Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Let's Encrypt compatibility with python3 #1057

Merged
merged 2 commits into from
Jan 7, 2019
Merged

Let's Encrypt compatibility with python3 #1057

merged 2 commits into from
Jan 7, 2019

Conversation

ouun
Copy link
Contributor

@ouun ouun commented Jan 4, 2019

The python script is not executable with Trellis >1.0.0 and Ptyhon >3. As I'm not familiar with python, this urgently needs some more tests but fixed it for me.
Please see: https://discourse.roots.io/t/task-letsencrypt-generate-the-certificates-usr-bin-env-python-no-such-file-or-directory/14493

@ouun
Let's Encrypt compatibility with python3
51ffe11 
The python script is not executable with Trellis >1.0.0 and Ptyhon >3. As I'm not familiar with python, this urgently needs some more tests but fixed it for me.
Please see: https://discourse.roots.io/t/task-letsencrypt-generate-the-certificates-usr-bin-env-python-no-such-file-or-directory/14493
@swalkinshaw
Copy link
Member

swalkinshaw commented Jan 5, 2019
edited
Loading

Sorry we missed this... not very good on my part 😔

This all looks good although it does assume the python3 binary which may not exist on Ubuntu 16.04 installs. It would be nice to figure out a dynamic way of referring to the version. I'm looking into this now.

ouun
ouun commented Jan 5, 2019
View reviewed changes
Copy link
Contributor Author

@ouun ouun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @swalkinshaw,

I'm absoluteley not sure about compatibility with python2 and as mentioned before I'm not into Python. However I hope that my findings can help.

roles/letsencrypt/templates/renew-certs.py Show resolved Hide resolved
roles/letsencrypt/templates/renew-certs.py Show resolved Hide resolved
roles/letsencrypt/templates/renew-certs.py Outdated Show resolved Hide resolved
@ouun
Python3 compatibility: define strings
55a193a 
Define strings ' ' via b' '
@swalkinshaw swalkinshaw merged commit 899455e into roots:master Jan 7, 2019
@swalkinshaw
Copy link
Member

Thank you 🎉

@ouun ouun deleted the patch-1 branch January 7, 2019 15:20
@ouun
Copy link
Contributor Author

ouun commented Jan 7, 2019

No, thank you!

@swalkinshaw
Copy link
Member

@ouun looking at this again (and testing it), I ran into an error. Is this currently working for you?

bundled_file.write(b''.join(b[cert, intermediate_cert]))
NameError: name 'b' is not defined

This makes sense since b only works for a string literal, not with an array. Got a new PR up: #1059

@ouun
Copy link
Contributor Author

ouun commented Jan 8, 2019

@swalkinshaw I'm not sure whether the following issue is related to the changes we did but I received the following error and didn't noticed that nginx is not running:

nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2019-01-08 16:31:24 UTC; 2min 4s ago
     Docs: man:nginx(8)
  Process: 4398 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
  Process: 30426 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS)
  Process: 29348 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 6250 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
 Main PID: 29352 (code=exited, status=0/SUCCESS)

Jan 08 16:31:24 stag1-www-ouun systemd[1]: Starting A high performance web server and a reverse proxy server...
Jan 08 16:31:24 stag1-www-ouun nginx[6250]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl/letsencrypt/dev.ouun.io.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
Jan 08 16:31:24 stag1-www-ouun nginx[6250]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jan 08 16:31:24 stag1-www-ouun systemd[1]: nginx.service: Control process exited, code=exited status=1
Jan 08 16:31:24 stag1-www-ouun systemd[1]: nginx.service: Failed with result 'exit-code'.
Jan 08 16:31:24 stag1-www-ouun systemd[1]: Failed to start A high performance web server and a reverse proxy server.

-- Unit nginx.service has begun starting up.
Jan 08 16:25:42 stag1-www-ouun nginx[4735]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl/letsencrypt/dev.ouun.io.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
Jan 08 16:25:42 stag1-www-ouun nginx[4735]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jan 08 16:25:42 stag1-www-ouun systemd[1]: nginx.service: Control process exited, code=exited status=1
Jan 08 16:25:42 stag1-www-ouun systemd[1]: nginx.service: Failed with result 'exit-code'.
Jan 08 16:25:42 stag1-www-ouun systemd[1]: Failed to start A high performance web server and a reverse proxy server.
-- Subject: Unit nginx.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- Unit nginx.service has failed.
--
-- The result is RESULT.
Jan 08 16:25:47 stag1-www-ouun sshd[4757]: Unable to negotiate with 218.92.1.153 port 23962: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

There was a mismatch (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) and I am wondering if that could be related to my suggested changes.

I'm very sorry that I'm coming up with so many issues, but they seem to be related somehow.

Bests

retlehs added a commit that referenced this pull request Jan 8, 2019
@retlehs
Revert "Let's Encrypt compatibility with python3 (#1057)"
51e8f74 
This reverts commit 899455e.
retlehs added a commit that referenced this pull request Jan 8, 2019
@retlehs
Merge pull request #1060 from roots/revert-lets-encrypt-updates
3f50279 
Revert #1059 and #1057
@swalkinshaw
Copy link
Member

@ouun no problem at all. It's our fault anyway so thanks for reporting these bugs.

This looks to be the same issue as in https://discourse.roots.io/t/successful-remote-provision-and-deploy-all-i-see-is-nginx-welcome-screen/14536/

I think it's best if we move discussion there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@swalkinshaw swalkinshaw swalkinshaw left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ouun @swalkinshaw