docker-flow-proxy-letsencrypt
docker-flow-proxy-letsencrypt copied to clipboard
Published
20 hours ago •
n1b0r
n1b0r
LetsEncrypt asks to choose an account
Greetings,
I am facing an issue with dfple second time with not yet known reasons. I have following log related to this:
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | 2018-02-06 20:13:41,145;INFO;request for service: brux-portainer_brux-portainer
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | 2018-02-06 20:13:41,146;INFO;letsencrypt support enabled.
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | 2018-02-06 20:13:41,147;INFO;Letsencrypt support enabled, processing request: domains=velin.app.brux.space [email protected] testing=None
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | 2018-02-06 20:13:41,148;DEBUG;Generating certificates domains:[u'my.domain.com'] email:[email protected] testing:None
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | 2018-02-06 20:13:41,148;DEBUG;executing cmd : ['certbot', 'certonly', '--agree-tos', '--domains', 'my.domain.com', '--email', '[email protected]', '--expand', '--noninteractive', '--webroot', '--webroot-path', '/opt/www', '--debug']
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | 2018-02-06 20:13:41,844;DEBUG;o:
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | 2018-02-06 20:13:41,844;DEBUG;Saving debug log to /var/log/letsencrypt/letsencrypt.log
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | Traceback (most recent call last):
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | File "/usr/local/bin/certbot", line 11, in <module>
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | load_entry_point('certbot', 'console_scripts', 'certbot')()
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | File "/opt/certbot/src/certbot/main.py", line 896, in main
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | return config.func(config, plugins)
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | File "/opt/certbot/src/certbot/main.py", line 676, in certonly
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | le_client = _init_le_client(config, auth, installer)
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | File "/opt/certbot/src/certbot/main.py", line 392, in _init_le_client
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | acc, acme = _determine_account(config)
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | File "/opt/certbot/src/certbot/main.py", line 357, in _determine_account
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | acc = display_ops.choose_account(accounts)
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | File "/opt/certbot/src/certbot/display/ops.py", line 83, in choose_account
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | "Please choose an account", labels, force_interactive=True)
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | File "/opt/certbot/src/certbot/display/util.py", line 480, in menu
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | self._interaction_fail(message, cli_flag, "Choices: " + repr(choices))
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | File "/opt/certbot/src/certbot/display/util.py", line 442, in _interaction_fail
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | raise errors.MissingCommandlineFlag(msg)
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | MissingCommandlineFlag: Missing command line flag or config entry for this setting:
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | Please choose an account
brux-single-edge-proxy_brux-edge-proxy-letsencrypt.1.wjg0jjuqei8k@controller-1 | Choices: ['647cdb2b9796@2018-02-06T19:45:34Z (5b72)', '647cdb2b9796@2018-02-06T19:45:33Z (cc7c)', '647cdb2b9796@2018-02-06T19:45:34Z (ad3d)', '647cdb2b9796@2018-02-06T19:45:33Z (495b)', '647cdb2b9796@2018-02-06T19:45:33Z (67ec)']
I have tried to run certbot command manually and indeed it asks for an account:
certbot certonly --agree-tos --domains my.domain.com --email [email protected] --expand --webroot --webroot-path /opt/www --debug
This error repeats constantly every couple of seconds. The first successful workaround was to shut down the edge proxy for maybe a day, remove volume with certificates and start again. I thought it is just some temporal state or change in API. But it happend today again. What I see as a similarity I have redeployed a docker stack several times and therefore I think that dfple generated too many requests since it started failing because of that repetition.
Do you have an idea what is the root cause and how to solve it?
Thank you.
sure ...
I have added
- RETRY=5
- RETRY_INTERVAL=30
but did not run it with it yet... that is just a plan for second workaround...
Never seen this before. Could you show me the content of the letsencrypt certificates volume (using tree) ?
/var/lib/docker/volumes/brux-single-edge-proxy_brux-edge-proxy-letsencrypt-certs/_data
├── accounts
│ └── acme-v01.api.letsencrypt.org
│ └── directory
│ ├── 4b686d3ea8f84272f5a831f8599cc818
│ │ ├── meta.json
│ │ ├── private_key.json
│ │ └── regr.json
│ ├── 5d66ef0ea7c5d0f598c821c529be9757
│ │ ├── meta.json
│ │ ├── private_key.json
│ │ └── regr.json
│ ├── 64d5692806cb5c69b79603e5efe906be
│ │ ├── meta.json
│ │ ├── private_key.json
│ │ └── regr.json
│ ├── 7ee1b108eabb6c9b65cf0fd81e671e5e
│ │ ├── meta.json
│ │ ├── private_key.json
│ │ └── regr.json
│ └── 944b7a64c7ba1d9d978ef50db3c91fc3
│ ├── meta.json
│ ├── private_key.json
│ └── regr.json
└── renewal