Fail2Ban intervening on renewal config?

Hey guys, new to these forums. Joined to mentioned some odd behaviour I noticed while configuring letsencrypt.

Anytime I would run ‘letsencrypt renew --dry-run,’ I would receive errors that I hadn’t registered a contact email, and the ToS hadn’t been agreed to. I certainly had during certification process, but even adding ‘-m <>’ and ‘–agree-tos’, would result in failure. I checked out the renewal config at /etc/letsencrypt/live/renewal and noticed the paths to my certs were /etc/fail2ban/blah.pem. key_path was just ‘None’. I edited these to the correct paths and ran all of the above again and now everything is working perfectly.

Is this something anyone else has experienced; Fail2Ban interjecting itself into a config like this? Could this explain why some many are experiencing similar issues with renewal?

1 Like

from what I understand fail2ban is a tool that bans IPs after they have made a few bad calls

Not sure what the logic is that this would interfere with file writing?

saying that I believe there were some issues in version 14.0 that may be the cause. Also I think that is why file locking was also introduced (to prevent bad writes to files if multiple certbot instances were running)


It certainly is. It monitors logs and takes a set of actions based on a given criteria. Imagine my surprise when I found the cause of these errors. If it hadn’t been so surprising, I likely would not have taken the time to join a forum just to mention it.

interesting do you have a way of diagnosing this in case other people come across the same issue?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.