letsencrypt-gandi icon indicating copy to clipboard operation
letsencrypt-gandi copied to clipboard

Published 20 hours ago verified publisher icon Gandi

Certificate renewed, but not installed

Open jcharaoui opened this issue 7 years ago • 5 comments

For some time I have been having this problem. The cronjob I set up to renew the certificate is able to authentify and renew the certificate, but the new certificate doesn't get installed on the instance.

This is the command I use to renew (private bits changed): certbot certonly --quiet --text --non-interactive --keep --domains example.com --authenticator letsencrypt-gandi:gandi-shs --letsencrypt-gandi:gandi-shs-name example --letsencrypt-gandi:gandi-shs-vhost example.com --letsencrypt-gandi:gandi-shs-api-key abcdef123456 --installer letsencrypt-gandi:gandi-shs

jcharaoui avatar Jun 01 '17 01:06 jcharaoui

Hey @jcharaoui, I'm having the same issue, did you find a solution to this problem?

nikpap avatar Jun 19 '17 11:06 nikpap

Are you getting a 'permission denied' error output? If so...

Are you on Mac? I find that on the latest OS version (10.12/Sierra) I need to re-load my public key from Keychain for ssh to use after each reboot of my machine.

If you type the following to see if your key is available:

ssh-add -L (that's 'L' for list)

If it isn't available, you'll just see 'The agent has no identities'. To load/make available your key, you can type:

ssh-add -K to add your public key from the keychain. I guess the 'K' means keychain?

If you do ssh-add -L again you should see your key returned.

Then running your usual scripts will hopefully work ok.

Hope that helps, Paul.

paulstone avatar Jun 19 '17 11:06 paulstone

I basically followed the advice in https://github.com/Gandi/letsencrypt-gandi/issues/29 and it worked like a charm.

nikpap avatar Jun 19 '17 12:06 nikpap

@paulstone I'm on Linux. The SSH key setup is correct, because when I run the install certbot subcommand. the certificate gets deployed correctly. Here is a copy of the logs:

2017-08-13 04:24:51,988:DEBUG:certbot.main:Root logging level set at 30
2017-08-13 04:24:51,989:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-08-13 04:24:51,989:DEBUG:certbot.main:certbot version: 0.10.2
2017-08-13 04:24:51,989:DEBUG:certbot.main:Arguments: ['-q']
2017-08-13 04:24:51,990:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#standalone,PluginEntryPoint#letsencrypt-gandi:gandi-shs,PluginEntryPoint#manual,PluginEntryPoint#webroot,PluginEntryPoint#apache,PluginEntryPoint#null)
2017-08-13 04:24:52,004:INFO:certbot.renewal:Cert not yet due for renewal
2017-08-13 04:24:52,007:INFO:certbot.renewal:Cert not yet due for renewal
2017-08-13 04:24:52,010:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2017-08-30 00:25:00 UTC.
2017-08-13 04:24:52,010:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2017-08-13 04:24:52,011:DEBUG:certbot.plugins.selection:Requested authenticator letsencrypt-gandi:gandi-shs and installer letsencrypt-gandi:gandi-shs
2017-08-13 04:24:52,012:INFO:letsencrypt_gandi.shs:_api_key_from_args
2017-08-13 04:24:52,012:INFO:letsencrypt_gandi.shs:_api_key_from_env
2017-08-13 04:24:52,013:DEBUG:certbot.plugins.disco:Other error:(PluginEntryPoint#letsencrypt-gandi:gandi-shs): --letsencrypt-gandi:gandi-shs-name is a required parameter,please provide a valid simple hosting name
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/certbot/plugins/disco.py", line 114, in prepare
    self._initialized.prepare()
  File "/home/lavamind/letsencrypt-gandi/letsencrypt_gandi/shs.py", line 126, in prepare
    "name".format(self.option_name('name')))
PluginError: --letsencrypt-gandi:gandi-shs-name is a required parameter,please provide a valid simple hosting name
2017-08-13 04:24:52,015:DEBUG:certbot.plugins.selection:No candidate plugin
2017-08-13 04:24:52,015:DEBUG:certbot.plugins.selection:No candidate plugin
2017-08-13 04:24:52,015:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2017-08-13 04:24:52,015:INFO:certbot.main:Could not choose appropriate plugin: The letsencrypt-gandi:gandi-shs plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('--letsencrypt-gandi:gandi-shs-name is a required parameter,please provide a valid simple hosting name',)
2017-08-13 04:24:52,016:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/www.coopviauville.org.conf produced an unexpected error: The letsencrypt-gandi:gandi-shs plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('--letsencrypt-gandi:gandi-shs-name is a required parameter,please provide a valid simple hosting name',). Skipping.
2017-08-13 04:24:52,019:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/certbot/renewal.py", line 413, in handle_renewal_request
    main.obtain_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 617, in obtain_cert
    installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
  File "/usr/lib/python2.7/dist-packages/certbot/plugins/selection.py", line 197, in choose_configurator_plugins
    diagnose_configurator_problem("authenticator", req_auth, plugins)
  File "/usr/lib/python2.7/dist-packages/certbot/plugins/selection.py", line 272, in diagnose_configurator_problem
    raise errors.PluginSelectionError(msg)
PluginSelectionError: The letsencrypt-gandi:gandi-shs plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('--letsencrypt-gandi:gandi-shs-name is a required parameter,please provide a valid simple hosting name',)

2017-08-13 04:24:52,020:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 849, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 655, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python2.7/dist-packages/certbot/renewal.py", line 430, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

I'm wondering if the config file in /etc/letsencrypt/renew, which was created automatically for that doamin, is the cause of the problem. Since I have other certificates to renew, I need to run the basic renew command and it may be picking up incomplete configuration from that config file?

jcharaoui avatar Aug 15 '17 01:08 jcharaoui

#29 is right. I did fill the pull request #39 to change the documentation (renewal AND installation, which is expected).

bcien avatar Jan 02 '18 14:01 bcien