search

vbotka / le-utils

Letsencrypt utilities
BSD 2-Clause "Simplified" License
0 stars 0 forks source link

Error running lectl with certbot-0.9.3/acme-0.9.3 #1

Closed odhiambo closed 7 years ago

odhiambo commented 7 years ago

root@gw:/scripts/letsencrypt # ./lectl -d -n -c -a [OK] lectl: apache stopped [ERR] lectl: /usr/local/bin/certbot renew --dry-run error: 1 [ERR] lectl: /usr/local/bin/certbot renew --dry-run log: WARNING: The standalone specific supported challenges flag is deprecated. Please use the --preferred-challenges flag instead. Saving debug log to /var/log/letsencrypt/letsencrypt.log Currently, the renew verb is only capable of renewing all installed certificates that are due to be renewed; individual domains cannot be specified with this action. If you would like to renew specific certificates, use the certonly command. The renew verb may provide other options for selecting certificates to renew in the future. [OK] lectl: apache restarted

The debug info from letsencrypt.log:

root@gw:/scripts/letsencrypt # less /var/log/letsencrypt/letsencrypt.log 2016-12-19 18:03:15,987:DEBUG:certbot.main:Root logging level set at 20 2016-12-19 18:03:15,988:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2016-12-19 18:03:15,989:DEBUG:certbot.main:certbot version: 0.9.3 2016-12-19 18:03:15,989:DEBUG:certbot.main:Arguments: ['--dry-run'] 2016-12-19 18:03:15,990:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone) 2016-12-19 18:03:15,992:DEBUG:certbot.main:Exiting abnormally: Traceback (most recent call last): File "/usr/local/bin/certbot", line 11, in load_entry_point('certbot==0.9.3', 'console_scripts', 'certbot')() File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 776, in main return config.func(config, plugins) File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 592, in renew renewal.renew_all_lineages(config) File "/usr/local/lib/python2.7/site-packages/certbot/renewal.py", line 310, in renew_all_lineages raise errors.Error("Currently, the renew verb is only capable of " Error: Currently, the renew verb is only capable of renewing all installed certificates that are due to be renewed; individual domains cannot be specified with this action. If you would like to renew specific certificates, use the certonly command. The renew verb may provide other options for selecting certificates to renew in the future.

vbotka commented 7 years ago

Debug info is missing.

Example:

lectl -d -n -c -a

[DBG] lectl: >>> CONFIG [DBG] lectl: LETSENCRYPT: /usr/local/bin/certbot [DBG] lectl: LEROOT: /usr/local/etc/letsencrypt [DBG] lectl: OPENSSL: /usr/bin/openssl [DBG] lectl: X509OPTS: [DBG] lectl: LOGFILE: /var/log/le-utils [DBG] lectl: WEBSERVER: APACHE [DBG] lectl: MAILSERVER: NONE [DBG] lectl: MODE: 2 [DBG] lectl: ALLDOMAINS: 1 [DBG] lectl: VERBOSE: 1 [DBG] lectl: DEBUG: 1 [DBG] lectl: EXPIRE: 0 [DBG] lectl: RAW: 0 [DBG] lectl: DRYRUN: --dry-run [DBG] lectl: DAYS: 999999 [DBG] lectl: DOMAINS: ....

odhiambo commented 7 years ago

Well, then it's just not printing it despite me using -d

On 20 December 2016 at 01:08, Vladimir Botka notifications@github.com wrote:

Debug info is missing.

Example: lectl -d -n -c -a

[DBG] lectl: >>> CONFIG [DBG] lectl: LETSENCRYPT: /usr/local/bin/certbot [DBG] lectl: LEROOT: /usr/local/etc/letsencrypt [DBG] lectl: OPENSSL: /usr/bin/openssl [DBG] lectl: X509OPTS: [DBG] lectl: LOGFILE: /var/log/le-utils [DBG] lectl: WEBSERVER: APACHE [DBG] lectl: MAILSERVER: NONE [DBG] lectl: MODE: 2 [DBG] lectl: ALLDOMAINS: 1 [DBG] lectl: VERBOSE: 1 [DBG] lectl: DEBUG: 1 [DBG] lectl: EXPIRE: 0 [DBG] lectl: RAW: 0 [DBG] lectl: DRYRUN: --dry-run [DBG] lectl: DAYS: 999999 [DBG] lectl: DOMAINS: ....

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/vbotka/le-utils/issues/1#issuecomment-268092919, or mute the thread https://github.com/notifications/unsubscribe-auth/AAyuXsrFCHmi3XxqRWSaV62Gx1xjdPEiks5rJwBhgaJpZM4LRBPQ .

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."

odhiambo commented 7 years ago

root@gw:/scripts/letsencrypt # less /var/log/letsencrypt/letsencrypt.log 2016-12-20 07:20:54,575:DEBUG:certbot.main:Root logging level set at 20 2016-12-20 07:20:54,576:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2016-12-20 07:20:54,578:DEBUG:certbot.main:certbot version: 0.9.3 2016-12-20 07:20:54,578:DEBUG:certbot.main:Arguments: ['--dry-run'] 2016-12-20 07:20:54,579:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone) 2016-12-20 07:20:54,580:DEBUG:certbot.main:Exiting abnormally: <====================== Traceback (most recent call last): File "/usr/local/bin/certbot", line 11, in load_entry_point('certbot==0.9.3', 'console_scripts', 'certbot')() File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 776, in main return config.func(config, plugins) File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 592, in renew renewal.renew_all_lineages(config) File "/usr/local/lib/python2.7/site-packages/certbot/renewal.py", line 310, in renew_all_lineages raise errors.Error("Currently, the renew verb is only capable of " Error: Currently, the renew verb is only capable of renewing all installed certificates that are due to be renewed; individual domains cannot be specified with this action. If you would like to renew specific certificates, use the certonly command. The renew verb may provide other options for selecting certificates to renew in the future.

On 20 December 2016 at 10:13, Odhiambo Washington odhiambo@gmail.com wrote:

Well, then it's just not printing it despite me using -d

On 20 December 2016 at 01:08, Vladimir Botka notifications@github.com wrote:

Debug info is missing.

Example: lectl -d -n -c -a

[DBG] lectl: >>> CONFIG [DBG] lectl: LETSENCRYPT: /usr/local/bin/certbot [DBG] lectl: LEROOT: /usr/local/etc/letsencrypt [DBG] lectl: OPENSSL: /usr/bin/openssl [DBG] lectl: X509OPTS: [DBG] lectl: LOGFILE: /var/log/le-utils [DBG] lectl: WEBSERVER: APACHE [DBG] lectl: MAILSERVER: NONE [DBG] lectl: MODE: 2 [DBG] lectl: ALLDOMAINS: 1 [DBG] lectl: VERBOSE: 1 [DBG] lectl: DEBUG: 1 [DBG] lectl: EXPIRE: 0 [DBG] lectl: RAW: 0 [DBG] lectl: DRYRUN: --dry-run [DBG] lectl: DAYS: 999999 [DBG] lectl: DOMAINS: ....

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/vbotka/le-utils/issues/1#issuecomment-268092919, or mute the thread https://github.com/notifications/unsubscribe-auth/AAyuXsrFCHmi3XxqRWSaV62Gx1xjdPEiks5rJwBhgaJpZM4LRBPQ .

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."

vbotka commented 7 years ago

Would it be possible to check if you are using the latest version and post the hash?

md5 lectl

MD5 (lectl) = c013c10d6ed0928699cb81eae916e9a3

odhiambo commented 7 years ago

I have downloaded afresh now and here is the output:

root@gw:/etc/le-utils-master # ./lectl -d -n -c -a [DBG] lectl: >>> CONFIG [DBG] lectl: LETSENCRYPT: /usr/local/bin/certbot [DBG] lectl: LEROOT: /usr/local/etc/letsencrypt [DBG] lectl: OPENSSL: /usr/bin/openssl [DBG] lectl: X509OPTS: [DBG] lectl: LOGFILE: /var/log/le-utils [DBG] lectl: WEBSERVER: APACHE [DBG] lectl: MAILSERVER: NONE [DBG] lectl: MODE: 2 [DBG] lectl: ALLDOMAINS: 1 [DBG] lectl: VERBOSE: 1 [DBG] lectl: DEBUG: 1 [DBG] lectl: EXPIRE: 0 [DBG] lectl: RAW: 0 [DBG] lectl: DRYRUN: --dry-run [DBG] lectl: DAYS: 999999 [DBG] lectl: DOMAINS: lists.kictanet.or.ke www.kictanet.or.ke [DBG] lectl: LEOWNER: root [DBG] lectl: LEGROUP: wheel [DBG] lectl: LEPRIVDIRS: accounts keys live [DBG] lectl: LEPRIVDIRMOD: 0700 [DBG] lectl: LEPRIVKEYMOD: 0600 [DBG] lectl: <<< CONFIG [DBG] lectl: le-cert-renew: le-cert-info: lists.kictanet.or.ke: notBefore=Oct 16 18:35:00 2016 GMT notAfter=Jan 14 18:35:00 2017 GMT issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 subject= /CN=lists.kictanet.or.ke serial=03E0EE438A93C32FE7D3CAA9B5D6FAEDEDE3 [OK] lectl: Due for renewal. lists.kictanet.or.ke expires in 25 days. [OK] lectl: APACHE status: apache24 is running as pid 14528. [DBG] lectl: RESTART=1 [OK] lectl: APACHE stopped [ERR] lectl: le-cert-renew: line: 232; /usr/local/bin/certbot renew --dry-run error: 1 [ERR] lectl: /usr/local/bin/certbot renew --dry-run log: WARNING: The standalone specific supported challenges flag is deprecated. Please use the --preferred-challenges flag instead. Saving debug log to /var/log/letsencrypt/letsencrypt.log Currently, the renew verb is only capable of renewing all installed certificates that are due to be renewed; individual domains cannot be specified with this action. If you would like to renew specific certificates, use the certonly command. The renew verb may provide other options for selecting certificates to renew in the future. [OK] lectl: APACHE restarted

On 20 December 2016 at 10:38, Vladimir Botka notifications@github.com wrote:

Would it be possible to check if you are using the latest version and post the hash? md5 lectl

MD5 (lectl) = c013c10d6ed0928699cb81eae916e9a3

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/vbotka/le-utils/issues/1#issuecomment-268175710, or mute the thread https://github.com/notifications/unsubscribe-auth/AAyuXgvdaODH-kH0wqPNe0nC9GepSU1eks5rJ4XfgaJpZM4LRBPQ .

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."

vbotka commented 7 years ago

I can't reproduce the error you reported:

[OK]  lectl:  Due for renewal. lists.kictanet.or.ke expires in 25 days.
[OK]  lectl:  APACHE status: apache24 is running as pid 14528.
[DBG] lectl:  RESTART=1
[OK]  lectl:  APACHE stopped
[ERR] lectl:  le-cert-renew: line: 232; /usr/local/bin/certbot renew
 --dry-run error: 1
[ERR] lectl:  /usr/local/bin/certbot renew  --dry-run log:
WARNING: The standalone specific supported challenges flag is deprecated.

Instead I see the following log (changed my real domain to foo.bar)

[OK]  lectl:  Due for renewal. foo.bar expires in 23 days.
[OK]  lectl:  APACHE status: apache24 is running as pid 44265.
[DBG] lectl:  RESTART=1
[OK]  lectl:  APACHE stopped
[OK]  lectl:  /usr/local/bin/certbot log: 

-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/foo.bar.conf
-------------------------------------------------------------------------------

...

** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /usr/local/etc/letsencrypt/live/foo.bar/fullchain.pem (success)

...

Be sure you are running updated 10.3 with latest certbot from ports.

odhiambo commented 7 years ago

Hi Valdo,

I am running this on FreeBSD 8.4-STABLE.

Does that represent the problem?

On 24 December 2016 at 15:36, Vladimir Botka notifications@github.com wrote:

I can't reproduce the error you reported:

[OK] lectl: Due for renewal. lists.kictanet.or.ke expires in 25 days. [OK] lectl: APACHE status: apache24 is running as pid 14528. [DBG] lectl: RESTART=1 [OK] lectl: APACHE stopped [ERR] lectl: le-cert-renew: line: 232; /usr/local/bin/certbot renew --dry-run error: 1 [ERR] lectl: /usr/local/bin/certbot renew --dry-run log: WARNING: The standalone specific supported challenges flag is deprecated.

Instead I see the following log (changed my real domain to foo.bar)

[OK] lectl: Due for renewal. foo.bar expires in 23 days. [OK] lectl: APACHE status: apache24 is running as pid 44265. [DBG] lectl: RESTART=1 [OK] lectl: APACHE stopped [OK] lectl: /usr/local/bin/certbot log:

Processing /usr/local/etc/letsencrypt/renewal/foo.bar.conf

...

DRY RUN: simulating 'certbot renew' close to cert expiry (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed: /usr/local/etc/letsencrypt/live/www.botkova.cz/fullchain.pem (success)

...

Be sure you are running updated 10.3 with latest certbot from ports.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/vbotka/le-utils/issues/1#issuecomment-269082733, or mute the thread https://github.com/notifications/unsubscribe-auth/AAyuXrX7IdsED97cP_X2pPt7NZMX5vajks5rLRG5gaJpZM4LRBPQ .

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."

odhiambo commented 7 years ago

Hi Vlado,

I am happy to report that the scripts actually work very well on my FreeBSD-8.4 systems. This problem I was facing was cause by relic of letsencrypt which I had installed on this system and which certbot script was using. Given that there have been various scripts written towards attempts to automate the certificate management, I had some config files in /usr/local/etc/letsencrypt which were the ones causing problems. Once I identified and changed them, everything now works dandy!

I find le-utils the best scripts ever for certificates management.

On 24 December 2016 at 16:16, Odhiambo Washington odhiambo@gmail.com wrote:

Hi Valdo,

I am running this on FreeBSD 8.4-STABLE.

Does that represent the problem?

On 24 December 2016 at 15:36, Vladimir Botka notifications@github.com wrote:

I can't reproduce the error you reported:

[OK] lectl: Due for renewal. lists.kictanet.or.ke expires in 25 days. [OK] lectl: APACHE status: apache24 is running as pid 14528. [DBG] lectl: RESTART=1 [OK] lectl: APACHE stopped [ERR] lectl: le-cert-renew: line: 232; /usr/local/bin/certbot renew --dry-run error: 1 [ERR] lectl: /usr/local/bin/certbot renew --dry-run log: WARNING: The standalone specific supported challenges flag is deprecated.

Instead I see the following log (changed my real domain to foo.bar)

[OK] lectl: Due for renewal. foo.bar expires in 23 days. [OK] lectl: APACHE status: apache24 is running as pid 44265. [DBG] lectl: RESTART=1 [OK] lectl: APACHE stopped [OK] lectl: /usr/local/bin/certbot log:

Processing /usr/local/etc/letsencrypt/renewal/foo.bar.conf

...

DRY RUN: simulating 'certbot renew' close to cert expiry (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed: /usr/local/etc/letsencrypt/live/www.botkova.cz/fullchain.pem (success)

...

Be sure you are running updated 10.3 with latest certbot from ports.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/vbotka/le-utils/issues/1#issuecomment-269082733, or mute the thread https://github.com/notifications/unsubscribe-auth/AAyuXrX7IdsED97cP_X2pPt7NZMX5vajks5rLRG5gaJpZM4LRBPQ .

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."

vbotka commented 7 years ago

OK. Let's close the issue. Thank you for comments.