New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
when issues a certificate fails, the acme certificate config is missings options #939
Comments
sorry, it was a design. That makes sure that if you can successfully issue a cert by your hand, the cronjob will also success. Otherwise, it's useless to save a |
problem is, the certconfig is now between 2 states: the result: --issue fails, the cronjob issues the certificate with --renew-all ( failure due to dns propagation delay ) but doesn't install it in the right location. so if it is by design: remove the certificate dir and config on a failed --issue i would go got option 2, and make it a feature, but i could live with option 1, remove the folder, and prevent the cronjob from issuing the certificate i would consider the current saved config |
mmm maybe my steps to reproduce are unclear
|
yes, I see. But you should not call you should call |
if the cert has not been correctly issued, it's meaningless to renew it. |
@Neilpang for the reproduction, i call it by hand, but the cronjob is installed so the realworld scenario:
now i would call it a great feature, if acme retries failed issues |
conclusion from your statement is that correct ? |
It was also a design to retry in the cronjob. The auto-renew may fail due to the availability of the Letsencrypt CA server or network connectivity . So we should retry at the next day till success. As in your case, I totally understand what you are experiencing here. After you So, another day, you should try There is no harm to you. |
except, then the certificates are not installed, because the certificate is already issues, and i need --force to override it. my biggest problem is dat acme.sh gets in an inconsistent state, and which is detectable and preventable. |
oke, 'WORKAROUND' time if i call when the cron job runs, the certificate will be issues and installed exactly as expected |
Steps to reproduce
/root/.acme.sh/acme.sh --staging --issue --keylength 4096 --webroot /var/www/html/ --domain unresolved.example.org --keypath /etc/ssl/unresolved.example.org/cert.key --fullchainpath /etc/ssl/unresolved.example.org/cert.crt
.acme.sh/unresolved.example.org/unresolved.example.org.conf doesn't contain the installation paths for certificates,
when comparing with a successful requested certificate the following fields are missing
Le_RealCertPath=''
Le_RealCACertPath=''
Le_RealKeyPath='/etc/ssl/unresolved.example.org/cert.key'
Le_ReloadCmd='service apache2 graceful'
Le_RealFullChainPath='/etc/ssl/unresolved.example.org/cert.crt'
while a failed certificate request could be retried by a acme.sh --renew -d , due to the missing settings it doesn't get installed in the right directory,
which gave a a few hours of debugging why 1 certificate was not correct installed, because the cronjob had fixed the failed certificate request with --renew-all
Debug log
The text was updated successfully, but these errors were encountered: