Missing certbot and python3-certbot-apache in Debian 12 TurnKey LAMP

[neocharles]

I am using Proxmox and created a container with the debian-12-turnkey-lamp_18.0-1_amd64.tar.gz template. I encountered an issue where both certbot and python3-certbot-apache were missing from the install. These packages had to be manually installed before I could utilize the Let's Encrypt option within confconsole.

Steps to Reproduce:

1. Create a new container on Proxmox using the debian-12-turnkey-lamp_18.0-1_amd64.tar.gz template.
2. Attempt to use the Let's Encrypt option within confconsole.
3. Observe the missing certbot and python3-certbot-apache packages.

Expected Behavior: certbot and python3-certbot-apache should be pre-installed in the Debian 12 TurnKey LAMP template to allow immediate use of the Let's Encrypt option within confconsole.

Actual Behavior: certbot and python3-certbot-apache are missing and need to be installed manually.

Additional Information:

Proxmox Version: 8.2.4 Template: debian-12-turnkey-lamp_18.0-1_amd64.tar.gz

Error Message:

Traceback (most recent call last):
  File "/usr/bin/confconsole", line 719, in loop
    new_dialog = method()
                  ^^^^^^^^
  File "/usr/lib/confconsole/plugin.py", line 121, in run
    ret: Optional[str] = self.module.run()
                         ^^^^^^^^^^^^^^^^^
  File "/usr/lib/confconsole/plugins.d/Lets_Encrypt/get_certificate.py", line 153, in run
    config = dns_01.load_config()
             ^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'load_config'

Workaround: Manually install the missing packages:

apt-get update
apt-get install certbot python3-certbot-apache

[JedMeister]

Hi @neocharles

Thanks heaps for your bug report and sorry to hear of your poor experience.

Thanks too for sharing a workaround, although your suggestion shouldn't make any difference!?

Confconsole doesn't use certbot, it uses dehydrated. It also doesn't use Apache to serve the challenges.

We use dehyrdated with a custom micro server for HTTP-01 challenges so that it can use the same config for any of the 3 most popular webservers; Apache, Nginx & LigHTTPd. It is designed in a way that also makes it easy to add support for other servers as desired in the future.

Anyway, I have a few questions:

After installing certbot, did you set it up yourself? Or use Confconsole again to successfully get a cert?

If you used Confconsole, did you by chance run apt upgrade (or apt install confconsole) before your retry?

Regardless, could you please share the version of confconsole you have installed. I.e. share the output of:

apt list confconsole

FWIW looking at the stacktrace you've posted, it seems that Confconsole can't find the dns_01 library? That should have been included in all v18.0 builds?! Very strange...

Regardless, a v18.1 LAMP update is in the build queue and should be available soon. That will include the latest Confconsole and other packages.

There's no need for you to update to that one though. Running apt upgrade on your current server should essentially give you the same thing as what you'll get if you launch the v18.1 point release (once it's available).

[JedMeister]

Quick follow up, it looks like a very similar (albeit not identical) issue was noted mid last year - while TurnKey v18.0 was in early pre-release testing. That particular issue should have been fixed very soon after - in Confconsole v2.0.6+2+gc814701.

I can only assume that there must have been a regression of some sort that somehow made it through our testing.

According to the v18.0 LAMP manifest it shipped with Confconsole v2.1.1 - latest is v2.1.6.

[JedMeister]

I've had a bit more of a look at this and the updated confconsole package (i.e. apt update && apt install confconsole) resolved this issue.

Regardless, LAMP v18.1 has been released (a few weeks ago). It includes the updated confconsole pre-installed OOTB.

Closing this now.