SSL certificate output generation step failed - string indices must be integers

[FMKerckhof]

Hi, I am unsure if this is related to #8 but I am receiving the error below which I find it hard to make sense of - especially since I have used this ansible role for other provisioning in the past without problem.

TASK [nickjj.letsencrypt : Show SSL certificate generation output] *********************************************
fatal: [host1]: FAILED! => {
    "failed_when_result": true,
    "letsencrypt_register_output": {
        "changed": true,
        "cmd": "acme_tiny --account-key /usr/local/acme-tiny/account.key  --csr /usr/local/acme-tiny/chat.kytos.be.csr  --acme-dir /var/www/html/.well-known/acme-challenge/  --directory-url https://acme-v02.api.letsencrypt.org/ > /usr/local/acme-tiny/chat.kytos.be.crt\n",
        "delta": "0:00:00.771978",
        "end": "2024-05-16 13:20:15.420442",
        "failed": false,
        "failed_when_result": false,
        "msg": "non-zero return code",
        "rc": 1,
        "start": "2024-05-16 13:20:14.648464",
        "stderr": "Parsing account key...\nParsing CSR...\nFound domains: chat.kytos.be\nGetting directory...\nDirectory found!\nRegistering account...\nTraceback (most recent call last):\n  File \"/usr/local/bin/acme_tiny\", line 203, in <module>\n    main(sys.argv[1:])\n  File \"/usr/local/bin/acme_tiny\", line 199, in main\n    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)\n  File \"/usr/local/bin/acme_tiny\", line 117, in get_crt\n    account, code, acct_headers = _send_signed_request(directory['newAccount'], reg_payload, \"Error registering\")\nTypeError: string indices must be integers",
        "stderr_lines": [
            "Parsing account key...",
            "Parsing CSR...",
            "Found domains: chat.kytos.be",
            "Getting directory...",
            "Directory found!",
            "Registering account...",
            "Traceback (most recent call last):",
            "  File \"/usr/local/bin/acme_tiny\", line 203, in <module>",
            "    main(sys.argv[1:])",
            "  File \"/usr/local/bin/acme_tiny\", line 199, in main",
            "    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)",
            "  File \"/usr/local/bin/acme_tiny\", line 117, in get_crt",
            "    account, code, acct_headers = _send_signed_request(directory['newAccount'], reg_payload, \"Error registering\")",
            "TypeError: string indices must be integers"
        ],
        "stdout": "",
        "stdout_lines": []
    }
}

I am using the latest version (v 0.3.2) on Ubuntu 22.04 with Python 3.10.12. Thanks in advance for any pointers.

[nickjj]

Hi,

Did it work in the past with the same version of this role, distro and Python?

[FMKerckhof]

Hi Nick,

Indeed, before I was using v 0.3.1 - I rolled back and it appears to have worked :-). With respect to the distro and python: before I was using Ubuntu 20.04 and Python 3.8 (it's been a while that I used this role).

Kind regards,

FM

[nickjj]

So it's working now with your current system but using v0.3.1 of this role?

[FMKerckhof]

yes indeed - which is surprising since in bf414834f2947afffe0b64b11a550e18bda3936d the acme-tiny was updated to latest 😕

[FMKerckhof]

I think I spoke too soon - while the site does show that the certificates were created by letsencrypt certbot certificates shows "No certificates found" so I cannot renew the certificates etc - are there any diagnostics/logs I could provide for this issue?

[nickjj]

This role doesn't install certbot but this role does set up a cron job to handle renewals.

If something failed during the certificate issuing process it would be logged in /var/log/acme-tiny.