Only path in live/*.pem to archive pem files


#1

My test domain is:
espc18.cf

I ran this command:
./certbot-auto
certonly
–manual
-d $DOMAINNAME
-d *.$DOMAINNAME
-m $EMAILADDRESS
–agree-tos
–no-eff-email
–manual-public-ip-logging-ok
–preferred-challenges dns
–server https://acme-v02.api.letsencrypt.org/directory
–manual-auth-hook certbot-authenticator.sh
–manual-cleanup-hook certbot-cleanup.sh

It produced this output:
IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/espc18.cf/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/espc18.cf/privkey.pem
    Your cert will expire on 2019-04-16. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot-auto
    again. To non-interactively renew all of your certificates, run
    “certbot-auto renew”

I’m executing this command on WSL (ubuntu on Windows)
After executing the command above I get a directory structure where the live directory contains the 4 pem files. But all 4 only contain only a path to the file in the archive directory like this:

…/…/archive/espc18.cf/cert1.pem

I expected a usable pem file. But a file with only a path as content can’t be used as a certificate.
The certificates in the archive folder are usable.

Why is this? Am I doing something wrong?

(btw, when I also configure the following:
–work-dir etc
–config-dir config
–logs-dir log

Then the pem files in live are 0 kb and I only have certificates in the archive directory.)


#2

Probably, this is due to how symlinks are implemented in WSL, and how they are represented on the “native side”.

I think this could be a good issue to create at https://github.com/certbot/certbot/issues to get some feedback on what a fix might be, or whether WSL is a supported environment at all.

A potential fix may be to issue certificates with a --deploy-hook, which all it does, is cp the certificate to a known location (a real copy, not a copy of the symlink).


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.