Package: certbot
Version: 2.1.0-4
Severity: important
X-Debbugs-Cc: re...@ineedsome.info
Dear Maintainer,
* What led up to the situation?
I visited my website and I got an SSL security exception in my browser.
* What exactly did you do (or not do) that was effective (or
ineffective)?
I had to manually run certbot and request new certificates for my domains.
* What was the outcome of this action?
My domain names received a certificate.
* What outcome did you expect instead?
I expected certbot to automatically renew my certificates.
PLease review this cerbot log...
2023-10-29 04:57:25,778:INFO:certbot._internal.auth_handler:Performing the
following challenges:
2023-10-29 04:57:25,779:INFO:certbot._internal.auth_handler:http-01 challenge
for ineedsome.info
2023-10-29 04:57:25,779:INFO:certbot._internal.auth_handler:http-01 challenge
for www.ineedsome.info
2023-10-29 04:57:25,783:DEBUG:certbot._internal.error_handler:Encountered
exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line
86, in handle_authorizations
resps = self.auth.perform(achalls)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py",
line 109, in perform
self._set_webroots(achalls)
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py",
line 126, in _set_webroots
new_webroot = self._prompt_for_webroot(achall.domain,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py",
line 143, in _prompt_for_webroot
webroot = self._prompt_with_webroot_list(domain, known_webroots)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py",
line 157, in _prompt_with_webroot_list
code, index = display_util.menu(
^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 80, in
menu
return obj.get_display().menu(message, choices, default=default,
cli_flag=cli_flag,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/display/obj.py", line
470, in menu
raise self._interaction_fail(message, cli_flag, "Choices: " + repr(choices))
certbot.errors.MissingCommandlineFlag: Missing command line flag or config
entry for this setting:
Select the webroot for ineedsome.info:
Choices: ['Enter a new webroot', '/var/www/ineedsome']
(You can set this with the --webroot-path flag)
As you can see there, it had the location of my webroot, but it did not use it.
Instead it wanted the webroot to be entered.
I checked the .conf files for my domains and they include the correct webroot
for all of my domains.
For some reason, certbot is not using this info when it tries to renew the
domains.
I have serveral certbot certificates. Two of my certificates use ecdsa and one
uses rsa. I did not specify that,
it chose that on its own. It seems that the rsa certificate did auto renew and
the two ecdsa certificates did not auto renew.
I can give you more logs if you need them.
I got some emails from letsencrypt saying that my domains needed to be renewed.
I guess this was a sign that something was not
working correctly.
-- System Information:
Debian Release: 12.2
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-13-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages certbot depends on:
ii debconf [debconf-2.0] 1.5.82
ii python3 3.11.2-1+b1
ii python3-certbot 2.1.0-4
certbot recommends no packages.
Versions of packages certbot suggests:
pn python-certbot-doc <none>
pn python3-certbot-apache <none>
pn python3-certbot-nginx <none>
-- debconf information:
certbot/remove_live_certs: true
