bug#56678: certbot mcron job fails

unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed

* bug#56678: certbot mcron job fails
@ 2022-07-21  8:25 Ludovic Courtès
  2023-03-28 21:23 ` Maxim Cournoyer
  2023-05-04 16:45 ` Bruno Victal
  0 siblings, 2 replies; 5+ messages in thread
From: Ludovic Courtès @ 2022-07-21  8:25 UTC (permalink / raw)
  To: 56678

Hello,

‘certbot-service-type’ defines an mcron job that invokes ‘certbot’ with
a fairly long list of arguments.  However, that command line appears
to be incorrect, or at least it is on bayfront.guix where I tested it:

--8<---------------cut here---------------start------------->8---
ludo@bayfront ~/src/maintenance/hydra$ sudo herd schedule mcron 100|grep -B1 certbot
Thu Jul 21 12:51:00 2022 +0200
/gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
--
Fri Jul 22 00:45:00 2022 +0200
/gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
--
Fri Jul 22 12:36:00 2022 +0200
/gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
ludo@bayfront ~/src/maintenance/hydra$ ls -l /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
-r-xr-xr-x 1 root root 789 Jan  1  1970 /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
ludo@bayfront ~/src/maintenance/hydra$ sudo less /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
#!/gnu/store/cnfsv9ywaacyafkqdqsv2ry8f01yr7a9-guile-3.0.7/bin/guile --no-auto-compile
!#
(begin (use-modules (ice-9 match)) (let ((code 0)) (for-each (match-lambda ((name . command) (begin (format #t "Acquiring or renewing certificate: ~a~%" name) (set! code (or (apply system* command) code))))) (quote (("bayfront.guix.gnu.org" "/gnu/store/y2n10m4qkyb6vgx980c6jkjd132ln8xx-certbot-1.18.0/bin/certbot" "certonly" "-n" "--agree-tos" "--webroot" "-w" "/var/www" "--cert-name" "bayfront.guix.gnu.org" "-d" "bayfront.guix.gnu.org,bordeaux.guix.gnu.org,logs.guix.gnu.org,bayfront.guix.info,hpc.guix.info,guix-hpc.bordeaux.inria.fr,coordinator.bayfront.guix.gnu.org" "--email" "ludovic.courtes@inria.fr" "--deploy-hook" "/gnu/store/1wj7gy7n8r0nfx2i79afpr7n7xyhyzjx-nginx-deploy-hook")))) code))
ludo@bayfront ~/src/maintenance/hydra$ sudo su -c /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
Acquiring or renewing certificate: bayfront.guix.gnu.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Missing command line flag or config entry for this setting:
Please choose an account
Choices: ['guix-hpc.bordeaux.inria.fr@2017-09-04T08:51:13Z (48c5)', 'localhost@2016-12-03T21:08:38Z (00bc)']
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
--8<---------------cut here---------------end--------------->8---

What should we do about “Please choose an account”?

Thanks,
Ludo’.




^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#56678: certbot mcron job fails
  2022-07-21  8:25 bug#56678: certbot mcron job fails Ludovic Courtès
@ 2023-03-28 21:23 ` Maxim Cournoyer
  2023-03-29  8:14   ` Ludovic Courtès
  2023-05-04 16:45 ` Bruno Victal
  1 sibling, 1 reply; 5+ messages in thread
From: Maxim Cournoyer @ 2023-03-28 21:23 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 56678

Hi Ludo,

Ludovic Courtès <ludovic.courtes@inria.fr> writes:

> Hello,
>
> ‘certbot-service-type’ defines an mcron job that invokes ‘certbot’ with
> a fairly long list of arguments.  However, that command line appears
> to be incorrect, or at least it is on bayfront.guix where I tested it:
>
> ludo@bayfront ~/src/maintenance/hydra$ sudo herd schedule mcron 100|grep -B1 certbot
> Thu Jul 21 12:51:00 2022 +0200
> /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> --
> Fri Jul 22 00:45:00 2022 +0200
> /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> --
> Fri Jul 22 12:36:00 2022 +0200
> /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> ludo@bayfront ~/src/maintenance/hydra$ ls -l /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> -r-xr-xr-x 1 root root 789 Jan  1  1970 /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> ludo@bayfront ~/src/maintenance/hydra$ sudo less /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> #!/gnu/store/cnfsv9ywaacyafkqdqsv2ry8f01yr7a9-guile-3.0.7/bin/guile --no-auto-compile
> !#
> (begin (use-modules (ice-9 match)) (let ((code 0)) (for-each (match-lambda ((name . command) (begin (format #t "Acquiring or renewing certificate: ~a~%" name) (set! code (or (apply system* command) code))))) (quote (("bayfront.guix.gnu.org" "/gnu/store/y2n10m4qkyb6vgx980c6jkjd132ln8xx-certbot-1.18.0/bin/certbot" "certonly" "-n" "--agree-tos" "--webroot" "-w" "/var/www" "--cert-name" "bayfront.guix.gnu.org" "-d" "bayfront.guix.gnu.org,bordeaux.guix.gnu.org,logs.guix.gnu.org,bayfront.guix.info,hpc.guix.info,guix-hpc.bordeaux.inria.fr,coordinator.bayfront.guix.gnu.org" "--email" "ludovic.courtes@inria.fr" "--deploy-hook" "/gnu/store/1wj7gy7n8r0nfx2i79afpr7n7xyhyzjx-nginx-deploy-hook")))) code))
> ludo@bayfront ~/src/maintenance/hydra$ sudo su -c /gnu/store/r8hx1sdy3hkw9xpgsb92lh1kjs558876-certbot-command
> Acquiring or renewing certificate: bayfront.guix.gnu.org
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
> Missing command line flag or config entry for this setting:
> Please choose an account
> Choices: ['guix-hpc.bordeaux.inria.fr@2017-09-04T08:51:13Z (48c5)', 'localhost@2016-12-03T21:08:38Z (00bc)']
> Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
>
> What should we do about “Please choose an account”?

Apologies for not seeing this one before opening #62491  I guess they
are the same?  If so, let's merge the reports.

-- 
Thanks,
Maxim




^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#56678: certbot mcron job fails
  2023-03-28 21:23 ` Maxim Cournoyer
@ 2023-03-29  8:14   ` Ludovic Courtès
  0 siblings, 0 replies; 5+ messages in thread
From: Ludovic Courtès @ 2023-03-29  8:14 UTC (permalink / raw)
  To: Maxim Cournoyer; +Cc: 56678

Hello,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

>> What should we do about “Please choose an account”?
>
> Apologies for not seeing this one before opening #62491  I guess they
> are the same?  If so, let's merge the reports.

Indeed, I had forgotten about that one, thanks!

Ludo’.




^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#56678: certbot mcron job fails
  2022-07-21  8:25 bug#56678: certbot mcron job fails Ludovic Courtès
  2023-03-28 21:23 ` Maxim Cournoyer
@ 2023-05-04 16:45 ` Bruno Victal
  2023-05-05  6:52   ` Ludovic Courtès
  1 sibling, 1 reply; 5+ messages in thread
From: Bruno Victal @ 2023-05-04 16:45 UTC (permalink / raw)
  To: Ludovic Courtès, Maxim Cournoyer; +Cc: 56678

Hi,

I've found out about step-ca <https://github.com/smallstep/certificates> which has a ACME server
implementation and could be used to write a self contained system test for certbot / ACME clients.

I didn't have much success packaging this for guix (it's written in go), perhaps someone more
acquainted with the go-build-system could look at this direction? Having automated tests for
certbot-service-type seems a worthwhile endeavor.

Cheers,
Bruno

^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#56678: certbot mcron job fails
  2023-05-04 16:45 ` Bruno Victal
@ 2023-05-05  6:52   ` Ludovic Courtès
  0 siblings, 0 replies; 5+ messages in thread
From: Ludovic Courtès @ 2023-05-05  6:52 UTC (permalink / raw)
  To: Bruno Victal; +Cc: Maxim Cournoyer, 56678

Hi Bruno,

Bruno Victal <mirai@makinata.eu> skribis:

> I've found out about step-ca <https://github.com/smallstep/certificates> which has a ACME server
> implementation and could be used to write a self contained system test for certbot / ACME clients.
>
> I didn't have much success packaging this for guix (it's written in go), perhaps someone more
> acquainted with the go-build-system could look at this direction? Having automated tests for
> certbot-service-type seems a worthwhile endeavor.

Yes, that sounds like a good idea!  We need a champion to tackle it…

Ludo’.




^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-05-05  6:53 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-21  8:25 bug#56678: certbot mcron job fails Ludovic Courtès
2023-03-28 21:23 ` Maxim Cournoyer
2023-03-29  8:14   ` Ludovic Courtès
2023-05-04 16:45 ` Bruno Victal
2023-05-05  6:52   ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).