Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

not getting any certificates #5

Closed
raarts opened this issue Feb 2, 2017 · 5 comments
Closed

not getting any certificates #5

raarts opened this issue Feb 2, 2017 · 5 comments

Comments

@raarts
Copy link

raarts commented Feb 2, 2017

Hi,

I am having trouble getting my certificates. Here's the (lightly edited for privacy) logfile:

| Starting Docker Flow: Let's Encrypt
| Docker Flow: Let's Encrypt started
| We will use ron.arts@mydomain.com for certificate registration with certbot. This e-mail is used by Let's Encrypt when you lose the account and want to get it back.
|
| Use certbot --standalone --non-interactive --cert-name mydomain.com --expand --keep-until-expiring --agree-tos --preferred-challenges http-01 --rsa-key-size 4096 --redirect --hsts --staple-ocsp   -d mydomain.com -d odoo.ams.tc.mydomain.com -d backend.ams.tc.mydomain.com -d viz.ams.tc.mydomain.comUpgrading certbot-auto 0.10.1 to 0.11.1...
| Replacing certbot-auto...
| Creating virtual environment...
| Installing Python packages...
| Installation succeeded.
| Saving debug log to /var/log/letsencrypt/letsencrypt.log


| No certificate found with name mydomain.com (expected /etc/letsencrypt/renewal/mydomain.com.conf).
| IMPORTANT NOTES:
|  - If you lose your account credentials, you can recover through
|    e-mails sent to ron.arts@mydomain.com.
|  - Your account credentials have been saved in your Certbot
|    configuration directory at /etc/letsencrypt. You should make a
|    secure backup of this folder now. This configuration directory will
|    also contain certificates and private keys obtained by Certbot so
|    making regular backups of this folder is ideal.
| Hello! renewAndSendToProxy runs. Today is Thu Feb  2 20:37:54 UTC 2017
| Saving debug log to /var/log/letsencrypt/letsencrypt.log
|
| No renewals were attempted.
| Docker Flow: Proxy DNS-Name: proxy
| /root/renewAndSendToProxy.sh: line 17: cd: /etc/letsencrypt/live/*/: No such file or directory
| current folder name is:
| concat certificates for
| cat: cert.pem: No such file or directory
| cat: chain.pem: No such file or directory
| cat: privkey.pem: No such file or directory
| generated .combined.pem
| transmit .combined.pem to proxy
|   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
|                                  Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (6) Could not resolve host: proxy
| proxy received .combined.pem
| /etc/letsencrypt will be backed up as backup-date-time.tar.gz. It's important to know that some files are symbolic links (inside this backup) and they need to be untared correctly.
| Backup created, if you like download the /etc/letsencrypt/backup folder and store it on a safe place!
|
| Thanks for using Docker Flow: Let's Encrypt and have a nice day!
|
| Starting supervisord (which starts and monitors cron)
| /usr/lib/python2.7/dist-packages/supervisor/options.py:297: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
|   'Supervisord is running as root and it is searching '
| 2017-02-02 20:37:59,945 CRIT Supervisor running as root (no user in config file)
| 2017-02-02 20:37:59,946 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
| 2017-02-02 20:37:59,976 INFO RPC interface 'supervisor' initialized
| 2017-02-02 20:37:59,977 CRIT Server 'unix_http_server' running without any HTTP authentication checking
| 2017-02-02 20:37:59,978 INFO supervisord started with pid 252
| 2017-02-02 20:38:00,983 INFO spawned: 'cron' with pid 255
| 2017-02-02 20:38:01,986 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

I use docker deploy with the following config:

  df-letsencrypt:
    image: hamburml/docker-flow-letsencrypt:latest
    volumes:
      - ledata:/etc/letsencrypt
    networks:
      - proxy
    environment:
      - DOMAIN_1=('mydomain.com' 'odoo.ams.tc.mydomain.com' 'backend.ams.tc.mydomain.com' 'viz.ams.tc.mydomain.com')
      - DOMAIN_COUNT=1
      - CERTBOT_EMAIL=ron.arts@mydomain.com
      - PROXY_ADDRESS=df-swarm-proxy
      - CERTBOT_CRON_RENEW=('0 3 * * *' '0 15 * * *')
    deploy:
      labels:
        - com.df.notify=true
        - com.df.distribute=true
        - com.df.servicePath=/.well-known/acme-challenge
        - com.df.port=80
      placement:
        constraints:
          - node.labels.env == prod
          - node.labels.letsencrypt == yes

volumes:
  ledata:
    driver: local-persist
    driver_opts:
      mountpoint: /data/letsencrypt

From the log it seems like it assumes the name to be proxy even though I specified a different name. Subdirectories are created in my host mounted directory.
The debug log output does not show any errors:

2017-02-02 20:37:59,378:DEBUG:certbot.main:Root logging level set at 20
2017-02-02 20:37:59,382:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-02-02 20:37:59,385:DEBUG:certbot.main:certbot version: 0.11.1
2017-02-02 20:37:59,385:DEBUG:certbot.main:Arguments: []
2017-02-02 20:37:59,388:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#nginx,PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#webroot,PluginEntryPoint#apache,PluginEntryPoint#null)
2017-02-02 20:37:59,390:DEBUG:certbot.renewal:no renewal failures
@hamburml
Copy link
Owner

hamburml commented Feb 2, 2017

Hi!

Thanks for the issue.

Looks like there are two problems:

  1. Certbot-auto does auto update when a new version is published. I also had the same problem some minutes ago and found out that the behaviour changed. Currently there exists a testing branch which should resolve this issue (and disables the auto update behaviour...). But I need to make sure that everything works like it should.

  2. I am so sorry! You are right, I named the environment variable PROXY_INSTANCE_NAME not PROXY_ADDRESS.

@hamburml
Copy link
Owner

hamburml commented Feb 3, 2017

Done in v0.1.1

Could you please test and give feedback? (You need to wait sometime, looks like docker cloud is extremely slow right now...)

Thanks!

@raarts
Copy link
Author

raarts commented Feb 8, 2017

Very sorry, I was in a hurry and decided to switch to Traefik.

@raarts raarts closed this as completed Feb 8, 2017
@hamburml
Copy link
Owner

hamburml commented Feb 8, 2017

@raarts I tried traefik myself and unfortunately load balancing is broken (there is an issue open). It uses the vip of the service (which is correct) but most of the time it forwards to the same container. This was the reason why I switched to DF-Proxy.

@raarts
Copy link
Author

raarts commented Feb 8, 2017

Thanks for the heads-up! I'll keep it in mind.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants