Certbot-auto recently starting to leave files in /tmp

Hello,

I’ve been using LE successfully for several months for many domains. Recently (last month or so), certbot-auto has been leaving files in /tmp containing the following:

2017-05-23 18:04:42,138:DEBUG:certbot.main:certbot version: 0.14.1
2017-05-23 18:04:42,138:DEBUG:certbot.main:Arguments: [’–version’]
2017-05-23 18:04:42,138:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)

Does this imply that certbot is failing to complete (and thus leaving these tmp files around)?

The operation (renewal) doesn’t seem to have any failures, per /var/log/letsencrypt/letsencrypt.log:

2017-05-23 22:04:43,142:DEBUG:certbot.main:certbot version: 0.14.1
2017-05-23 22:04:43,142:DEBUG:certbot.main:Arguments: [’–quiet’, ‘–post-hook’, ‘/etc/init.d/nginx reload’]
2017-05-23 22:04:43,142:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-05-23 22:04:43,208:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x3f12c90> and installer <certbot.cli._Default object at 0x3f12c90>
2017-05-23 22:04:43,208:DEBUG:certbot.cli:Default Detector is Namespace(account=<certbot.cli._Default object at 0x3f11450>, agree_dev_preview=None, allow_subset_of_names=<certbot.cli._Default object at 0x3f11310>, apache=<certbot.cli._Default object at 0x3f12e10>, apache_challenge_location=<certbot.cli._Default object at 0x3f137d0>, apache_ctl=<certbot.cli._Default object at 0x3f13750>, apache_dismod=<certbot.cli._Default object at 0x3f13390>, apache_enmod=<certbot.cli._Default object at 0x3f132d0>, apache_handle_modules=<certbot.cli._Default object at 0x3f135d0>, apache_handle_sites=<certbot.cli._Default object at 0x3f134d0>, apache_init_script=<certbot.cli._Default object at 0x3f139d0>, apache_le_vhost_ext=<certbot.cli._Default object at 0x3f13190>, apache_logs_root=<certbot.cli._Default object at 0x3f133d0>, apache_server_root=<certbot.cli._Default object at 0x3f13150>, apache_vhost_root=<certbot.cli._Default object at 0x3f13210>, authenticator=<certbot.cli._Default object at 0x3f12c90>, break_my_certs=<certbot.cli._Default object at 0x3f11a50>, cert_path=<certbot.cli._Default object at 0x3f12890>, certname=<certbot.cli._Default object at 0x3eb3cd0>, chain_path=<certbot.cli._Default object at 0x3f12a10>, checkpoints=<certbot.cli._Default object at 0x3f12550>, config_dir=<certbot.cli._Default object at 0x3f12a90>, config_file=None, configurator=<certbot.cli._Default object at 0x3f12c90>, csr=<certbot.cli._Default object at 0x3f12590>, debug=<certbot.cli._Default object at 0x3f117d0>, debug_challenges=<certbot.cli._Default object at 0x3f11850>, dialog=None, domains=<certbot.cli._Default object at 0x3eb3c50>, dry_run=<certbot.cli._Default object at 0x3eb3d50>, duplicate=<certbot.cli._Default object at 0x3f114d0>, eff_email=<certbot.cli._Default object at 0x3eb3f90>, email=<certbot.cli._Default object at 0x3eb3f10>, expand=<certbot.cli._Default object at 0x3f11150>, force_interactive=<certbot.cli._Default object at 0x3eb3b90>, fullchain_path=<certbot.cli._Default object at 0x3f12990>, func=<function renew at 0x3a9a5f0>, hsts=<certbot.cli._Default object at 0x3f11cd0>, http01_port=<certbot.cli._Default object at 0x3f119d0>, ifaces=<certbot.cli._Default object at 0x3f12790>, init=<certbot.cli._Default object at 0x3f12510>, installer=<certbot.cli._Default object at 0x3f12c90>, key_path=<certbot.cli._Default object at 0x3f12910>, logs_dir=<certbot.cli._Default object at 0x3f12b90>, manual=<certbot.cli._Default object at 0x3f12f90>, manual_auth_hook=<certbot.cli._Default object at 0x3f13b50>, manual_cleanup_hook=<certbot.cli._Default object at 0x3f13c10>, manual_public_ip_logging_ok=<certbot.cli._Default object at 0x3f13cd0>, must_staple=<certbot.cli._Default object at 0x3f11b50>, nginx=<certbot.cli._Default object at 0x3f12e90>, nginx_ctl=<certbot.cli._Default object at 0x3f13e50>, nginx_server_root=<certbot.cli._Default object at 0x3f13d90>, no_bootstrap=<certbot.cli._Default object at 0x3f11650>, no_self_upgrade=<certbot.cli._Default object at 0x3f115d0>, no_verify_ssl=<certbot.cli._Default object at 0x3f118d0>, noninteractive_mode=<certbot.cli._Default object at 0x3eb3b10>, num=<certbot.cli._Default object at 0x3f12410>, os_packages_only=<certbot.cli._Default object at 0x3f11550>, post_hook=’/etc/init.d/nginx reload’, pre_hook=<certbot.cli._Default object at 0x3f12150>, pref_challs=<certbot.cli._Default object at 0x3f120d0>, prepare=<certbot.cli._Default object at 0x3f12710>, quiet=True, reason=<certbot.cli._Default object at 0x3f125d0>, redirect=<certbot.cli._Default object at 0x3f11bd0>, register_unsafely_without_email=<certbot.cli._Default object at 0x3eb3dd0>, reinstall=<certbot.cli._Default object at 0x3f110d0>, renew_by_default=<certbot.cli._Default object at 0x3f11210>, renew_hook=<certbot.cli._Default object at 0x3f12250>, renew_with_new_domains=<certbot.cli._Default object at 0x3f11290>, rsa_key_size=<certbot.cli._Default object at 0x3f11ad0>, server=<certbot.cli._Default object at 0x3f12c10>, staging=<certbot.cli._Default object at 0x3f11750>, standalone=<certbot.cli._Default object at 0x3f12f10>, standalone_supported_challenges=<certbot.cli._Default object at 0x3f13f10>, staple=<certbot.cli._Default object at 0x3f11ed0>, strict_permissions=<certbot.cli._Default object at 0x3f11fd0>, text_mode=<certbot.cli._Default object at 0x3eb3a90>, tls_sni_01_port=<certbot.cli._Default object at 0x3f11950>, tos=<certbot.cli._Default object at 0x3f113d0>, uir=<certbot.cli._Default object at 0x3f11dd0>, update_registration=<certbot.cli._Default object at 0x3eb3e50>, user_agent=<certbot.cli._Default object at 0x3f12490>, validate_hooks=<certbot.cli._Default object at 0x3f122d0>, verb=‘renew’, verbose_count=<certbot.cli._Default object at 0x3eb3a10>, webroot=<certbot.cli._Default object at 0x3f13050>, webroot_map=<certbot.cli._Default object at 0x3f13fd0>, webroot_path=<certbot.cli._Default object at 0x3f13d50>, work_dir=<certbot.cli._Default object at 0x3f12b10>)
2017-05-23 22:04:43,228:DEBUG:certbot.log:Root logging level set at 30
2017-05-23 22:04:43,229:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-05-23 22:04:43,246:INFO:certbot.renewal:Cert not yet due for renewal
2017-05-23 22:04:43,250:INFO:certbot.renewal:Cert not yet due for renewal
2017-05-23 22:04:43,255:INFO:certbot.renewal:Cert not yet due for renewal

many “not yet due for renewal” messages removed for brevity <<<

2017-05-23 22:04:43,259:INFO:certbot.renewal:Cert not yet due for renewal
2017-05-23 22:04:45,171:INFO:certbot.renewal:Cert not yet due for renewal
2017-05-23 22:04:45,175:INFO:certbot.renewal:Cert not yet due for renewal
2017-05-23 22:04:45,180:INFO:certbot.renewal:Cert not yet due for renewal
2017-05-23 22:04:45,184:INFO:certbot.renewal:Cert not yet due for renewal
2017-05-23 22:04:45,189:INFO:certbot.renewal:Cert not yet due for renewal
2017-05-23 22:04:45,190:DEBUG:certbot.renewal:no renewal failures

Thanks in advance for reading and for any help that you can offer.

Hi @acicali,

I’ve observed the same behaviour since version 0.14.0 but I forgot to open an issue on github so, thanks for remember it ;).

This is the issue I’ve raised right now: https://github.com/certbot/certbot/issues/4719

Cheers,
sahsanu

1 Like

I am also observing this

However on windows it’s in the current working directory.

Also I don’t believe it’s a 0.14.x issue but a code base update issue as I am using 0.13.0 but built the environment recently

command I was running

certbot certonly --manual --csr D:\LETSENCRYPT\JAVA-KEY-TOOL\jks-simple-cert_firecube_xyz.csr --preferred-challenges “dns”

Andrei

1 Like

I responded to this on GitHub, but appears these files are created when certbot --help is run. This is a bug. If any of you have seen another Certbot command not including -h or --help create the file, please mention me with @bmw and tell me what the command was so I can fix it. Thanks for reporting this!

Thanks @bmw. I have a single cron running certbot that leaves these files:

certbot-auto renew --quiet --post-hook “/etc/init.d/nginx reload”

@acicali, this issue has been resolved in version 0.14.2 Certbot 0.14.2 Release

@bmw, thank you very much for fixing this issue, you rocks :wink:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.