Sticky error after trying to generate "IDN" certificate


#1

Running Debian 8, installed certbot via backport, using Apache plugin, have root access.

Initially created a certificate for foo.com and www.foo.com, which worked well. Everything, actually, went well :slight_smile:

Then I tried with an IDN (not knowing it wasn’t supported), so I ran certbot with åsa.com and www.åsa.com. I was told that IDN isn’t yet supported. Fine, I can live with that and do a manual webserver re-direct for that particular domain.

Then I tried the next domain in my list, and now I cannot get certbot to work, at all. I have tried re-installing it via apt-get and aptitude, and I have tried to re-init the plugins, etc. It’s still the same error. It feels like a cache somewhere needs to be removed/refreshed, or something … :slight_smile:

Here is the output:

myServer:/etc/ssl/certs# certbot --apache --debug -vvvv --domains thenextdomain.se,www.thenextdomain.se
Root logging level set at -20
Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot version: 0.9.3
Arguments: [’–apache’, ‘–debug’, ‘-vvvv’, ‘–domains’, ‘thenextdomain.se,www.thenextdomain.se’]
Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
Requested authenticator apache and installer apache
Other error:(PluginEntryPoint#apache): (‘There has been an error in parsing the file (%s): %s’, ‘/etc/apache2/sites-available/certbot.log’, ‘Syntax error’)
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/certbot/plugins/disco.py”, line 106, in prepare
self._initialized.prepare()
File “/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py”, line 190, in prepare
self.check_parsing_errors(“httpd.aug”)
File “/usr/lib/python2.7/dist-packages/certbot_apache/augeas_configurator.py”, line 74, in check_parsing_errors
raise errors.PluginError(msg)
PluginError: (‘There has been an error in parsing the file (%s): %s’, ‘/etc/apache2/sites-available/certbot.log’, ‘Syntax error’)
No candidate plugin
Selected authenticator None and installer None
The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError((‘There has been an error in parsing the file (%s): %s’, ‘/etc/apache2/sites-available/certbot.log’, ‘Syntax error’),)
myServer:/etc/ssl/certs#

Now what?


#2

I’m not sure why certbot is placing a log file in /etc/apache2/sites-available/certbot.log - I’ve noticed this a couple of times now, but haven’t identified the cause yet. Could you try deleting that file and see if that fixes the problem?


#3

How very weird. I thought it was just a log file (?), but removing it certainly seems to have helped.

#wtf #lol


#4

Does certbot put this file in its current directory? If so

  • Users might choose to run certbot after having just been in the apache configuration directory to look at something, not realising that this might matter

  • Some code that runs a little before the log is created might change into this directory.


#5

To my knowledge logs are stored in --logs-dir, which defaults to /var/log/letsencrypt, at least with the certbot-auto installation method. Maybe this is an issue with the debian package not setting that default, will look into this.


#6

I couldn’t reproduce initially, but I found a post explaining this behaviour:

I’m guessing certbot crashed previously while your cwd was /etc/apache2/sites-available.


#7

It’s very likely that it crashed while my current directory was in fact /etc/apache2…

My suggestion would be this:

Until certbot has parsed the configuration file and knows where to log stuff, write its log in the current users home directory. It will “always” have write access to that directory and its behavior is far more predictable this way.

I also noticed that it seems like certbot tries to parse ALL files in the configuration directory as site configuration files. Even some do not end in “.conf”. I can understand the reasoning behind this, but perhaps this should be a configuration option? It’s not a very good situation if files like .save or .bak or other similar files are parsed as it can create quite a confused mess of things :slight_smile:

-joho


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.