Renewal conf files from pre-0.1.0 releases contain webroot-path as a string, not a list

[lorenz]

I tried to use the new renew subcommand, but it first failed with #2468, which I fixed by manually replacing the port, and then with the following error message:

2016-02-24 19:23:18,395:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/[redacted].conf produced an unexpected error: The webroot plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('t does not exist or is not a directory',). Skipping.

All certificates produced exactly the same error. I looked through the code and it appears it's failing to find the correct webroot path. The path is correct in the config file LE uses to renew the certificate.

[bmw]

Can you provide the config file/log of this problem? The logs are available (by default) in /var/log/letsencrypt. Alternatively, if you can recreate the problem you can just run the client with -vv --debug and include the output.

These files may contain your domain name/e-mail address which you can redact if you wish.

[lorenz]

The errors are the same for every cert, so I'll just post one:

Processing /etc/letsencrypt/renewal/[redacted].conf
2016-02-25 00:11:07,786:INFO:letsencrypt.cli:Ancient renewal conf file without webroot-map, restoring webroot-path
2016-02-25 00:11:07,786:INFO:letsencrypt.cli:Auto-renewal forced with --force-renewal...
2016-02-25 00:11:07,788:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer None
2016-02-25 00:11:07,789:DEBUG:letsencrypt.plugins.disco:Other error:(PluginEntryPoint#webroot): t does not exist or is not a directory
Traceback (most recent call last):
  File "/opt/letsencrypt/src/letsencrypt/plugins/disco.py", line 103, in prepare
    self._initialized.prepare()
  File "/opt/letsencrypt/src/letsencrypt/plugins/webroot.py", line 61, in prepare
    raise errors.PluginError(path + " does not exist or is not a directory")
PluginError: t does not exist or is not a directory
2016-02-25 00:11:07,789:DEBUG:letsencrypt.display.ops:No candidate plugin
2016-02-25 00:11:07,789:DEBUG:letsencrypt.cli:Selected authenticator None and installer None
2016-02-25 00:11:07,789:INFO:letsencrypt.cli:Could not choose appropriate plugin: The webroot plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('t does not exist or is not a directory',)
2016-02-25 00:11:07,789:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/[redacted].conf produced an unexpected error: The webroot plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('t does not exist or is not a directory',). Skipping.
2016-02-25 00:11:07,789:DEBUG:letsencrypt.cli:Traceback was:
Traceback (most recent call last):
  File "/opt/letsencrypt/src/letsencrypt/cli.py", line 1014, in renew
    obtain_cert(lineage_config, plugins, renewal_candidate)
  File "/opt/letsencrypt/src/letsencrypt/cli.py", line 683, in obtain_cert
    installer, authenticator = choose_configurator_plugins(config, plugins, "certonly")
  File "/opt/letsencrypt/src/letsencrypt/cli.py", line 635, in choose_configurator_plugins
    diagnose_configurator_problem("authenticator", req_auth, plugins)
  File "/opt/letsencrypt/src/letsencrypt/cli.py", line 536, in diagnose_configurator_problem
    raise errors.PluginSelectionError(msg)
PluginSelectionError: The webroot plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('t does not exist or is not a directory',)

[bmw]

Hm. What about the renewal config in /etc/letsencrypt/renewal/[redacted].conf?

[lorenz]

Here:

cert = /etc/letsencrypt/live/www.[redacted].com/cert.pem
privkey = /etc/letsencrypt/live/www.[redacted].com/privkey.pem
chain = /etc/letsencrypt/live/www.[redacted].com/chain.pem
fullchain = /etc/letsencrypt/live/www.[redacted].com/fullchain.pem

# Options and defaults used in the renewal process
[renewalparams]
apache_enmod = a2enmod
no_verify_ssl = False
ifaces = None
apache_dismod = a2dismod
installer = None
nginx_ctl = nginx
config_dir = /etc/letsencrypt
text_mode = True
func = <function obtaincert at 0x7f5f15a37a28>
prepare = False
work_dir = /var/lib/letsencrypt
tos = True
duplicate = False
http01_port = 80
init = False
nginx_server_root = /etc/nginx
key_path = None
nginx = False
fullchain_path = ./chain.pem
email = lorenz@dolansoft.org
csr = None
agree_dev_preview = True
redirect = None
verbose_count = -3
config_file = /etc/letsencrypt/webroot.ini
renew_by_default = True
authenticator = webroot
domains = www.[redacted].com, [redacted].com
rsa_key_size = 4096
checkpoints = 1
apache = False
cert_path = ./cert.pem
webroot_path = /etc/letsencrypt/challenges-root
strict_permissions = False
apache_server_root = /etc/apache2
account = [redacted]
dvsni_port = 443
chain_path = ./chain.pem
standalone = False
server = https://acme-v01.api.letsencrypt.org/directory
standalone_supported_challenges = "dvsni,http-01"
apache_init_script = /etc/init.d/apache2
apache_ctl = apache2ctl
apache_le_vhost_ext = -le-ssl.conf
debug = False
manual_test_mode = False
logs_dir = /var/log/letsencrypt
configurator = None

Btw the renew command tries to renew every certificate, not just the ones with less than 30 days remaining.

[bmw]

Were you a private beta participant? Looking at your config file, webroot_path is a string, but since public beta, the value has been a list. If you change the line to this:

webroot_path = /etc/letsencrypt/challenges-root,

it should fix your problem. I'm leaving this open until we have an actual fix in the client though.

Btw the renew command tries to renew every certificate, not just the ones with less than 30 days remaining.

Looking at your log, I see 2016-02-25 00:11:07,786:INFO:letsencrypt.cli:Auto-renewal forced with --force-renewal.... Are you providing --force-renewal or --renew-by-default on the command line? Alternatively, do you have a config file with renew-by-default set to True?

[pde]

We should be able to fix this by checking a type here and turning strings into singleton lists?

[lorenz]

I was indeed a private beta participant. I manually changed the settings and set renew-by-default to false and now everything works (besides that the directory I'm storing the challenges in is a symlink, which doesn't seem to work anymore).