Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Segmentation fault" #5352

Closed
ElishaDev opened this issue Dec 30, 2017 · 12 comments
Closed

"Segmentation fault" #5352

ElishaDev opened this issue Dec 30, 2017 · 12 comments
Labels
area: debian / ubuntu area: pkging

Comments

@ElishaDev
Copy link

ElishaDev commented Dec 30, 2017
edited
Loading

My operating system is (include version):

Distributor ID: Raspbian
Description: Raspbian GNU/Linux 8.0 (jessie)
Release: 8.0
Codename: jessie

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

OS package manager

I ran this command and it produced this output:

certbot --apache -v
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot version: 0.10.2
Arguments: ['--apache', '-v']
Discovered plugins:
PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
Requested authenticator apache and installer apache
Segmentation fault
@SwartzCr
Copy link
Contributor

SwartzCr commented Jan 2, 2018

Is that the whole output in the error log?
Can you run it again with -vvvvv?
@hlieberman do you have any ideas about what might be going on?

@hlieberman
Copy link
Member

hlieberman commented Jan 2, 2018 via email

@imme64
Copy link

imme64 commented Jan 3, 2018

I have the same segmentation fault, Debian 8.10, certbot version: 0.10.2.

@SwartzCr
Copy link
Contributor

SwartzCr commented Jan 3, 2018

@am-immanuel are you able to provide a full log so that we can try to find the root cause?

@imme64
Copy link

imme64 commented Jan 4, 2018

Of course! Here the logs for the invocationcertbot renew -vvvvv. Standard output basically shows the same.

2018-01-04 08:17:12,689:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-01-04 08:17:12,690:DEBUG:certbot.main:certbot version: 0.10.2
2018-01-04 08:17:12,690:DEBUG:certbot.main:Arguments: ['-vvvvv']
2018-01-04 08:17:12,690:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2018-01-04 08:17:12,695:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2018-01-04 08:17:12,696:DEBUG:parsedatetime:CRE_UNITS matched
2018-01-04 08:17:12,697:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2018-01-04 08:17:12,697:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2018-01-04 08:17:12,697:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2018-01-04 08:17:12,697:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2018, tm_mon=1, tm_mday=4, tm_hour=8, tm_min=17, tm_sec=12, tm_wday=3, tm_yday=4, tm_isdst=0))
2018-01-04 08:17:12,697:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2018-01-04 08:17:12,697:DEBUG:parsedatetime:units days --> realunit days
2018-01-04 08:17:12,697:DEBUG:parsedatetime:return
2018-01-04 08:17:12,697:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2018-01-21 23:06:30 UTC.
2018-01-04 08:17:12,697:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2018-01-04 08:17:12,708:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache```

@imme64
Copy link

imme64 commented Jan 4, 2018

I found the reason: My apache configuration contains a very large list of IP filters (more then 200000 "deny from" lines). This causes the segmentation fault.

Thanks for your support! No more problems from my side.

@SwartzCr
Copy link
Contributor

SwartzCr commented Jan 5, 2018

Awesome
@xJustx have you made any progress with your issue?

@ElishaDev
Copy link
Author

ElishaDev commented Jan 8, 2018
edited
Loading

Sorry for the delayed answer.
@SwartzCr Output of certbot renew -vvvvv:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot version: 0.10.2
Arguments: ['-vvvvv']
Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/xxx.xxx.xxx.conf
-------------------------------------------------------------------------------
parse (top of loop): [30 days][]
CRE_UNITS matched
parse (bottom) [][30 days][][]
weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
dayStr False, modifier False, modifier2 False, units True, qunits False
_evalString(30 days, time.struct_time(tm_year=2018, tm_mon=1, tm_mday=8, tm_hour=21, tm_min=57, tm_sec=28, tm_wday=0, tm_yday=8, tm_isdst=0))
_buildTime: [30 ][][days]
units days --> realunit days
return
Should renew, less than 30 days before certificate expiry 2017-12-28 21:22:22 UTC.
Cert is due for renewal, auto-renewing...
Requested authenticator apache and installer apache
Segmentation fault

@SwartzCr
Copy link
Contributor

Are you running SELinux, GRSecurity, AppArmor, or another MAC?

@ElishaDev
Copy link
Author

Nope, I don't.

@hlieberman
Copy link
Member

Hi @xJustx!

Unfortunately, to get this solved, I'm going to need a bit more info from you. The thing I need is a "core file" -- it's what the kernel spits out when a program segfaults. It's possible that it could contain private information, so I'm going to also ask you to encrypt it for your protection before you send it along.

To get certbot to dump out a core file, open up a new terminal and run the command ulimit -c 585938. This will cause certbot to dump out a core file. Then, run the command that produces the problem: certbot renew -vvvv.

Once it segfaults, you should see a file called core in your current directory. Compress it by running gzip core. Then we need to encrypt it. You should have my encryption key on your computer already; check if ls -l /usr/share/keyrings/debian-keyring.gpg returns a file. If not, install it with apt install debian-keyring.

Once you have that, encrypt your core file with the command gpg -e -r hlieberman@debian.org --keyring /usr/share/keyrings/debian-keyring.gpg core.gz. That will give you an encrypted core file with the name core.gz.gpg or similar. If that file is less than 10Mb, go ahead and email it to me. If it's larger, put it up at your favorite filehost and email me the link to it. The log file for that particular run would also be awesome.

Thanks for your help, and sorry you're running into these problems!

@joohoi
Copy link
Member

joohoi commented Mar 29, 2019

This issue hasn't been updated for quite a long time, and things have changed quite a bit since. I'm closing this issue as deprecated, but feel free to comment if this is not the case, and we can reopen the issue.

@joohoi joohoi closed this as completed Mar 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: debian / ubuntu area: pkging
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@SwartzCr @hlieberman @joohoi @imme64 @ElishaDev