Auto renew fail because webroot

petarkozic · March 24, 2020, 11:08am

Hi,
I saw this thread:

but I'm confused how to solve issue on all my domains.

OS: Ubuntu 18.04 LTS

Certbot installed from repository from certbot site.

Certbot version: certbot 0.31.0

I issued SSL first time with next command:

certbot certonly --webroot -w "my_webroot_path" --non-interactive --agree-tos --email my_email - d my_domain.com -d www.my_domain.com

This issued SSL without problems.

When I run:

certbot renew --dry-run

I get error:

    Cleaning up challenges
    Attempting to renew cert (my_domain.com) from /etc/letsencrypt/renewal/my_domain.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
    Select the webroot for my_domain.com:
    Choices: ['Enter a new webroot', 'my_webroot_path']

    (You can set this with the --webroot-path flag). Skipping.

My renew.conf file looks like:

# renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/my_domain.com
cert = /etc/letsencrypt/live/my_domain.com/cert.pem
privkey = /etc/letsencrypt/live/my_domain.com/privkey.pem
chain = /etc/letsencrypt/live/my_domain.com/chain.pem
fullchain = /etc/letsencrypt/live/my_domain.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = fb0c829331a914588fa1b4fd3b980aea
authenticator = webroot
webroot_path = my_webroot_path,
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
www.my_domain.com = my_webroot_path

If I remove the comma from webroot_path = my_webroot_path,
renew dry-run works normally.

Or if I don't touch comma and only add:

[[webroot_map]]
www.my_domain.com = my_webroot_path
my_domain.com = my_webroot_path

renew also works

Is this some bug in certbot?
How can I solve all my domains, I have about 5-6 servers with several SSL on each one.

Thank you.

rg305 · March 24, 2020, 4:40pm

Does NOT include instructions for domain:

Just add a second line there:
my_domain.com = my_webroot_path

petarkozic · March 25, 2020, 7:58am

Why this need to add manually?
Is that some bug?

Does exists some way to set that automatically because I have a lot SSL? When I say automatically I think with certbot not custom scripts?

Thank you.

rg305 · March 25, 2020, 2:43pm

It is missing. But does NOT need to be added manually.
I suggested to add, simply because that would be a quick fix (to me).

It might be.
I see it more like a lack of clear instruction.
I think that if you define a specific webroot for each domain, it should add it for you.
Something like: --webroot -w /root1 -d domain1 -w /root2 -d domain2 -w /root3 -d domain3
[even if the webroots are all the same path - just specify it again]

system · April 24, 2020, 2:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.