Debian Jessie instructions don't work: "authenticator could not be determined or is not installed"

anentropic · May 22, 2016, 9:38pm

I am following the instructions to install letsencrypt/certbot on my Debian Jessie Nginx server.

I have just run $ sudo apt-get install letsencrypt -t jessie-backports which completed successfully.

The next step is letsencrypt certonly however this fails immediately with the error:

authenticator could not be determined or is not installed

Since these are the only instructions I have to work from I have no idea what to do next or how to fix it. Please help.

(yes I did google it, but it only returned a thread in these forums which doesn’t seem to match my case)

tialaramex · May 22, 2016, 10:20pm

Those instructions definitely could be improved, and so could the error message

What’s happened here is that you need to pick a method by which the tool will authenticate your web server. There are several options, and it looks like (at least in the Jessie version) if you don’t pick one you get this very vague error rather than e.g. “Hey, pick an authenticator such as webroot”.

While they fix the docs to explain that better, you need to pick one.

For example, if the nginx is setup to serve regular files from a particular directory you can use “webroot” mode, telling certbot / letsencrypt that if it put files in the right directory they’ll appear on the web server & thus it can authenticate by creating a file with contents selected by the Let’s Encrypt “boulder” ACME server, then Boulder checks it can access that file over the web, and completes the circuit.

If you don’t actually have the nginx serving regular port 80 HTTP at all, you can use “standalone” mode, in which the certbot/ letsencrypt software runs its own mini-server just long enough to do the authentication steps. Obviously that can’t work while nginx is serving stuff up on the port.

There are other options, but one of the above ought to get you where you need to be.

anentropic · May 22, 2016, 10:25pm

Thanks very much for your help.

I’m going to need some actual instructions though.

I had already guessed ahead and tried this:

$ letsencrypt certonly --webroot -w /usr/share/nginx/html/ -d mydomain.com
An unexpected error occurred:
PythonDialogBug
Please see the logfiles in /var/log/letsencrypt for more details.

In the log there is this:

Traceback (most recent call last):
  File "/usr/bin/letsencrypt", line 9, in <module>
    load_entry_point('letsencrypt==0.5.0', 'console_scripts', 'letsencrypt')()
  File "/usr/lib/python2.7/dist-packages/letsencrypt/main.py", line 692, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/main.py", line 504, in obtain_cert
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/main.py", line 356, in _init_le_client
    acc, acme = _determine_account(config)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/main.py", line 341, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 106, in register
    logger.warn(msg)
  File "/usr/lib/python2.7/logging/__init__.py", line 1172, in warning
    self._log(WARNING, msg, args, **kwargs)
  File "/usr/lib/python2.7/logging/__init__.py", line 1279, in _log
    self.handle(record)
  File "/usr/lib/python2.7/logging/__init__.py", line 1289, in handle
    self.callHandlers(record)
  File "/usr/lib/python2.7/logging/__init__.py", line 1329, in callHandlers
    hdlr.handle(record)
  File "/usr/lib/python2.7/logging/__init__.py", line 757, in handle
    self.emit(record)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/log.py", line 64, in emit
    self.width + self.PADDING_WIDTH)
  File "/usr/lib/python2.7/dist-packages/dialog.py", line 2675, in infobox
    kwargs)
  File "/usr/lib/python2.7/dist-packages/dialog.py", line 1765, in _widget_with_no_output
    widget_name, output))
PythonDialogBug

?

anentropic · May 22, 2016, 10:27pm

$ letsencrypt --version
letsencrypt 0.5.0

anentropic · May 22, 2016, 10:30pm

ah, found a solution to that here: https://github.com/certbot/certbot/issues/1154#issuecomment-151734625

$ TERM=xterm letsencrypt certonly --webroot -w /usr/share/nginx/html/ -d mydomain.com

…this does stuff now!

(FWIW I am inside a Docker container)

lupa18 · June 9, 2016, 11:05pm

I had the same problem.

Then I tried your solution and I got a “segmentation fault”

(I’m also inside an nginx docker container)

system · July 9, 2016, 11:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.