OSError when running certbot using official Docker image on Windows


#1

I’m running Docker toolbox on Windows 10. I want to be able to run certbot in the container. The container user is root, but the file indicated in the error below is being written to a Windows 10 filesystem, which doesn’t support all features in Linux, like chmod/chown. I’m not sure if that has anything to do with this.

My domain is: watrous.ws

I ran this command: I’m using the official certbot Docker image located here https://hub.docker.com/r/certbot/certbot/

docker run --rm -it -v "$(pwd)/logs/:/var/log/letsencrypt/" -v "$(pwd)/conf/:/etc/letsencrypt/" certbot/certbot certonly --manual

Notice that I mount two local directories for logs and configuration so they persist when the container exits. This is working because I see log files, which is where I got the snippet below. I also see the configuration files.

It produced this output:

2018-04-04 14:00:39,481:DEBUG:certbot.util:Exception occurred releasing lock: LockFile(/var/log/letsencrypt/.certbot.lock) <released>
Traceback (most recent call last):
  File "/opt/certbot/src/certbot/util.py", line 140, in _release_locks
    dir_lock.release()
  File "/opt/certbot/src/certbot/lock.py", line 134, in release
    os.remove(self._path)
OSError: [Errno 26] Text file busy: '/var/log/letsencrypt/.certbot.lock'
2018-04-04 14:00:39,482:DEBUG:certbot.util:Exception occurred releasing lock: LockFile(/etc/letsencrypt/.certbot.lock) <released>
Traceback (most recent call last):
  File "/opt/certbot/src/certbot/util.py", line 140, in _release_locks
    dir_lock.release()
  File "/opt/certbot/src/certbot/lock.py", line 134, in release
    os.remove(self._path)
OSError: [Errno 26] Text file busy: '/etc/letsencrypt/.certbot.lock'

Line 134 is trying os.remove, but I see the note that it doesn’t work on Windows. This is a special case because it is running in the container but operating against the Windows filesystem.

# Calling os.remove on a file that's in use doesn't work on
# Windows, but neither does locking with fcntl.
try:
    os.remove(self._path)
finally:
    try:
        os.close(self._fd)
    finally:
        self._fd = None

Any ideas to get this working for my use case? I wonder if it would be possible to just write the .certbot.lock file somewhere in the container (not to the mounted volume) so that os.remove would succeed.


#2

@bmw, could you comment on this?


#3

Unfortunately, you’re pushing the limits of the current version of Certbot as we don’t work on Windows yet. You may want to consider using a Windows compatible client listed here instead.

If you want to try and work around the problem, you must be using a file system that supports symbolic links. If it doesn’t, Certbot isn’t going to work for you even if you solve the lockfile problem as they are heavily used for other Certbot functionality. If it does support symlinks, you could try creating symlinks from the lockfile to a path in Certbot’s container you’re not mounting.

Another option would be to to only mount the subdirectories of /etc/letsencrypt. This is somewhat fragile as what needs to be preserved here might change in the future without warning and doesn’t work for Certbot’s logfiles, but could be an option for you.

This probably isn’t what you wanted to hear, but I hope it helps nonetheless!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.