Lets encrypt script broken? - Docker

ncp
docker
letsencrypt

#1

Hi all. I’m running the latest docker version from ownyourbits and am having issues getting my certificate from lets encrypt. When I run it I get the below output (modified to hide my domain)

[ letsencrypt ]
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.mydomain.com
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0002_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0002_csr-certbot.pem
An unexpected error occurred:
IOError: [Errno 2] No such file or directory: u'/etc/letsencrypt/live/cloud.mydomain.com-0001/cert.pem'
Please see the logfiles in /var/log/letsencrypt for more details.

I actually tried this yesterday on an instance I had recovered and thought that perhaps something had gone wrong in the recovery, however when doing it today from a fresh install I got the same results. I should note that this isn’t a complete vaccume, I have also installed ddclient and pihole on this raspberry pi.

The 2nd to last line where it says No such file or directory: u’/etc/letsencrypt/… appears to be the major issue. I can tell the cert is being generated because I actually ran into the limit (apparently lets encrypt will only let you create 5 certs per subdomain per week, and I’m locked out for a bit now). I’ve done this before and it worked fine, so I’m wondering if there isn’t an bug in the latest docker image? That directory seems like garbage to me, and I’m guessing if whatever script called it dropped the u’ it would work just fine as etc/letsencrypt/live/ does exist in my docker container.

Am I on the right track here, and does anyone know if I can fix this or if the image has to be fixed?


#2

For what it’s worth it’s looking for u'/etc/letsencrypt/live/cloud.mydomain.com-0001/cert.pem'. I don’t see that path, but when searching both my data and app folders for “cert.pem” I do see a similar path. I’ll put them one on top of another below so you can see:
/etc/letsencrypt/live/cloud.mydomain.com-0001/cert.pem
/etc/live/cloud.mydomain.com-0001/cert.pem

Figuring I can’t break it too badly I made a symlink so that it appears as if that letsencrypt folder is there. It didn’t help.


#3

that is weird. I would have to test it out… I don’t have access to a computer right now…

anyone else seeing this?


#4

I have the same problem with both nextcloudpi (armhf and x86) docker images.

I’ve literally touched to nothing, just pull the image, run a container and run the script

Here are the last lines of my /var/log/letsencrypt/letsencrypt.log file if it’s useful :

2018-08-02 02:20:27,868:DEBUG:certbot.storage:Creating directory /etc/letsencrypt/archive.
2018-08-02 02:20:27,868:DEBUG:certbot.storage:Archive directory /etc/letsencrypt/archive/cloud.domain.cf and live directory /etc/letsencrypt/live/cloud.domain.cf created.
2018-08-02 02:20:27,869:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/letsencrypt", line 11, in <module>
    load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 849, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 626, in obtain_cert
    action, _ = _auth_from_available(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 107, in _auth_from_available
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 309, in obtain_and_enroll_certificate
    self.config)
  File "/usr/lib/python2.7/dist-packages/certbot/storage.py", line 967, in new_lineage
    with open(target["cert"], "wb") as f:
IOError: [Errno 2] No such file or directory: u'/etc/letsencrypt/live/cloud.domain.cf/cert.pem'

#5

let me investigate… I won’t have a computer for several weeks, so if someone else can look at it that would be ideal.

otherwise we shall have to wait


#6

@nachoparker

Sorry I’m not able to make a github account right now, but I did enter a shell as you’d suggested (docer exec -ti nextcloudpi /bin/bash) and was able to find the etc/letsencrypt directory. However, I don’t see that directory or a symlink for it anywhere when I’m not in that shell. Smells kind of odd to me.


#7

I think I know what’s going on. Unfortunately we will have to wait until I have a computer available to fix it, unless somebody else is willing to provide a fix through github that I can accept.


#8

Hey, I have the same issue. You know how to fix that ?
I could fix that today


#9

look at the info in the github issue

it is probably a matter of changing the way the letsencrypt data is copied and linked to the persistent volume