Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --http-01-port 80
I'm using version certbot/certbot:v0.38.0
Is it possible to use this option as a flag, and when not testing (i.e. staging server)?
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --http-01-port 80
Is it actually possible to use this option 1) as a flag, and 2) when not testing (i.e. not "staging")?
Interesting, this is what I get while testing that flag.
$ sudo docker run -P certbot/certbot:v0.38.0 certonly --standalone --http-01-port 81 --register-unsafely-without-email --agree-tos
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Registering without email!
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): An unexpected error occurred:
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
EOFError
Please see the logfiles in /var/log/letsencrypt for more details.
But then I don’t understand how all those tutorials/etc manage to use this option??? Maybe something changed in the interim.
My workaround: it works for me, but only when I use it in the config file. And even when not testing.
I would prefer to use it as a flag, as then I can have more control in my workflow (scriptable) and less config files, but at least there’s a workaround.
Do you have the same issue without using docker on certbot v0.38.0? I’m doubting that you will, but it’s worth checking. If you do have the same issue then at that point I’d open up a github issue.
@_az I mean the certbot config file, typically in /etc/letsencrypt/cli.ini
When I have that then I can’t use the flag (I get the error above). But when I move all the config in the file to flags instead, then the --http-01-port flag works without error.
Awesome. There are a few bugs in the ConfigArgParse library that Certbot uses (and that ultimately produces this error), so an exact way to reproduce would be a great thing to add to that issue.
Just one last question - are you driving Docker using an API, perhaps?
Because how you split the CLI arguments tends to matter. If you pass in --http-01-port 8081 as a single string in the cmd array, then it will error like you describe.
The shell equivalent of doing so is by wrapping that part in quotes:
$ sudo docker run -v /tmp/certbot-config:/etc/letsencrypt --rm certbot/certbot:v0.31.0 \
certonly --standalone "--http-01-port 4321" \
-d example.com --dry-run
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --http-01-port 4321
This is not typically done, so there’s no docker docs on it, but it’s valid yml. It’s better to do it this way to keep it neat, commentable for each line, and easily modifiable via ansible. But then you need to know this quirk of yml which is that the long-form argument must use an = and doesn’t require escaping!