certbot mcron job fails

  • Open
  • quality assurance status badge
Details
3 participants
  • Ludovic Courtès
  • Maxim Cournoyer
  • Bruno Victal
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
normal
Merged with
L
L
Ludovic Courtès wrote on 21 Jul 2022 10:25
(address . bug-guix@gnu.org)
878romoos7.fsf@inria.fr
Hello,

‘certbot-service-type’ defines an mcron job that invokes ‘certbot’ with
a fairly long list of arguments. However, that command line appears
to be incorrect, or at least it is on bayfront.guix where I tested it:

Toggle snippet (24 lines)
ludo@bayfront ~/src/maintenance/hydra$ sudo herd schedule mcron 100|grep -B1 certbot
Thu Jul 21 12:51:00 2022 +0200
/gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
--
Fri Jul 22 00:45:00 2022 +0200
/gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
--
Fri Jul 22 12:36:00 2022 +0200
/gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
ludo@bayfront ~/src/maintenance/hydra$ ls -l /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
-r-xr-xr-x 1 root root 789 Jan 1 1970 /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
ludo@bayfront ~/src/maintenance/hydra$ sudo less /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
#!/gnu/store/cnfsv9ywaacyafkqdqsv2ry8f01yr7a9-guile-3.0.7/bin/guile --no-auto-compile
!#
(begin (use-modules (ice-9 match)) (let ((code 0)) (for-each (match-lambda ((name . command) (begin (format #t "Acquiring or renewing certificate: ~a~%" name) (set! code (or (apply system* command) code))))) (quote (("bayfront.guix.gnu.org" "/gnu/store/y2n10m4qkyb6vgx980c6jkjd132ln8xx-certbot-1.18.0/bin/certbot" "certonly" "-n" "--agree-tos" "--webroot" "-w" "/var/www" "--cert-name" "bayfront.guix.gnu.org" "-d" "bayfront.guix.gnu.org,bordeaux.guix.gnu.org,logs.guix.gnu.org,bayfront.guix.info,hpc.guix.info,guix-hpc.bordeaux.inria.fr,coordinator.bayfront.guix.gnu.org" "--email" "ludovic.courtes@inria.fr" "--deploy-hook" "/gnu/store/1wj7gy7n8r0nfx2i79afpr7n7xyhyzjx-nginx-deploy-hook")))) code))
ludo@bayfront ~/src/maintenance/hydra$ sudo su -c /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
Acquiring or renewing certificate: bayfront.guix.gnu.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Missing command line flag or config entry for this setting:
Please choose an account
Choices: ['guix-hpc.bordeaux.inria.fr@2017-09-04T08:51:13Z (48c5)', 'localhost@2016-12-03T21:08:38Z (00bc)']
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

What should we do about “Please choose an account”?

Thanks,
Ludo’.
M
M
Maxim Cournoyer wrote on 28 Mar 2023 23:23
(name . Ludovic Courtès)(address . ludovic.courtes@inria.fr)(address . 56678@debbugs.gnu.org)
877cv08tad.fsf@gmail.com
Hi Ludo,

Ludovic Courtès <ludovic.courtes@inria.fr> writes:

Toggle quote (31 lines)
> Hello,
>
> ‘certbot-service-type’ defines an mcron job that invokes ‘certbot’ with
> a fairly long list of arguments. However, that command line appears
> to be incorrect, or at least it is on bayfront.guix where I tested it:
>
> ludo@bayfront ~/src/maintenance/hydra$ sudo herd schedule mcron 100|grep -B1 certbot
> Thu Jul 21 12:51:00 2022 +0200
> /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> --
> Fri Jul 22 00:45:00 2022 +0200
> /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> --
> Fri Jul 22 12:36:00 2022 +0200
> /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> ludo@bayfront ~/src/maintenance/hydra$ ls -l /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> -r-xr-xr-x 1 root root 789 Jan 1 1970 /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> ludo@bayfront ~/src/maintenance/hydra$ sudo less /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> #!/gnu/store/cnfsv9ywaacyafkqdqsv2ry8f01yr7a9-guile-3.0.7/bin/guile --no-auto-compile
> !#
> (begin (use-modules (ice-9 match)) (let ((code 0)) (for-each (match-lambda ((name . command) (begin (format #t "Acquiring or renewing certificate: ~a~%" name) (set! code (or (apply system* command) code))))) (quote (("bayfront.guix.gnu.org" "/gnu/store/y2n10m4qkyb6vgx980c6jkjd132ln8xx-certbot-1.18.0/bin/certbot" "certonly" "-n" "--agree-tos" "--webroot" "-w" "/var/www" "--cert-name" "bayfront.guix.gnu.org" "-d" "bayfront.guix.gnu.org,bordeaux.guix.gnu.org,logs.guix.gnu.org,bayfront.guix.info,hpc.guix.info,guix-hpc.bordeaux.inria.fr,coordinator.bayfront.guix.gnu.org" "--email" "ludovic.courtes@inria.fr" "--deploy-hook" "/gnu/store/1wj7gy7n8r0nfx2i79afpr7n7xyhyzjx-nginx-deploy-hook")))) code))
> ludo@bayfront ~/src/maintenance/hydra$ sudo su -c /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> Acquiring or renewing certificate: bayfront.guix.gnu.org
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
> Missing command line flag or config entry for this setting:
> Please choose an account
> Choices: ['guix-hpc.bordeaux.inria.fr@2017-09-04T08:51:13Z (48c5)', 'localhost@2016-12-03T21:08:38Z (00bc)']
> Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
>
> What should we do about “Please choose an account”?

Apologies for not seeing this one before opening #62491 I guess they
are the same? If so, let's merge the reports.

--
Thanks,
Maxim
M
M
Maxim Cournoyer wrote on 29 Mar 2023 02:42
control message for bug #62491
(address . control@debbugs.gnu.org)
87355o75hc.fsf@gmail.com
merge 62491 56678
quit
L
L
Ludovic Courtès wrote on 29 Mar 2023 10:14
Re: bug#56678: certbot mcron job fails
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 56678@debbugs.gnu.org)
87edp8ht3g.fsf@inria.fr
Hello,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (5 lines)
>> What should we do about “Please choose an account”?
>
> Apologies for not seeing this one before opening #62491 I guess they
> are the same? If so, let's merge the reports.

Indeed, I had forgotten about that one, thanks!

Ludo’.
B
B
Bruno Victal wrote on 4 May 2023 18:45
(address . 56678@debbugs.gnu.org)
3dde112c-dc9d-50f1-8a29-7a912051d1b7@makinata.eu
Hi,

I've found out about step-ca https://github.com/smallstep/certificates which has a ACME server
implementation and could be used to write a self contained system test for certbot / ACME clients.

I didn't have much success packaging this for guix (it's written in go), perhaps someone more
acquainted with the go-build-system could look at this direction? Having automated tests for
certbot-service-type seems a worthwhile endeavor.


Cheers,
Bruno
L
L
Ludovic Courtès wrote on 5 May 2023 08:52
(name . Bruno Victal)(address . mirai@makinata.eu)
87o7mzp8x8.fsf@inria.fr
Hi Bruno,

Bruno Victal <mirai@makinata.eu> skribis:

Toggle quote (7 lines)
> I've found out about step-ca https://github.com/smallstep/certificates which has a ACME server
> implementation and could be used to write a self contained system test for certbot / ACME clients.
>
> I didn't have much success packaging this for guix (it's written in go), perhaps someone more
> acquainted with the go-build-system could look at this direction? Having automated tests for
> certbot-service-type seems a worthwhile endeavor.

Yes, that sounds like a good idea! We need a champion to tackle it…

Ludo’.
?