __call__
    if self._checker(attempts, response, caught_exception):
  File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 251, in __call__
    caught_exception)
  File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 277, in _should_retry
    return self._checker(attempt_number, response, caught_exception)
  File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 317, in __call__
    caught_exception)
  File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 223, in __call__
    attempt_number, caught_exception)
  File "/usr/local/lib/python2.7/dist-packages/botocore/retryhandler.py", line 359, in _check_caught_exception
    raise caught_exception
EndpointConnectionError: Could not connect to the endpoint URL: "https://iam.Ireland.amazonaws.com/"

As far as I have understood, endpoint for the IAM should be always https://iam.amazonaws.com (See http://docs.aws.amazon.com/general/latest/gr/rande.html#iam_region).

What am I doing wrong? How to resolve this situation?

ray-su commented 6 years ago

I have a similar problem. when I run " certbot --agree-tos -a certbot-s3front:auth" on my machine.
i get: Traceback (most recent call last): File "c:\python27\lib\runpy.py", line 174, in _run_module_as_main "__main__", fname, loader, pkg_name) File "c:\python27\lib\runpy.py", line 72, in _run_code exec code in run_globals File "C:\Python27\Scripts\certbot.exe\__main__.py", line 5, in <module> File "c:\python27\lib\site-packages\certbot\main.py", line 17, in <module> from certbot import account File "c:\python27\lib\site-packages\certbot\account.py", line 21, in <module> from certbot import util File "c:\python27\lib\site-packages\certbot\util.py", line 23, in <module> from certbot import lock File "c:\python27\lib\site-packages\certbot\lock.py", line 3, in <module> import fcntl ImportError: No module named fcntl

dlapiduz commented 6 years ago

Why is it connecting to iam.ireland? Were you able to figure out the issue?

marko-tuononen commented 6 years ago

Did not find solution on this. Using now certificates provided by Amazon instead.