No certs found after upgrade to certbot 0.30.0


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:seqent.com

I ran this commad:
certbot certificates

It produced this output:

/usr/pkg/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py:163: CryptographyDeprecationWarning: OpenSSL version 1.0.1 is no longer supported by the OpenSSL project, please upgrade. A future version of cryptography will drop support for it.
utils.CryptographyDeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log


No certs found.


My web server is (include version):not permitted to expose this

The operating system my web server runs on is (include version):not permitted to expose this

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.30.0

This started happening after upgrading certbot from 0.27.0 to 0.30.0


#2

This is an issue - but I’m not sure it is why you can’t see any certs…

Please show output of:
find /etc/letsencrypt -name cert.pem


#3

find /usr/pkg/etc/letsencrypt/ -name cert.pem
/usr/pkg/etc/letsencrypt/live/Sass/cert.pem

this package installs in /usr/pkg although the /etc/letsencrypt directory tree exists


#4

OK.
So the older version stored everything in /usr/pkg/etc/letsencrypt
While the newer version now uses /etc/letsencrypt

looking for a fix…


#5

Try:
certbot certificates --config-dir /usr/pkg/etc/letsencrypt

But it seems the real fix is to copy all the folders over (from old path to new path).
For that try:
cp -av /usr/pkg/etc/letsencrypt/ /etc/


#6

The --config-dir did the trick. Thank you.

My guess is the certbot package that I installed is misconfigured. I’ll chase that with the packaging people…and then deal with the openssl issue.

Thanks again


#7

You may need to make that setting permanent in the cli.ini file.
[not sure what the exact syntax for that is]
Or always include “–config-dir /usr/pkg/etc/letsencrypt” in all cerbot related commands.
[especially in the renewal job]


#8

I’m interested in knowing if that fixed it permanently.

Please show this output today:
[without the extra parameter]

certbot certificates


#9

Without the extra parameter it fails…

certbot certificates

/usr/pkg/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py:163: CryptographyDeprecationWarning: OpenSSL version 1.0.1 is no longer supported by the OpenSSL project, please upgrade. A future version of cryptography will drop support for it.
utils.CryptographyDeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log


No certs found.


With it it works

certbot certificates --config-dir /usr/pkg/etc/letsencrypt/

/usr/pkg/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py:163: CryptographyDeprecationWarning: OpenSSL version 1.0.1 is no longer supported by the OpenSSL project, please upgrade. A future version of cryptography will drop support for it.
utils.CryptographyDeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: Sass
Domains: lan136.seqent.com
Expiry Date: 2019-04-28 17:39:08+00:00 (VALID: 75 days)
Certificate Path: /usr/pkg/etc/letsencrypt/live/Sass/fullchain.pem
Private Key Path: /usr/pkg/etc/letsencrypt/live/Sass/privkey.pem


I have not found sufficient documentation on the cli.ini to understand how to add the option there.


#10

As I suspected…

Looking into that now.

EDIT:
Try adding to cli.ini:
config-dir = /usr/pkg/etc/letsencrypt/


#11

This makes it seem like you installed one package from a third party and later upgraded to an official OS package. If so, it might be better to stick with one or the other if possible.


#12

OR maybe it is:
CONFIG_DIR = /usr/pkg/etc/letsencrypt/

[just guessing now - I can’t find the docs on it]


#13

config-dir = /usr/pkg/etc/letsencrypt

Adding the above to cli.ini corrects the issue. Thanks


closed #14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.