Closed HeneryH closed 4 years ago
nicki-krizek
commented
7 years ago I am getting some path errors even though I set my WORK_DIR.
Just to verify, I suppose you mean WORKDIR in both setup-le.sh and renew-le.sh, correct?
Also, does this happen with a fresh installation or have you tried to previously run letsencrypt?
My guess is this could be caused by some recent changes of lestencrypt command. Could you provide the version of certbot that in installed? (rpm -q certbot)
HeneryH
commented
7 years ago Yes, the $WORK_DIR script in the setup-le.sh which is also referred to in the renew-le.sh script.
On a fresh install running the script from my home_dir but referencing the path to work_dir fails.
It only works when executed from the work_dir.
On Fri, Dec 9, 2016 at 3:32 AM, Tomas Krizek notifications@github.com wrote:
I am getting some path errors even though I set my WORK_DIR.
Just to verify, I suppose you mean WORKDIR in both setup-le.sh and renew-le.sh, correct?
Also, does this happen with a fresh installation or have you tried to previously run letsencrypt?
My guess is this could be caused by some recent changes of lestencrypt command. Could you provide the version of certbot that in installed? (rpm -q certbot)
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/freeipa/freeipa-letsencrypt/issues/4#issuecomment-265960884, or mute the thread https://github.com/notifications/unsubscribe-auth/ABLI_9qUn21EH3B2JxhNoDRJa8-Ar_lJks5rGRI2gaJpZM4LIISm .
nicki-krizek
commented
7 years ago Yes, the $WORK_DIR
I actually wanted to check that you mean WORKDIR, without the underscore - to rule out any typos.
jmtrue
commented
7 years ago I ran into this issue when I ran the script from outside my ipa-le directory and in my root home directory instead, even though the WORKDIR was set correctly in each script. The files generated by the script were placed in the directory I ran the script from instead of the WORKDIR and obviously couldn't be found by the script.
This left me with the httpd service not running and without the certificate installed, which of course makes the site inaccessible. This also leaves the system in a "broken" state that can't be fixed by running the setup script again from the correct location, because the script depends on having the server running at the start. I fixed it by running the last two commands in the renew script from the directory I originally ran the script from (containing the pem files), which I've included below for reference.
sudo certutil -A -d /etc/httpd/alias/ -n Server-Cert -t u,u,u -a -i 0000_cert.pem sudo service httpd start
In my installation of FreeIPA with Let's Encrypt I am getting some path errors even though I set my WORK_DIR.
I have hacked around this by making sure I execute out of the specified directory but there might be a bug somewhere related to paths.
It looks like there is a mix-up between my home directory and the working directory.
`IMPORTANT NOTES:
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
certutil: unable to open "/root/ipa-le/0000_cert.pem" for reading (-5950, 2).
Once I run this step, my web server is no longer accessible even with a prompt to override a non-secure certificate. At the end of my httpd log I see this
[Thu Dec 08 11:38:22.976583 2016] [core:notice] [pid 1076] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0 [Thu Dec 08 11:38:22.980950 2016] [suexec:notice] [pid 1076] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Dec 08 11:38:22.980971 2016] [:warn] [pid 1076] NSSSessionCacheTimeout is deprecated. Ignoring. [Thu Dec 08 11:38:23.352225 2016] [:error] [pid 1076] Certificate not found: 'Server-Cert'
[root@ipa-a ipa-le]# pwd /root/ipa-le [root@ipa-a ipa-le]# find . -ls 16959290 0 drwxr-xr-x 3 root root 92 Dec 8 12:59 . 16959291 4 -rw-r--r-- 1 root root 764 Dec 8 11:35 ./README.md 16959293 4 -rwxr-xr-x 1 root root 347 Dec 8 11:35 ./setup-le.sh 8499079 0 drwxr-xr-x 2 root root 187 Dec 8 11:35 ./ca 8499080 4 -rw-r--r-- 1 root root 1220 Dec 8 11:35 ./ca/DSTRootCAX3.pem 8499081 4 -rw-r--r-- 1 root root 1702 Dec 8 11:35 ./ca/LetsEncryptAuthorityX1.pem 8499082 4 -rw-r--r-- 1 root root 1675 Dec 8 11:35 ./ca/LetsEncryptAuthorityX2.pem 8499083 4 -rw-r--r-- 1 root root 1647 Dec 8 11:35 ./ca/LetsEncryptAuthorityX3.pem 8499084 4 -rw-r--r-- 1 root root 1647 Dec 8 11:35 ./ca/LetsEncryptAuthorityX4.pem 8499085 4 -rw-r--r-- 1 root root 1967 Dec 8 11:35 ./ca/isrgrootx1.pem 17250543 4 -rwxr-xr-x 1 root root 1110 Dec 8 11:35 ./renew-le.sh 16959284 4 -rw-r----- 1 root root 660 Dec 8 11:37 ./httpd-csr.der
[jjflynn22@ipa-a ~]$ pwd /home/jjflynn22 [jjflynn22@ipa-a ~]$ ls -la total 32 drwx------. 5 jjflynn22 jjflynn22 217 Dec 8 11:37 . drwxr-xr-x. 3 root root 23 Dec 7 13:01 .. -rw-r--r--. 1 root root 1801 Dec 8 11:37 0000_cert.pem -rw-r--r--. 1 root root 1647 Dec 8 11:37 0000_chain.pem -rw-r--r--. 1 root root 3448 Dec 8 11:37 0001_chain.pem -rw-------. 1 jjflynn22 jjflynn22 1500 Dec 8 11:37 .bash_history -rw-r--r--. 1 jjflynn22 jjflynn22 18 Sep 30 04:25 .bash_logout -rw-r--r--. 1 jjflynn22 jjflynn22 193 Sep 30 04:25 .bash_profile -rw-r--r--. 1 jjflynn22 jjflynn22 231 Sep 30 04:25 .bashrc drwxrwxr-x. 4 jjflynn22 jjflynn22 83 Dec 8 11:35 freeipa-letsencrypt -rw-rw-r--. 1 jjflynn22 jjflynn22 36 Dec 8 11:35 .gitconfig drwxrw----. 3 jjflynn22 jjflynn22 19 Dec 8 11:35 .pki drwx------. 2 jjflynn22 jjflynn22 29 Dec 7 13:12 .ssh `