Hey guys, new to these forums. Joined to mentioned some odd behaviour I noticed while configuring letsencrypt.
Anytime I would run ‘letsencrypt renew --dry-run,’ I would receive errors that I hadn’t registered a contact email, and the ToS hadn’t been agreed to. I certainly had during certification process, but even adding ‘-m <mycontactemail@domain.com>’ and ‘–agree-tos’, would result in failure. I checked out the renewal config at /etc/letsencrypt/live/renewal and noticed the paths to my certs were /etc/fail2ban/blah.pem. key_path was just ‘None’. I edited these to the correct paths and ran all of the above again and now everything is working perfectly.
Is this something anyone else has experienced; Fail2Ban interjecting itself into a config like this? Could this explain why some many are experiencing similar issues with renewal?
from what I understand fail2ban is a tool that bans IPs after they have made a few bad calls
Not sure what the logic is that this would interfere with file writing?
saying that I believe there were some issues in version 14.0 that may be the cause. Also I think that is why file locking was also introduced (to prevent bad writes to files if multiple certbot instances were running)
It certainly is. It monitors logs and takes a set of actions based on a given criteria. Imagine my surprise when I found the cause of these errors. If it hadn’t been so surprising, I likely would not have taken the time to join a forum just to mention it.