acmesh-official
upgrades in dockerized acme.sh not working
Steps to reproduce
I am running the dockerized version of acme.sh with a cron entry like recommended in https://github.com/acmesh-official/acme.sh/wiki/Run-acme.sh-in-docker:
/usr/bin/docker run --rm -i -v /home/xxx/.acme.sh:/acme.sh --net=host neilpang/acme.sh --cron 2>&1 | /usr/local/bin/mailx -s Letsencrypt ...
obviously when there is a new version I get a report like:
[Wed Sep 18 20:00:01 UTC 2024] ===Starting cron===
[Wed Sep 18 20:00:02 UTC 2024] Installing from online archive.
[Wed Sep 18 20:00:02 UTC 2024] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Wed Sep 18 20:00:02 UTC 2024] Extracting master.tar.gz
[Wed Sep 18 20:00:02 UTC 2024] Using config home: /acme.sh
[Wed Sep 18 20:00:02 UTC 2024] Installing to /root/.acme.sh
[Wed Sep 18 20:00:02 UTC 2024] Installed to /root/.acme.sh/acme.sh
[Wed Sep 18 20:00:02 UTC 2024] OK
[Wed Sep 18 20:00:02 UTC 2024] Install success!
[Wed Sep 18 20:00:02 UTC 2024] Upgrade success!
[Wed Sep 18 20:00:02 UTC 2024] Auto upgraded to: 3.0.9
[Wed Sep 18 20:00:02 UTC 2024] Renewing: 'xxxx
[Wed Sep 18 20:00:02 UTC 2024] Renewing using Le_API=https://acme-v02.api.letsencrypt.org/directory
[Wed Sep 18 20:00:02 UTC 2024] Skipping. Next renewal time is: 2024-10-12T20:01:01Z
[Wed Sep 18 20:00:02 UTC 2024] Add '--force' to force renewal.
[Wed Sep 18 20:00:02 UTC 2024] Skipped xxxxx
[Wed Sep 18 20:00:02 UTC 2024] ===End cron===
This obviously updates the acme.sh code within the active container. However it is useless as the container is started with --rm and it breaks the container concept.
So the next day I get again the old version:
[Thu Sep 19 20:00:01 UTC 2024] ===Starting cron===
[Thu Sep 19 20:00:02 UTC 2024] Already uptodate!
[Thu Sep 19 20:00:02 UTC 2024] Upgrade success!
[Thu Sep 19 20:00:02 UTC 2024] Auto upgraded to: 3.0.8
...
While I wonder what the "upgrade success tells me, the real upgrade procedure should pull the new docker image.
Of course the container content can be updated every day, but this is a waste of traffic and it obviously does not work.
Debug log
after deleting the latest image (here 3.09) and retagging the old one (here 3.08) as "latest", I get
sysadmin@sonne:~$ docker run --rm -i -v /home/sysadmin/.acme.sh:/acme.sh --net=host neilpang/acme.sh --cron --debug 2
[Wed Sep 25 10:28:26 UTC 2024] Lets find script dir.
[Wed Sep 25 10:28:26 UTC 2024] _SCRIPT_='/root/.acme.sh/acme.sh'
[Wed Sep 25 10:28:26 UTC 2024] _script='/root/.acme.sh/acme.sh'
[Wed Sep 25 10:28:26 UTC 2024] _script_home='/root/.acme.sh'
[Wed Sep 25 10:28:26 UTC 2024] Using default home:/root/.acme.sh
[Wed Sep 25 10:28:26 UTC 2024] Using config home:/acme.sh
[Wed Sep 25 10:28:26 UTC 2024] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Wed Sep 25 10:28:26 UTC 2024] Running cmd: cron
[Wed Sep 25 10:28:26 UTC 2024] Using config home:/acme.sh
[Wed Sep 25 10:28:26 UTC 2024] default_acme_server
[Wed Sep 25 10:28:26 UTC 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Wed Sep 25 10:28:26 UTC 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Wed Sep 25 10:28:26 UTC 2024] _ACME_SERVER_PATH='v2/DV90'
[Wed Sep 25 10:28:26 UTC 2024] ===Starting cron===
[Wed Sep 25 10:28:26 UTC 2024] Using config home:/acme.sh
[Wed Sep 25 10:28:26 UTC 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Wed Sep 25 10:28:26 UTC 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Wed Sep 25 10:28:26 UTC 2024] _ACME_SERVER_PATH='v2/DV90'
[Wed Sep 25 10:28:26 UTC 2024] GET
[Wed Sep 25 10:28:26 UTC 2024] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
[Wed Sep 25 10:28:26 UTC 2024] timeout=
[Wed Sep 25 10:28:26 UTC 2024] _CURL='curl --silent --dump-header /acme.sh/http.header -L --trace-ascii /tmp/tmp.ymMV1yBx3h -g '
[Wed Sep 25 10:28:26 UTC 2024] ret='0'
[Wed Sep 25 10:28:26 UTC 2024] Already uptodate!
[Wed Sep 25 10:28:26 UTC 2024] Upgrade success!
[Wed Sep 25 10:28:26 UTC 2024] Using config home:/acme.sh
[Wed Sep 25 10:28:26 UTC 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Wed Sep 25 10:28:26 UTC 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Wed Sep 25 10:28:26 UTC 2024] _ACME_SERVER_PATH='v2/DV90'
[Wed Sep 25 10:28:26 UTC 2024] Auto upgraded to: 3.0.8
[Wed Sep 25 10:28:26 UTC 2024] Using config home:/acme.sh
[Wed Sep 25 10:28:26 UTC 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Wed Sep 25 10:28:26 UTC 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Wed Sep 25 10:28:26 UTC 2024] _ACME_SERVER_PATH='v2/DV90'
[Wed Sep 25 10:28:26 UTC 2024] _stopRenewOnError
[Wed Sep 25 10:28:26 UTC 2024] _server
[Wed Sep 25 10:28:26 UTC 2024] _set_level='2'
[Wed Sep 25 10:28:26 UTC 2024] di='/acme.sh/xxx/'
[Wed Sep 25 10:28:26 UTC 2024] d='xxx'
[Wed Sep 25 10:28:26 UTC 2024] _renewServer
[Wed Sep 25 10:28:26 UTC 2024] Using config home:/acme.sh
[Wed Sep 25 10:28:26 UTC 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Wed Sep 25 10:28:26 UTC 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Wed Sep 25 10:28:26 UTC 2024] _ACME_SERVER_PATH='v2/DV90'
[Wed Sep 25 10:28:26 UTC 2024] DOMAIN_PATH='/acme.sh/xxx'
[Wed Sep 25 10:28:26 UTC 2024] Renew: 'xxx'
[Wed Sep 25 10:28:26 UTC 2024] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Wed Sep 25 10:28:26 UTC 2024] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory
[Wed Sep 25 10:28:26 UTC 2024] initpath again.
[Wed Sep 25 10:28:26 UTC 2024] Using config home:/acme.sh
[Wed Sep 25 10:28:26 UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed Sep 25 10:28:26 UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Wed Sep 25 10:28:26 UTC 2024] _ACME_SERVER_PATH='directory'
[Wed Sep 25 10:28:26 UTC 2024] Skip, Next renewal time is: 2024-10-12T20:01:01Z
[Wed Sep 25 10:28:26 UTC 2024] Add '--force' to force to renew.
[Wed Sep 25 10:28:26 UTC 2024] Return code: 2
[Wed Sep 25 10:28:26 UTC 2024] Skipped xxx
[Wed Sep 25 10:28:26 UTC 2024] _error_level='3'
[Wed Sep 25 10:28:26 UTC 2024] _set_level='2'
[Wed Sep 25 10:28:26 UTC 2024] ===End cron===
Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
What a stupid bot comment! First I did provide the debug output Second the claim is that the usual upgrade is meaningless in the dockerized approach
In my view:
- when running with --cron in dockerized version, no upgrades should be downloaded
- upgrade checks should be done before starting the container, like inserting a
docker pull neilpang/acme.sh
don't use the latest tag, it always tries to upgrade.
please use a specified version instead:
docker pull neilpang/acme.sh:3.0.9
The specific tag version should always keep the version not upgraded.
@tpf4oc,
Why don't you just use Watchtower? So I have never had any problems updating and am always on the latest version. Watchtower has been reliably updating my containers for years. In the case of a container update, the container and the image must be replaced. A task in the container will not work in the long term.
@nillebor This is the way to go to always use the latest image. Thus there would not be any update available to download from the script
@neilpang I think we are talking on different levels. To me it appears, that the script (as part of the image) always checks github for new software ("===Starting cron=== \ Installing from online archive.\ Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz"). It is not docker looking for a new image as lonhg as there is an image locally available and no pull is issued. In my view the script in the docker image should never downlöoad new software or at least there should be an option to avoid it. So pinning the image version should not make a change - but I will try, watch and keep you posted
@nillebor This is the way to go to always use the latest image. Thus there would not be any update available to download from the script
That's right. Your Thread is: upgrades in dockerized acme.sh not working and you wrote I am running the dockerized version of acme.sh. The lattest Image is from yesterday https://hub.docker.com/r/neilpang/acme.sh. all scripts are up-to-date in it.
Please use the latest (stable) version or the dev version to get the current code. Version 3.0.9 has not been updated for 3 weeks.