My domain is: tbs-uat1-app1.acro.website (and others)
I ran this command: /snap/bin/certbot renew
It produced this output: ERROR: ld.so: object '/lib/x86_64-linux-gnu/liboneagentproc.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
This error seems to be a nuisance level message only. Certbot continues to run, and presumably renewals work, but any machine that has Dynatrace OneAgent installed causes this message to be emitted for any certbot operation (including asking for the certbot version).
My web server is (include version): nginx/1.18.0
The operating system my web server runs on is (include version): Ubuntu 20.04.4 LTS
My hosting provider, if applicable, is: Self hosted. EC2 on AWS.
@rg305 No other certbot versions installed, no other certbot plugins or add-ons. They're all stock certbot installations.
The dynatrace oneagent installer populated the /etc/ld.so.preload file with a single line, /lib/x86_64-linux-gnu/liboneagentproc.so, and ever since then the error has been happening, but it only happens with certbot.
The other variant of the error from syslog that appears is ERROR: ld.so: object '/lib/x86_64-linux-gnu/liboneagentproc.so' from /etc/ld.so.preload cannot be preloaded (failed to map segment from shared object): ignored.
I'm also following up with dynatrace support, but given that this message is only emitted when certbot is used, it seems possible that it's a certbot problem, and not a dynatrace oneagent problem.
I'm pretty sure you'd get this warning/non-fatal error for any program you're running. I don't see why it should be limited to Certbot.
From man ld.so:
/etc/ld.so.preload
File containing a whitespace-separated list of ELF shared
objects to be loaded before the program. See the
discussion of LD_PRELOAD above. If both LD_PRELOAD and
/etc/ld.so.preload are employed, the libraries specified
by LD_PRELOAD are preloaded first. /etc/ld.so.preload has
a system-wide effect, causing the specified libraries to
be preloaded for all programs that are executed on the
system. (This is usually undesirable, and is typically
employed only as an emergency remedy, for example, as a
temporary workaround to a library misconfiguration issue.)
Note the "/etc/ld.so.preload has a system-wide effect, causing the specified libraries to be preloaded for all programs that are executed on the system." part.
It might be due to this Dynatrace library being incompatible with the versions of the shared libraries which ship inside the Certbot snap (and the core20 base).
I think it's harmless. We could do something like this to prevent /etc/ld.so.preload from affecting the Certbot snap, but it's not clear whether we'd break other users' environments by doing that, so I think we will probably do nothing in this case.
It is harmless, but it's also noisy @Osiris@_az. Certbot is the only process on any of these machines that cause that error to be emitted, which I find really odd.
In any case, without being able to prevent certbot from trying to load this library, the only other option I see is to mute all messages from certbot renewal attempts, which has the unpleasant side effect of blinding me to actual renewal problems.
Ah interesting suggestion @_az . I'll give that a whirl, though I'm not sure how long it would last; the agent's updater might put the preload back in place before too long. I'll also bring it to the dynatrace team and see what they think. I can see why they want the library laced into everything, but by the same token, it seems like they're setting themselves up for a world of support woes by doing so.