dnsrobocert
dnsrobocert copied to clipboard
hooks.py: Renewal fail due to deploy-hook exception nonetype object
Used to work perfectly, until the last time I patched the container. Might have been flawed 6 months ago.
profiles:
- name: godaddy_profile
provider: godaddy
provider_options:
auth_key: yestthishasmycorrectkey
auth_secret: yeahthishasmysecret
...
- domains:
- timmer.ninja
- "*.timmer.ninja"
profile: godaddy_profile
2022-05-29 01:10:17 0396078a51ef dnsrobocert.core.utils[1] INFO Launching command: /usr/local/bin/python3 -m dnsrobocert.core.certbot certonly -n --user-agent-comment DNSroboCert/3.20.1 --preferred-chain "ISRG Root X1" --config-dir /etc/letsencrypt --work-dir /etc/letsencrypt/workdir --logs-dir /etc/letsencrypt/logs --manual --preferred-challenges=dns --manual-auth-hook "/usr/local/bin/python3 -m dnsrobocert.core.hooks -t auth -c \"/tmp/tmprvcqfqw2/dnsrobocert-runtime.yml\" -l \"timmer.ninja\"" --manual-cleanup-hook "/usr/local/bin/python3 -m dnsrobocert.core.hooks -t cleanup -c \"/tmp/tmprvcqfqw2/dnsrobocert-runtime.yml\" -l \"timmer.ninja\"" --expand --deploy-hook "/usr/local/bin/python3 -m dnsrobocert.core.hooks -t deploy -c \"/tmp/tmprvcqfqw2/dnsrobocert-runtime.yml\" -l \"timmer.ninja\"" --server https://acme-v02.api.letsencrypt.org/directory --cert-name timmer.ninja --key-type rsa -d timmer.ninja -d *.timmer.ninja
Saving debug log to /etc/letsencrypt/logs/letsencrypt.log
Requesting a certificate for timmer.ninja and *.timmer.ninja
Hook 'deploy-hook' reported error code 1
Hook 'deploy-hook' ran with error output:
Error while executing the `deploy` hook:
'NoneType' object has no attribute 'get'
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/dnsrobocert/core/hooks.py", line 40, in main
globals()[parsed_args.type](dnsrobocert_config, parsed_args.lineage)
File "/usr/local/lib/python3.9/site-packages/dnsrobocert/core/hooks.py", line 131, in deploy
_pfx_export(certificate, lineage_path)
File "/usr/local/lib/python3.9/site-packages/dnsrobocert/core/hooks.py", line 141, in _pfx_export
pfx = certificate.get("pfx", {})
AttributeError: 'NoneType' object has no attribute 'get'
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/timmer.ninja-0001/fullchain.pem
Key is saved at: /etc/letsencrypt/live/timmer.ninja-0001/privkey.pem
This certificate expires on 2022-08-26.
These files will be updated when the certificate renews.
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
It in fact does not replace the certificate. In the meantime, I've been blocked for a week (too many tries without setting staging to true, my bad).
When I use staging
Certbot has been configured to prefer certificate chains with issuer 'ISRG Root X1', but no chain from the CA matched this issuer. Using the default certificate chain instead.
Hook 'deploy-hook' reported error code 1
Hook 'deploy-hook' ran with error output:
Error while executing the `deploy` hook:
'NoneType' object has no attribute 'get'
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/dnsrobocert/core/hooks.py", line 40, in main
globals()[parsed_args.type](dnsrobocert_config, parsed_args.lineage)
File "/usr/local/lib/python3.9/site-packages/dnsrobocert/core/hooks.py", line 131, in deploy
_pfx_export(certificate, lineage_path)
File "/usr/local/lib/python3.9/site-packages/dnsrobocert/core/hooks.py", line 141, in _pfx_export
pfx = certificate.get("pfx", {})
AttributeError: 'NoneType' object has no attribute 'get'
and grep -Ei 'ISRG Root' /etc/ssl/certs/ca-certificates.crt
returns nothing.
Would it be possible to catch this error so I can see what is actually going on?
Very sorry for the inconvenience. I will check that tonight.
Hi & thx for having a look. Any direction in which I can investigate myself? Btw, I've seen this error logged very rarely, a year ago.
Am I on my own? :-)
Can you still reproduce that issue, or does it happen only occasionally? If it's reproducible every time, I can help you figure out how to test changes using git bisect
so we would find the specific commit after which the issue started happening, and then it would be relatively easy to fix.
I'm in the process of moving to traefik. Yes, it was a blocking issue.