I followed the basic Certbot Apache setup instructions (as I have several times before) but I must have made an error somewhere along the way this time. Everything appears to be working correctly with regards to the certificates and renewals themselves, but now, when logging into my server via SSH I am asked to enter a password for sudo access, and then the certbot setup runs, even though certificates are already installed, and upon completing the setup, or cancelling it, the ssh connection is automatically ended.
Is this due to the crontab that was setup? My only guess there is that I possibly set up the cronjob under sudo, but the certbot script is in a user home directory.
Upon logging in via ssh into the server, I am immediately presented with the following prompt:
Requesting root privileges to run certbot...
/home/username/.local/share/letsencrypt/bin/letsencrypt
[sudo] password for username:
If I cancel the sudo login the SSH session is terminated. If I log in for sudo, and then run through the process, upon confirmation, the SSH session is terminated. Is there a workaround to get around this to edit the cron job to fix this?
If I ctrl-c to exit the sudo password prompt than the SSH connection is terminated. If I go through the full setup process, the SSH connection is terminated upon completion. I have a couple of different SSH logins, and all of them have the same behavior.
If you see hello back, then you can supply a command to run in that account, for example
ssh user@server bash -i
to get an interactive shell (from which you can investigate further). I would guess that there is somehow a reference to certbot in one of your login-related dotfiles like .bashrc.
When running that command, I receive the following response:
ssh user@server echo hello
Bootstrapping dependencies for Debian-based OSes...
apt-get update hit problems but continuing anyway...
sudo: no tty present and no askpass program specified
sudo: no tty present and no askpass program specified
A second user account receives a slightly different response:
ssh user@server echo hello
Requesting root privileges to run certbot...
/home/username/.local/share/letsencrypt/bin/letsencrypt -c echo hello
sudo: no tty present and no askpass program specified
That makes it sound like your shell got changed in /etc/passwd to /home/username/.local/share/letsencrypt/bin/letsencrypt (perhaps using the chsh program). That doesn’t make any sense and I can’t imagine why or how that would have happened.
Yes, I believe there is one other user with root access. I will email him with some of these details and will wait to see if he made any changes at the same time I was setting up the Let’s Encrypt stuff last week that could overlap with this issue.
Thank you for your assistance since it seems this is out of scope with Let’s Encrypt stuff.