Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to upload/update renewed cert via s3front #89

Closed
patricktg opened this issue Oct 5, 2021 · 1 comment
Closed

Unable to upload/update renewed cert via s3front #89

patricktg opened this issue Oct 5, 2021 · 1 comment

Comments

@patricktg
Copy link

patricktg commented Oct 5, 2021
edited

This last worked in July with no updates to python/certbot/s3front. I was able to manually use cli aws iam to upload the cert, then I logged into cloudfront and choose the new cert since I was nearing expiry.
I get an erroneous invalid credentials message, but my account with Let’s Encrypt and AWS work fine and then generated cert fails to upload to aws:iam, update aws:cloudfront.
I saw in logs s3front successfully updated well known hosts and acme then issued cert, I see cert on local certbot file system. Then in logs I see the install portion of s3front try to make a call to a non-routable 169.254 IP, then do a post with new certificate and then fails saying no credentials.
The two AWS variables are set and did work from the script to place file on s3 for LE to issue the cert. I then used AWS cli, with same credentials, to manually upload the cert to IAM.

2021-10-04 17:54:13,722:DEBUG:botocore.utils:Caught retryable HTTP exception while making metadata service request to http://169.254.169.254/latest/api/token: Connect timeout on endpoint URL: "http://169.254.169.254/latest/api/token"
Traceback (most recent call last):
File "/usr/local/Cellar/certbot/1.19.0/libexec/lib/python3.9/site-packages/urllib3/connection.py", line 169, in _new_conn
conn = connection.create_connection(
File "/usr/local/Cellar/certbot/1.19.0/libexec/lib/python3.9/site-packages/urllib3/util/connection.py", line 96, in create_connection
raise err
File "/usr/local/Cellar/certbot/1.19.0/libexec/lib/python3.9/site-packages/urllib3/util/connection.py", line 86, in create_connection
sock.connect(sa)
socket.timeout: timed out

17:54:14,948:DEBUG:botocore.endpoint:Making request for OperationModel(name=UploadServerCertificate) with params: {'url_path': '/', 'query_string': '', 'method': 'POST', 'headers': {'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8', 'User-Agent': 'Boto3/1.17.112 Python/3.9.7 Darwin/19.6.0 Botocore/1.20.112'}, 'body': {'Action': 'UploadServerCertificate', 'Version': '2010-05-08', 'Path': '/cloudfront/letsencrypt/', 'ServerCertificateName': 'le-diff name.net-#######', 'CertificateBody': '-----BEGIN CERTIFICATE-----\nMIIFNjCCBB6gAwIBAgISBOibeQhpG98ietpgQc1UlOFfMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTEw

2021-10-04 17:54:14,949:ERROR:certbot._internal.renewal:Failed to renew certificate nameremoved.net with error: Unable to locate credentials
2021-10-04 17:54:14,963:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/local/Cellar/certbot/1.19.0/libexec/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 475, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
@patricktg
Copy link
Author

By the way, it appears to be working again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@patricktg