Certificate renewal broken on AWS Linux

[vpetersson]

It appears as the certificate renewal process is broken on AWS Linux:

[ec2-user@wott-aws-linux ~]$ sudo wott-agent  --debug
start in ping mode...

DASH_ENDPOINT: https://dash.wott.io
WOTT_ENDPOINT: https://api.wott.io
MTLS_ENDPOINT: https://mtls.wott.io
My WoTT ID is: 5406b41a74774e93b813a8e494e9b44a.d.wott.local
Generating certificate...
Starting new HTTPS connection (1): api.wott.io:443
https://api.wott.io:443 "GET /v0.2/ca-bundle HTTP/1.1" 200 None
[RECEIVED] Get CA Cert: 200
[RECEIVED] Get CA Cert: b'{"ca_bundle":"[snip]"}'
Submitting CSR...
Attempting to renew expired certificate...
Starting new HTTPS connection (1): api.wott.io:443
https://api.wott.io:443 "POST /v0.2/sign-expired-csr HTTP/1.1" 400 50
Failed to submit CSR...
 :: [RECEIVED] Renew expired Cert post: 400
 :: [RECEIVED] Renew expired Cert post: b'{"fallback_token":["This field may not be null."]}'
Unable to sign CSR. Exiting.

[rptrchv]

This is because of missing 'fallback_token' parameter in /opt/wott/config.ini. My guess, it could happened after manual file editing or having this file in inconsistent state due to some error happened before.
My manual check shows this feature works fine on Amazon Linux 2.

[vpetersson]

Yes, this was indeed a missing fallback_token in config.ini. After manually adding it, the renewal worked.

Turns out that this was likely caused by a bug during the earliest version of the AWS packaging. I did a fresh install and was unable to reproduce it. Closing out.