ACME v1 v2 account reuse fails to create relative symlinks - breaks when paths change #7677
Labels
area: acme
area: cert management
bug
priority: unplanned
Work that we believe should be done, but does not have a higher priority.
The reuse account functionality, e.g. v2 can reuse v1 accounts, makes full canonical symlinks rather than relative symlinks. This leads to problems when the
letsencrypt/
folder is moved, renamed, migrated, etc. This is in contrast to the relative symlink method already used betweenlive/
andarchive/
.certbot/certbot/certbot/_internal/account.py
Lines 182 to 203 in 9e5bca4
Setup
/etc/letsencrypt
that has v1 and v2 account support and therefore has the v2 accounts directory symlinked to the v1 accounts directoryRepro
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org
contains a working symlink nameddirectory
->/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory
mv /etc/letsencrypt /etc/letsencryptnew
Result
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org
now contains a failing symlink. This is because that symlink was to the full canonical path instead of a relative pathExpected
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org
contains a working symlinkThe text was updated successfully, but these errors were encountered: