certbot mcron job fails

  • Open
  • quality assurance status badge
Details
3 participants
  • Ludovic Courtès
  • Maxim Cournoyer
  • Bruno Victal
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
normal
Merged with

Debbugs page

Ludovic Courtès wrote 3 years ago
(address . bug-guix@gnu.org)
878romoos7.fsf@inria.fr
Hello,

‘certbot-service-type’ defines an mcron job that invokes ‘certbot’ with
a fairly long list of arguments. However, that command line appears
to be incorrect, or at least it is on bayfront.guix where I tested it:

Toggle snippet (24 lines)
ludo@bayfront ~/src/maintenance/hydra$ sudo herd schedule mcron 100|grep -B1 certbot
Thu Jul 21 12:51:00 2022 +0200
/gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
--
Fri Jul 22 00:45:00 2022 +0200
/gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
--
Fri Jul 22 12:36:00 2022 +0200
/gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
ludo@bayfront ~/src/maintenance/hydra$ ls -l /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
-r-xr-xr-x 1 root root 789 Jan 1 1970 /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
ludo@bayfront ~/src/maintenance/hydra$ sudo less /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
#!/gnu/store/cnfsv9ywaacyafkqdqsv2ry8f01yr7a9-guile-3.0.7/bin/guile --no-auto-compile
!#
(begin (use-modules (ice-9 match)) (let ((code 0)) (for-each (match-lambda ((name . command) (begin (format #t "Acquiring or renewing certificate: ~a~%" name) (set! code (or (apply system* command) code))))) (quote (("bayfront.guix.gnu.org" "/gnu/store/y2n10m4qkyb6vgx980c6jkjd132ln8xx-certbot-1.18.0/bin/certbot" "certonly" "-n" "--agree-tos" "--webroot" "-w" "/var/www" "--cert-name" "bayfront.guix.gnu.org" "-d" "bayfront.guix.gnu.org,bordeaux.guix.gnu.org,logs.guix.gnu.org,bayfront.guix.info,hpc.guix.info,guix-hpc.bordeaux.inria.fr,coordinator.bayfront.guix.gnu.org" "--email" "ludovic.courtes@inria.fr" "--deploy-hook" "/gnu/store/1wj7gy7n8r0nfx2i79afpr7n7xyhyzjx-nginx-deploy-hook")))) code))
ludo@bayfront ~/src/maintenance/hydra$ sudo su -c /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
Acquiring or renewing certificate: bayfront.guix.gnu.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Missing command line flag or config entry for this setting:
Please choose an account
Choices: ['guix-hpc.bordeaux.inria.fr@2017-09-04T08:51:13Z (48c5)', 'localhost@2016-12-03T21:08:38Z (00bc)']
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

What should we do about “Please choose an account”?

Thanks,
Ludo’.
Maxim Cournoyer wrote 2 years ago
(name . Ludovic Courtès)(address . ludovic.courtes@inria.fr)(address . 56678@debbugs.gnu.org)
877cv08tad.fsf@gmail.com
Hi Ludo,

Ludovic Courtès <ludovic.courtes@inria.fr> writes:

Toggle quote (31 lines)
> Hello,
>
> ‘certbot-service-type’ defines an mcron job that invokes ‘certbot’ with
> a fairly long list of arguments. However, that command line appears
> to be incorrect, or at least it is on bayfront.guix where I tested it:
>
> ludo@bayfront ~/src/maintenance/hydra$ sudo herd schedule mcron 100|grep -B1 certbot
> Thu Jul 21 12:51:00 2022 +0200
> /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> --
> Fri Jul 22 00:45:00 2022 +0200
> /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> --
> Fri Jul 22 12:36:00 2022 +0200
> /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> ludo@bayfront ~/src/maintenance/hydra$ ls -l /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> -r-xr-xr-x 1 root root 789 Jan 1 1970 /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> ludo@bayfront ~/src/maintenance/hydra$ sudo less /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> #!/gnu/store/cnfsv9ywaacyafkqdqsv2ry8f01yr7a9-guile-3.0.7/bin/guile --no-auto-compile
> !#
> (begin (use-modules (ice-9 match)) (let ((code 0)) (for-each (match-lambda ((name . command) (begin (format #t "Acquiring or renewing certificate: ~a~%" name) (set! code (or (apply system* command) code))))) (quote (("bayfront.guix.gnu.org" "/gnu/store/y2n10m4qkyb6vgx980c6jkjd132ln8xx-certbot-1.18.0/bin/certbot" "certonly" "-n" "--agree-tos" "--webroot" "-w" "/var/www" "--cert-name" "bayfront.guix.gnu.org" "-d" "bayfront.guix.gnu.org,bordeaux.guix.gnu.org,logs.guix.gnu.org,bayfront.guix.info,hpc.guix.info,guix-hpc.bordeaux.inria.fr,coordinator.bayfront.guix.gnu.org" "--email" "ludovic.courtes@inria.fr" "--deploy-hook" "/gnu/store/1wj7gy7n8r0nfx2i79afpr7n7xyhyzjx-nginx-deploy-hook")))) code))
> ludo@bayfront ~/src/maintenance/hydra$ sudo su -c /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> Acquiring or renewing certificate: bayfront.guix.gnu.org
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
> Missing command line flag or config entry for this setting:
> Please choose an account
> Choices: ['guix-hpc.bordeaux.inria.fr@2017-09-04T08:51:13Z (48c5)', 'localhost@2016-12-03T21:08:38Z (00bc)']
> Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
>
> What should we do about “Please choose an account”?

Apologies for not seeing this one before opening #62491 I guess they
are the same? If so, let's merge the reports.

--
Thanks,
Maxim
Maxim Cournoyer wrote 2 years ago
control message for bug #62491
(address . control@debbugs.gnu.org)
87355o75hc.fsf@gmail.com
merge 62491 56678
quit
Ludovic Courtès wrote 2 years ago
Re: bug#56678: certbot mcron job fails
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 56678@debbugs.gnu.org)
87edp8ht3g.fsf@inria.fr
Hello,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (5 lines)
>> What should we do about “Please choose an account”?
>
> Apologies for not seeing this one before opening #62491 I guess they
> are the same? If so, let's merge the reports.

Indeed, I had forgotten about that one, thanks!

Ludo’.
Bruno Victal wrote 2 years ago
(name . Ludovic Courtès)(address . ludovic.courtes@inria.fr)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 56678@debbugs.gnu.org)
3dde112c-dc9d-50f1-8a29-7a912051d1b7@makinata.eu
Hi,

I've found out about step-ca https://github.com/smallstep/certificates which has a ACME server
implementation and could be used to write a self contained system test for certbot / ACME clients.

I didn't have much success packaging this for guix (it's written in go), perhaps someone more
acquainted with the go-build-system could look at this direction? Having automated tests for
certbot-service-type seems a worthwhile endeavor.


Cheers,
Bruno
Ludovic Courtès wrote 2 years ago
(name . Bruno Victal)(address . mirai@makinata.eu)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 56678@debbugs.gnu.org)
87o7mzp8x8.fsf@inria.fr
Hi Bruno,

Bruno Victal <mirai@makinata.eu> skribis:

Toggle quote (7 lines)
> I've found out about step-ca https://github.com/smallstep/certificates which has a ACME server
> implementation and could be used to write a self contained system test for certbot / ACME clients.
>
> I didn't have much success packaging this for guix (it's written in go), perhaps someone more
> acquainted with the go-build-system could look at this direction? Having automated tests for
> certbot-service-type seems a worthwhile endeavor.

Yes, that sounds like a good idea! We need a champion to tackle it…

Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 56678@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 56678
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help