Bug#1055330: marked as done (certbot fails to renew certificates using saved webroot path)

Thu, 29 May 2025 18:43:27 -0700 

Your message dated Fri, 30 May 2025 01:41:03 +0000
with message-id 
<caeri_ihhonev9uams6bc+o2xfj+ummvvanwpsynctu+w04m...@mail.gmail.com>
and subject line Re: certbot fails to renew certificates using saved webroot 
path
has caused the Debian Bug report #1055330,
regarding certbot fails to renew certificates using saved webroot path
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1055330: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055330
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: certbot
Version: 2.1.0-4
Severity: important
X-Debbugs-Cc: [email protected]

Dear Maintainer,

   * What led up to the situation?

I visited my website and I got an SSL security exception in my browser.


   * What exactly did you do (or not do) that was effective (or
     ineffective)?

I had to manually run certbot and request new certificates for my domains.

   * What was the outcome of this action?

My domain names received a certificate.

   * What outcome did you expect instead?

I expected certbot to automatically renew my certificates.


PLease review this cerbot log...


2023-10-29 04:57:25,778:INFO:certbot._internal.auth_handler:Performing the 
following challenges:
2023-10-29 04:57:25,779:INFO:certbot._internal.auth_handler:http-01 challenge 
for ineedsome.info
2023-10-29 04:57:25,779:INFO:certbot._internal.auth_handler:http-01 challenge 
for www.ineedsome.info
2023-10-29 04:57:25,783:DEBUG:certbot._internal.error_handler:Encountered 
exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 
86, in handle_authorizations
    resps = self.auth.perform(achalls)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py", 
line 109, in perform
    self._set_webroots(achalls)
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py", 
line 126, in _set_webroots
    new_webroot = self._prompt_for_webroot(achall.domain,
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py", 
line 143, in _prompt_for_webroot
    webroot = self._prompt_with_webroot_list(domain, known_webroots)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py", 
line 157, in _prompt_with_webroot_list
    code, index = display_util.menu(
                  ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 80, in 
menu
    return obj.get_display().menu(message, choices, default=default, 
cli_flag=cli_flag,
           
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/display/obj.py", line 
470, in menu
    raise self._interaction_fail(message, cli_flag, "Choices: " + repr(choices))
certbot.errors.MissingCommandlineFlag: Missing command line flag or config 
entry for this setting:
Select the webroot for ineedsome.info:
Choices: ['Enter a new webroot', '/var/www/ineedsome']

(You can set this with the --webroot-path flag)



As you can see there, it had the location of my webroot, but it did not use it. 
Instead it wanted the webroot to be entered.

I checked the .conf files for my domains and they include the correct webroot 
for all of my domains. 
For some reason, certbot is not using this info when it tries to renew the 
domains.

I have serveral certbot certificates. Two of my certificates use ecdsa and one 
uses rsa. I did not specify that,
it chose that on its own. It seems that the rsa certificate did auto renew and 
the two ecdsa certificates did not auto renew.

I can give you more logs if you need them.

I got some emails from letsencrypt saying that my domains needed to be renewed. 
I guess this was a sign that something was not
working correctly.


-- System Information:
Debian Release: 12.2
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-13-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages certbot depends on:
ii  debconf [debconf-2.0]  1.5.82
ii  python3                3.11.2-1+b1
ii  python3-certbot        2.1.0-4

certbot recommends no packages.

Versions of packages certbot suggests:
pn  python-certbot-doc      <none>
pn  python3-certbot-apache  <none>
pn  python3-certbot-nginx   <none>

-- debconf information:
  certbot/remove_live_certs: true

--- End Message ---
--- Begin Message --- 
tag 1055330 unreproducible
thanks

On Tue, 3 Sep 2024 17:30:19 +0000 Harlan Lieberman-Berg <
[email protected]> wrote:
> Is this still an issue you're still having?  It looks like the
> configuration file for the renewal didn't get made correctly, for some
> reason.  If it's still occurring, can you upload the
> /etc/letsencrypt/renewal/<domain>.conf and
> /var/log/letsencrypt/letsencrypt.log files please?

Unable to reproduce; closing due to inactivity.

Sincerely,

-- 
Harlan Lieberman-Berg
~hlieberman

--- End Message ---

Reply via email to