certbot mcron job fails

  • Open
  • quality assurance status badge
Details
3 participants
  • Ludovic Courtès
  • Maxim Cournoyer
  • Bruno Victal
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
normal
Merged with
L
L
Ludovic Courtès wrote on 21 Jul 2022 10:25
(address . bug-guix@gnu.org)
878romoos7.fsf@inria.fr
Hello,

‘certbot-service-type’ defines an mcron job that invokes ‘certbot’ with
a fairly long list of arguments. However, that command line appears
to be incorrect, or at least it is on bayfront.guix where I tested it:

Toggle snippet (24 lines)
ludo@bayfront ~/src/maintenance/hydra$ sudo herd schedule mcron 100|grep -B1 certbot
Thu Jul 21 12:51:00 2022 +0200
/gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
--
Fri Jul 22 00:45:00 2022 +0200
/gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
--
Fri Jul 22 12:36:00 2022 +0200
/gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
ludo@bayfront ~/src/maintenance/hydra$ ls -l /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
-r-xr-xr-x 1 root root 789 Jan 1 1970 /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
ludo@bayfront ~/src/maintenance/hydra$ sudo less /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
#!/gnu/store/cnfsv9ywaacyafkqdqsv2ry8f01yr7a9-guile-3.0.7/bin/guile --no-auto-compile
!#
(begin (use-modules (ice-9 match)) (let ((code 0)) (for-each (match-lambda ((name . command) (begin (format #t "Acquiring or renewing certificate: ~a~%" name) (set! code (or (apply system* command) code))))) (quote (("bayfront.guix.gnu.org" "/gnu/store/y2n10m4qkyb6vgx980c6jkjd132ln8xx-certbot-1.18.0/bin/certbot" "certonly" "-n" "--agree-tos" "--webroot" "-w" "/var/www" "--cert-name" "bayfront.guix.gnu.org" "-d" "bayfront.guix.gnu.org,bordeaux.guix.gnu.org,logs.guix.gnu.org,bayfront.guix.info,hpc.guix.info,guix-hpc.bordeaux.inria.fr,coordinator.bayfront.guix.gnu.org" "--email" "ludovic.courtes@inria.fr" "--deploy-hook" "/gnu/store/1wj7gy7n8r0nfx2i79afpr7n7xyhyzjx-nginx-deploy-hook")))) code))
ludo@bayfront ~/src/maintenance/hydra$ sudo su -c /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
Acquiring or renewing certificate: bayfront.guix.gnu.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Missing command line flag or config entry for this setting:
Please choose an account
Choices: ['guix-hpc.bordeaux.inria.fr@2017-09-04T08:51:13Z (48c5)', 'localhost@2016-12-03T21:08:38Z (00bc)']
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

What should we do about “Please choose an account”?

Thanks,
Ludo’.
M
M
Maxim Cournoyer wrote on 28 Mar 2023 23:23
(name . Ludovic Courtès)(address . ludovic.courtes@inria.fr)(address . 56678@debbugs.gnu.org)
877cv08tad.fsf@gmail.com
Hi Ludo,

Ludovic Courtès <ludovic.courtes@inria.fr> writes:

Toggle quote (31 lines)
> Hello,
>
> ‘certbot-service-type’ defines an mcron job that invokes ‘certbot’ with
> a fairly long list of arguments. However, that command line appears
> to be incorrect, or at least it is on bayfront.guix where I tested it:
>
> ludo@bayfront ~/src/maintenance/hydra$ sudo herd schedule mcron 100|grep -B1 certbot
> Thu Jul 21 12:51:00 2022 +0200
> /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> --
> Fri Jul 22 00:45:00 2022 +0200
> /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> --
> Fri Jul 22 12:36:00 2022 +0200
> /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> ludo@bayfront ~/src/maintenance/hydra$ ls -l /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> -r-xr-xr-x 1 root root 789 Jan 1 1970 /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> ludo@bayfront ~/src/maintenance/hydra$ sudo less /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> #!/gnu/store/cnfsv9ywaacyafkqdqsv2ry8f01yr7a9-guile-3.0.7/bin/guile --no-auto-compile
> !#
> (begin (use-modules (ice-9 match)) (let ((code 0)) (for-each (match-lambda ((name . command) (begin (format #t "Acquiring or renewing certificate: ~a~%" name) (set! code (or (apply system* command) code))))) (quote (("bayfront.guix.gnu.org" "/gnu/store/y2n10m4qkyb6vgx980c6jkjd132ln8xx-certbot-1.18.0/bin/certbot" "certonly" "-n" "--agree-tos" "--webroot" "-w" "/var/www" "--cert-name" "bayfront.guix.gnu.org" "-d" "bayfront.guix.gnu.org,bordeaux.guix.gnu.org,logs.guix.gnu.org,bayfront.guix.info,hpc.guix.info,guix-hpc.bordeaux.inria.fr,coordinator.bayfront.guix.gnu.org" "--email" "ludovic.courtes@inria.fr" "--deploy-hook" "/gnu/store/1wj7gy7n8r0nfx2i79afpr7n7xyhyzjx-nginx-deploy-hook")))) code))
> ludo@bayfront ~/src/maintenance/hydra$ sudo su -c /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> Acquiring or renewing certificate: bayfront.guix.gnu.org
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
> Missing command line flag or config entry for this setting:
> Please choose an account
> Choices: ['guix-hpc.bordeaux.inria.fr@2017-09-04T08:51:13Z (48c5)', 'localhost@2016-12-03T21:08:38Z (00bc)']
> Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
>
> What should we do about “Please choose an account”?

Apologies for not seeing this one before opening #62491 I guess they
are the same? If so, let's merge the reports.

--
Thanks,
Maxim
M
M
Maxim Cournoyer wrote on 29 Mar 2023 02:42
control message for bug #62491
(address . control@debbugs.gnu.org)
87355o75hc.fsf@gmail.com
merge 62491 56678
quit
L
L
Ludovic Courtès wrote on 29 Mar 2023 10:14
Re: bug#56678: certbot mcron job fails
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 56678@debbugs.gnu.org)
87edp8ht3g.fsf@inria.fr
Hello,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (5 lines)
>> What should we do about “Please choose an account”?
>
> Apologies for not seeing this one before opening #62491 I guess they
> are the same? If so, let's merge the reports.

Indeed, I had forgotten about that one, thanks!

Ludo’.
B
B
Bruno Victal wrote on 4 May 2023 18:45
(address . 56678@debbugs.gnu.org)
3dde112c-dc9d-50f1-8a29-7a912051d1b7@makinata.eu
Hi,

I've found out about step-ca https://github.com/smallstep/certificates which has a ACME server
implementation and could be used to write a self contained system test for certbot / ACME clients.

I didn't have much success packaging this for guix (it's written in go), perhaps someone more
acquainted with the go-build-system could look at this direction? Having automated tests for
certbot-service-type seems a worthwhile endeavor.


Cheers,
Bruno
L
L
Ludovic Courtès wrote on 5 May 2023 08:52
(name . Bruno Victal)(address . mirai@makinata.eu)
87o7mzp8x8.fsf@inria.fr
Hi Bruno,

Bruno Victal <mirai@makinata.eu> skribis:

Toggle quote (7 lines)
> I've found out about step-ca https://github.com/smallstep/certificates which has a ACME server
> implementation and could be used to write a self contained system test for certbot / ACME clients.
>
> I didn't have much success packaging this for guix (it's written in go), perhaps someone more
> acquainted with the go-build-system could look at this direction? Having automated tests for
> certbot-service-type seems a worthwhile endeavor.

Yes, that sounds like a good idea! We need a champion to tackle it…

Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 56678@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 56678
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch