Certbot setup running upon SSH login


#1

I followed the basic Certbot Apache setup instructions (as I have several times before) but I must have made an error somewhere along the way this time. Everything appears to be working correctly with regards to the certificates and renewals themselves, but now, when logging into my server via SSH I am asked to enter a password for sudo access, and then the certbot setup runs, even though certificates are already installed, and upon completing the setup, or cancelling it, the ssh connection is automatically ended.

Is this due to the crontab that was setup? My only guess there is that I possibly set up the cronjob under sudo, but the certbot script is in a user home directory.

Upon logging in via ssh into the server, I am immediately presented with the following prompt:

Requesting root privileges to run certbot...
  /home/username/.local/share/letsencrypt/bin/letsencrypt
[sudo] password for username: 

If I cancel the sudo login the SSH session is terminated. If I log in for sudo, and then run through the process, upon confirmation, the SSH session is terminated. Is there a workaround to get around this to edit the cron job to fix this?


#2

This isn’t the cron - but it does sound as if something else isn’t right :wink:

Can you do a “ctrl-c” and get passed this point ?

What’s your operating system ? we’d then want to check what’s in your bash profile (possibly .bashrc .profile … depending on your OS).


#3

The server is running Ubuntu 14.04

If I ctrl-c to exit the sudo password prompt than the SSH connection is terminated. If I go through the full setup process, the SSH connection is terminated upon completion. I have a couple of different SSH logins, and all of them have the same behavior.

Am I locked out of the server now?


#4

it’s odd - do you have only the one account you can ssh into ?


#5

@qco, try running something like

ssh user@server echo hello

If you see hello back, then you can supply a command to run in that account, for example

ssh user@server bash -i

to get an interactive shell (from which you can investigate further). I would guess that there is somehow a reference to certbot in one of your login-related dotfiles like .bashrc.


#6

When running that command, I receive the following response:

ssh user@server echo hello
Bootstrapping dependencies for Debian-based OSes...
apt-get update hit problems but continuing anyway...
sudo: no tty present and no askpass program specified
sudo: no tty present and no askpass program specified

A second user account receives a slightly different response:

ssh user@server echo hello
Requesting root privileges to run certbot...
  /home/username/.local/share/letsencrypt/bin/letsencrypt -c echo hello
sudo: no tty present and no askpass program specified

#7

That makes it sound like your shell got changed in /etc/passwd to /home/username/.local/share/letsencrypt/bin/letsencrypt (perhaps using the chsh program). That doesn’t make any sense and I can’t imagine why or how that would have happened.

Does anyone else have root access to this server?


#8

Yes, I believe there is one other user with root access. I will email him with some of these details and will wait to see if he made any changes at the same time I was setting up the Let’s Encrypt stuff last week that could overlap with this issue.

Thank you for your assistance since it seems this is out of scope with Let’s Encrypt stuff.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.