FileNotFoundError: [Errno 2] No such file or directory: '/etc/letsencrypt/.certbot.lock'

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
*.aishaonian.com
I ran this command:

docker run -it --rm \
-v /home/certs/letsencrypt:/etc/letsencrypt \
-v /home/certs/letsencrypt:/var/lib/letsencrypt \
-v /home/certs/letsencrypt:/var/log/letsencrypt \
-v /home/app:/home/app \
certbot/certbot certonly \
--webroot \
--agree-tos \
--webroot-path=/home/app \
-d *.aishaonian.com

It produced this output:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
My web server is (include version):

The operating system my web server runs on is (include version):
centos_7_8_x64_20G_alibase_20200817.vhd
My hosting provider, if applicable, is:
aliyun
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

error log:

2020-10-30 13:03:25,030:CRITICAL:certbot._internal.auth_handler:Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
2020-10-30 13:03:25,030:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 11, in <module>
    load_entry_point('certbot', 'console_scripts', 'certbot')()
  File "/opt/certbot/src/certbot/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1362, in main
    return config.func(config, plugins)
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1243, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 122, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 418, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 351, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 398, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 62, in handle_authorizations
    achalls = self._choose_challenges(authzrs)
  File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 204, in _choose_challenges
    path = gen_challenge_path(
  File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 319, in gen_challenge_path
    return _find_smart_path(challbs, preferences, combinations)
  File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 355, in _find_smart_path
    _report_no_chall_path(challbs)
  File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 394, in _report_no_chall_path
    raise errors.AuthorizationError(msg)
certbot.errors.AuthorizationError: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
2020-10-30 13:03:25,031:ERROR:certbot._internal.log:Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
2020-10-30 13:03:25,031:DEBUG:certbot.util:Exception occurred releasing lock: LockFile(/etc/letsencrypt/.certbot.lock) <released>
Traceback (most recent call last):
  File "/opt/certbot/src/certbot/certbot/util.py", line 157, in _release_locks
    dir_lock.release()
  File "/opt/certbot/src/certbot/certbot/_internal/lock.py", line 89, in release
    self._lock_mechanism.release()
  File "/opt/certbot/src/certbot/certbot/_internal/lock.py", line 201, in release
    os.remove(self._path)
FileNotFoundError: [Errno 2] No such file or directory: '/etc/letsencrypt/.certbot.lock'
2020-10-30 13:03:25,032:DEBUG:certbot.util:Exception occurred releasing lock: LockFile(/var/lib/letsencrypt/.certbot.lock) <released>
Traceback (most recent call last):
  File "/opt/certbot/src/certbot/certbot/util.py", line 157, in _release_locks
    dir_lock.release()
  File "/opt/certbot/src/certbot/certbot/_internal/lock.py", line 89, in release
    self._lock_mechanism.release()
  File "/opt/certbot/src/certbot/certbot/_internal/lock.py", line 201, in release
    os.remove(self._path)
FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/letsencrypt/.certbot.lock'

You can't use webroot for wildcard cert authentication.
That requires DNS authentication.

Try running certbot as root user.
See if the 'file not found' goes away.

I'm going to do the same thing with Sudo

Why can't I use webroot 。I've seen it used that way

You can only use webroot for HTTP aurthentications.
Wildcards require DNS authentication because there is no HTTP site for it to authenticate against:
http://*.your.domain/ will never work.

@rg305 You're correct Let's Encrypt currently doesn't offer wildcard certificatew without DNS based validation, but it isn't mandatory to validate through DNS. The CA/B Forum BR do allow HTTP based validations for wildcard certs and LE is looking into that. However, there isn't a timeline when or even if LE will offer HTTP based wildcard certs.

1 Like

Excellent news!

thanks!!!!!!!!!!!!!!!!!!!

Can't find a source though, so I might be mistaken with another feature such as IP's in the certificate, which isn't possible yet, but officially "in the pipeline".

1 Like