Auto renewal with Icecast2 server

popeyebrown · March 25, 2023, 4:30pm

I have installed your certificate for Icecast2 Media server and I run Ubuntu 20.10.

I can not get a renewal from following script with Certbot renewal dry run I have attached the log for letsencrypt alone with terminal mode error
All help in setup auto renewal for my certificate please help

root@louie:~# certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/kpurrr.com.conf

Renewal configuration file /etc/letsencrypt/renewal/kpurrr.com.conf is broken.
The error was: renewal config file {'post_hook': 'cat /etc/letsencrypt/live/kpurrr.com/fullchain.pem /etc/letsencrypt/live/kpurrr.com/privkey.pem > /etc/icecast2/bundle.pem > /etc/icecast2/bundle.pem && service icecast2 restart'} is missing a required file reference
Skipping.

No simulated renewals were attempted.

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/kpurrr.com.conf (parsefail)

0 renew failure(s), 1 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@louie:~#

/etc/letsencrypt/renewal/kpurrr.com.conf

post_hook = cat /etc/letsencrypt/live/kpurrr.com/fullchain.pem /etc/letsencrypt/live/kpurrr.com/privkey.pem > /etc/icecast2/bundle.pem > /etc/icecast2/bundle.pem && service icecast2 restart

I port 80 open and tried start and stop with icecast2 and ubuntu reboot

here is current log for letsencrypt.log

2023-03-25 11:19:37,495:DEBUG:certbot._internal.main:certbot version: 1.29.0
2023-03-25 11:19:37,495:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-03-25 11:19:37,495:DEBUG:certbot._internal.main:Arguments: ['--dry-run']
2023-03-25 11:19:37,495:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-03-25 11:19:37,503:DEBUG:certbot._internal.log:Root logging level set at 30
2023-03-25 11:19:37,504:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/kpurrr.com.conf
2023-03-25 11:19:37,505:ERROR:certbot._internal.renewal:Renewal configuration file /etc/letsencrypt/renewal/kpurrr.com.conf is broken.
2023-03-25 11:19:37,505:ERROR:certbot._internal.renewal:The error was: renewal config file {'post_hook': 'cat /etc/letsencrypt/live/kpurrr.com/fullchain.pem /etc/letsencrypt/live/kpurrr.com/privkey.pem > /etc/icecast2/bundle.pem > /etc/icecast2/bundle.pem && service icecast2 restart'} is missing a required file reference
Skipping.
2023-03-25 11:19:37,506:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 77, in _reconstitute
renewal_candidate = storage.RenewableCert(full_path, config)
File "/usr/lib/python3/dist-packages/certbot/_internal/storage.py", line 483, in init
raise errors.CertStorageError(
certbot.errors.CertStorageError: renewal config file {'post_hook': 'cat /etc/letsencrypt/live/kpurrr.com/fullchain.pem /etc/letsencrypt/live/kpurrr.com/privkey.pem > /etc/icecast2/bundle.pem > /etc/icecast2/bundle.pem && service icecast2 restart'} is missing a required file reference

2023-03-25 11:19:37,506:DEBUG:certbot._internal.display.obj:Notifying user:

2023-03-25 11:19:37,506:DEBUG:certbot._internal.display.obj:Notifying user: No simulated renewals were attempted.
2023-03-25 11:19:37,506:DEBUG:certbot._internal.display.obj:Notifying user:
Additionally, the following renewal configurations were invalid:
2023-03-25 11:19:37,506:DEBUG:certbot._internal.display.obj:Notifying user: /etc/letsencrypt/renewal/kpurrr.com.conf (parsefail)
2023-03-25 11:19:37,506:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2023-03-25 11:19:37,506:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot==1.29.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1744, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1630, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 510, in handle_renewal_request
raise errors.Error(
certbot.errors.Error: 0 renew failure(s), 1 parse failure(s)
2023-03-25 11:19:37,507:ERROR:certbot._internal.log:0 renew failure(s), 1 parse failure(s)

linkp · March 25, 2023, 4:52pm

Would you mind applying </>Preformatted text formatting to your log and console output to enhance readability?

Your post_hook appears to have picked up an extra > /etc/icecast2/bundle.pem at some point. You may want to revisit a Certbot for Icecast guide. I found some via a web search, but of you know which one you used, that might be best one to start with.

popeyebrown · March 25, 2023, 4:58pm

I don't know what you mean by </>Preformatted text I guess in kpurrr.com.conf renewal file? I thought the syntax was a problem
help please
David

MikeMcQ · March 25, 2023, 5:14pm

Yes, can you show your renewal conf file using the pre-formatted text option in the post menu. Or, paste contents with 3 backticks before and after like this
```
contents of: etc/letsencrypt/renewal/kpurrr.com.conf
```

linkp · March 25, 2023, 5:22pm

I'm referring to a format option in the forum post menu under the .

As @MikeMcQ indicated you can also use three backticks ``` on a line before and after your text to apply that formatting. It makes it easier to read on the forum.

Your post_hook appears to have picked up an extra > /etc/icecast2/bundle.pem line at some point. I would offer a more specific suggestion, but it's hard to know where your lines end and begin and what may be caused by word-wrap since the lines were just pasted into your post without formatting.

popeyebrown · March 25, 2023, 5:30pm

I tried this but no worky

post_hook = cat /etc/letsencrypt/live/kpurrr.com/fullchain.pem /etc/letsencrypt/live/kpurrr.com/privkey.pem > /etc/icecast2/bundle.pem && service icecast2 restart

linkp · March 25, 2023, 5:38pm

Edit this post of yours.

Remove the line that days "no worky" as well as any backticks `.

Once that part is done, place 3 backticks and nothing else on the first line:

```

Make sure the remaining text is exactly as it came from your file. You will then end with one more line that has only 3 backticks and nothing else.

```

Bruce5051 · March 25, 2023, 5:41pm

You can edit your posts by selecting the pencil to the lower right of your post.

popeyebrown · March 25, 2023, 5:50pm


post_hook = cat /etc/letsencrypt/live/kpurrr.com/fullchain.pem /etc/letsencrypt/live/kpurrr.com/privkey.pem > /etc/icecast2/bundle.pem && service icecast2 restart

popeyebrown · March 25, 2023, 5:52pm


post_hook = cat /etc/letsencrypt/live/kpurrr.com/fullchain.pem /etc/letsencrypt/live/kpurrr.com/privkey.pem > /etc/icecast2/bundle.pem && service icecast2 restart

MikeMcQ · March 25, 2023, 6:02pm

Is that the ONLY line in your renewal conf file?

Because there should be more lines than that

popeyebrown · March 25, 2023, 6:04pm

yes,
I don't know any other code additions

linkp · March 25, 2023, 6:08pm

That looks fine now. If you look in your first post you can see the output redirection appeared twice.

That post_hook combines your full chain certificate and your private key into the /etc/icecast2/bundle.pem and then restarts your icecast service to load from that updated file.

popeyebrown · March 25, 2023, 6:17pm

I ran after a reboot the dry run, again.

certbot renew --dry-run

The error is still there.

Osiris · March 25, 2023, 6:22pm

Probably because the renewal configuration file requires to contain WAY more than just the post_hook option.

Did you by any chance do something like echo "post_hook = cat ..." > /etc/letsencrypt/renewal/kpurrr.com.conf instead of using >>?

popeyebrown · March 25, 2023, 6:32pm

LIKE THIS


echo "post_hook = cat /etc/letsencrypt/live/kpurrr.com/fullchain.pem /etc/letsencrypt/live/kpurrr.com/privkey.pem " > /etc/icecast2/bundle.pem && service icecast2 restart

rg305 · March 25, 2023, 6:35pm

Why are you using a post hook?
I think you would do better with a deploy hook.

popeyebrown · March 25, 2023, 6:38pm

That was post on how t install your certificate a couple with and Icecast server. I did try deploy


echo "deploy_hook = cat /etc/letsencrypt/live/kpurrr.com/fullchain.pem /etc/letsencrypt/live/kpurrr.com/privkey.pem " > /etc/icecast2/bundle.pem && service icecast2 restart

rg305 · March 25, 2023, 6:47pm

I'm not sure that is doing what you would expect.
Please review the output of:
cat /etc/icecast2/bundle.pem
[don't post any of that output here as it may contain the private key]

If it contains no cert files, as I suspect, it might need to be reworked.
I suspect that file contains only the text string:
[not the actual output of that "intended command"]

deploy_hook = cat /etc/letsencrypt/live/kpurrr.com/fullchain.pem /etc/letsencrypt/live/kpurrr.com/privkey.pem

To help confirm, you can post the output of:
ls -l /etc/icecast2/bundle.pem

popeyebrown · March 25, 2023, 7:01pm

is there a way to check the date of expiration of the certificate and manual renew the certificate? If so how what's code for ubuntu? I want to run on port 8000 and 8443 instead of 80 and port 443. Please help