patricktg
commented
2 years ago By the way, it appears to be working again.
Closed patricktg closed 2 years ago
patricktg
commented
2 years ago By the way, it appears to be working again.
This last worked in July with no updates to python/certbot/s3front. I was able to manually use cli aws iam to upload the cert, then I logged into cloudfront and choose the new cert since I was nearing expiry. I get an erroneous invalid credentials message, but my account with Let’s Encrypt and AWS work fine and then generated cert fails to upload to aws:iam, update aws:cloudfront. I saw in logs s3front successfully updated well known hosts and acme then issued cert, I see cert on local certbot file system. Then in logs I see the install portion of s3front try to make a call to a non-routable 169.254 IP, then do a post with new certificate and then fails saying no credentials. The two AWS variables are set and did work from the script to place file on s3 for LE to issue the cert. I then used AWS cli, with same credentials, to manually upload the cert to IAM.
2021-10-04 17:54:13,722:DEBUG:botocore.utils:Caught retryable HTTP exception while making metadata service request to http://169.254.169.254/latest/api/token: Connect timeout on endpoint URL: "http://169.254.169.254/latest/api/token" Traceback (most recent call last): File "/usr/local/Cellar/certbot/1.19.0/libexec/lib/python3.9/site-packages/urllib3/connection.py", line 169, in _new_conn conn = connection.create_connection( File "/usr/local/Cellar/certbot/1.19.0/libexec/lib/python3.9/site-packages/urllib3/util/connection.py", line 96, in create_connection raise err File "/usr/local/Cellar/certbot/1.19.0/libexec/lib/python3.9/site-packages/urllib3/util/connection.py", line 86, in create_connection sock.connect(sa) socket.timeout: timed out
17:54:14,948:DEBUG:botocore.endpoint:Making request for OperationModel(name=UploadServerCertificate) with params: {'url_path': '/', 'query_string': '', 'method': 'POST', 'headers': {'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8', 'User-Agent': 'Boto3/1.17.112 Python/3.9.7 Darwin/19.6.0 Botocore/1.20.112'}, 'body': {'Action': 'UploadServerCertificate', 'Version': '2010-05-08', 'Path': '/cloudfront/letsencrypt/', 'ServerCertificateName': 'le-diff name.net-#######', 'CertificateBody': '-----BEGIN CERTIFICATE-----\nMIIFNjCCBB6gAwIBAgISBOibeQhpG98ietpgQc1UlOFfMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTEw
2021-10-04 17:54:14,949:ERROR:certbot._internal.renewal:Failed to renew certificate nameremoved.net with error: Unable to locate credentials 2021-10-04 17:54:14,963:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/usr/local/Cellar/certbot/1.19.0/libexec/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 475, in handle_renewal_request main.renew_cert(lineage_config, plugins, renewal_candidate)