expand tilde character in command line and config file settings
jdimpson opened this issue · 0 comments
If you're having trouble using Certbot and aren't sure you've found a bug or
request for a new feature, please first try asking for help at
https://community.letsencrypt.org/. There is a much larger community there of
people familiar with the project who will be able to more quickly answer your
questions.
My operating system is (include version):
Raspbian GNU/Linux 10 (buster)
I installed Certbot with (snap, OS package manager, pip, certbot-auto, etc):
pip
I ran this command and it produced this output:
Command:
~/files/certbot/bin/certbot --logs-dir=~/files/certbot/log --config-dir=~/files/certbot/etc --work-dir=~/files/certbot/lib certonly --standalone -d [DOMAIN DELETED] -m [EMAIL ADDRESS DELETED]
Actual Result:
Requesting a certificate for [DELETED] and [DELETED]
Successfully received certificate.
Certificate is saved at: /home/[USER NAME DELETED]/files/certbot/~/files/certbot/etc/live/[DOMAIN DELETED]/fullchain.pem
Key is saved at: /home/[USER NAME DELETED]/files/certbot/~/files/certbot/etc/live/[DOMAIN DELETED]/privkey.pem
This certificate expires on 2024-03-02.
These files will be updated when the certificate renews.
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
To be clear, I expected the following:
Certificate is saved at: /home/[USER NAME DELETED]/files/certbot/etc/live/[DOMAIN DELETED]/fullchain.pem
Key is saved at: /home/[USER NAME DELETED]/files/certbot/etc/live/[DOMAIN DELETED]/privkey.pem
Certbot's behavior differed from what I expected because:
The certificates, logs, etc were created in a directory named ~ in the current directory. I expected it to resolve the ~ as the user's $HOME variable and use the strings as fully qualified directory paths.
Ideally, ~ parsing would be implemented, at least on Unix systems, but at least, the use of tilde in a file path gets detected and treated as an error.
Here is a Certbot log showing the issue (if available):
Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.
I don't believe the logs would show a useful error, as it operated correctly. It just created a directory named ~ where it put all the data. To fix, I had to use this perl command line script to rename it: perl -e "rename('~','foo') or die" (mentioned here in case it's helpful for anyone else.)
I ended up deleting everything because I wasn't able to figure out how to fix certbot's understanding of the botched certificate request.
Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:
Not applicable.
This bug was previously reported in #2810 which got closed without being addressed.