Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Certbot crash when applying certificate #5866

Closed
Krutonium opened this issue Apr 13, 2018 · 1 comment

Comments

@Krutonium
Copy link

commented Apr 13, 2018

If you're having trouble using Certbot and aren't sure you've found a bug or
request for a new feature, please first try asking for help at
https://community.letsencrypt.org/. There is a much larger community there of
people familiar with the project who will be able to more quickly answer your
questions.

My operating system is (include version):

Ubuntu 16.04

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

I installed it with apt.

I ran this command and it produced this output:

Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/krucloud.duckdns.org-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/krucloud.duckdns.org-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/krugit.duckdns.org-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/krugit.duckdns.org-le-ssl.conf
File:
 - Could not be found to be deleted /etc/apache2/sites-available/krupanel.duckdns.org-le-ssl.conf - Certbot probably shut down unexpectedly
An unexpected error occurred

Certbot's behavior differed from what I expected because:

It crashed and failed to apply the certificate.

Here is a Certbot log showing the issue (if available):

Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.
2018-04-13 01:52:17,612:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 442, in deploy_certificate
    fullchain_path=fullchain_path)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 302, in deploy_cert
    vhosts = self.choose_vhosts(domain)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 326, in choose_vhosts
    return [self.choose_vhost(domain)]
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 501, in choose_vhost
    vhost = self.make_vhost_ssl(vhost)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 1074, in make_vhost_ssl
    self._copy_create_ssl_vhost_skeleton(nonssl_vhost, ssl_fp)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 1220, in _copy_create_ssl_vhost_skeleton
    ssl_vh_contents, sift = self._sift_rewrite_rules(orig_contents)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 1292, in _sift_rewrite_rules
    line = next(contents)
StopIteration

2018-04-13 01:52:17,612:DEBUG:certbot.error_handler:Calling registered functions
2018-04-13 01:52:17,614:WARNING:certbot.reverter:File:
 - Could not be found to be deleted /etc/apache2/sites-available/krupanel.duckdns.org-le-ssl.conf - Certbot probably shut down unexpectedly
2018-04-13 01:52:17,627:DEBUG:certbot.reporter:Reporting to user: Unable to install the certificate
2018-04-13 01:52:17,628:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.22.2', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1266, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1038, in run
    _install_cert(config, le_client, domains, new_lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 760, in _install_cert
    path_provider.cert_path, path_provider.chain_path, path_provider.fullchain_path)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 442, in deploy_certificate
    fullchain_path=fullchain_path)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 302, in deploy_cert
    vhosts = self.choose_vhosts(domain)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 326, in choose_vhosts
    return [self.choose_vhost(domain)]
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 501, in choose_vhost
    vhost = self.make_vhost_ssl(vhost)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 1074, in make_vhost_ssl
    self._copy_create_ssl_vhost_skeleton(nonssl_vhost, ssl_fp)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 1220, in _copy_create_ssl_vhost_skeleton
    ssl_vh_contents, sift = self._sift_rewrite_rules(orig_contents)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 1292, in _sift_rewrite_rules
    line = next(contents)
StopIteration
2018-04-13 01:52:17,630:ERROR:certbot.log:An unexpected error occurred:

Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:

<VirtualHost *:80>
ServerName www.krupanel.duckdns.org
ServerAlias krupanel.duckdns.org
DocumentRoot /var/www/html
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:19999/
ProxyPass / https://0.0.0.0:19999/
ProxyPassReverse / http://0.0.0.0:19999/
ProxyPassReverse / https://0.0.0.0:19999/
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.krupanel.duckdns.org [OR]
RewriteCond %{SERVER_NAME} =krupanel.duckdns.org
<Proxy *>
Order deny,allow
Allow from all
Authtype basic
Authname "Password Required"
AuthUserFile /etc/apache2/.panelpass
Require valid-user
</Proxy>
</VirtualHost>
@joohoi

This comment has been minimized.

Copy link
Member

commented Apr 13, 2018

This is a duplicate of #5255, so closing the issue in favor of keeping the discussion in one place.

In short, Certbot has a bug in parsing of dysfunctional rewrite rules (RewriteCond without a following RewriteRule). A workaround for the time being is to comment out or disable the existing RewriteCond directives, as they do not do anything presently.

@joohoi joohoi closed this Apr 13, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.