Certbot has problem setting up the virtual environment
basz opened this issue · 3 comments
basz commented
Latest image. I noticed this in the log upon first time stack creation. (certs already on host)
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Starting Docker Flow: Let's Encrypt
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Docker Flow: Let's Encrypt started
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | We will use xxx@xxxx for certificate registration with certbot. This e-mail is used by Let's Encrypt when you lose the account and want to get it back.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Cert not due for renewal, but simulating renewal for dry run
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Renewing an existing certificate
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Performing the following challenges:
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | http-01 challenge for hello-world.bushbaby.nl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Waiting for verification...
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Cleaning up challenges
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Domain hello-world.bushbaby.nl successfully validated
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Use certbot-auto certonly --no-self-upgrade --standalone --non-interactive --expand --keep-until-expiring --email xxx@xxxx --agree-tos --preferred-challenges http-01 --rsa-key-size 4096 --redirect --hsts --staple-ocsp --cert-name hello-world.bushbaby.nl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Cert not yet due for renewal
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Keeping the existing certificate
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | -------------------------------------------------------------------------------
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Certificate not yet due for renewal; no action taken.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | -------------------------------------------------------------------------------
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Cert not due for renewal, but simulating renewal for dry run
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Renewing an existing certificate
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Performing the following challenges:
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | http-01 challenge for docker-registry.bushbaby.nl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Waiting for verification...
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Cleaning up challenges
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Domain docker-registry.bushbaby.nl successfully validated
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Use certbot-auto certonly --no-self-upgrade --standalone --non-interactive --expand --keep-until-expiring --email xxx@xxx --agree-tos --preferred-challenges http-01 --rsa-key-size 4096 --redirect --hsts --staple-ocsp --cert-name docker-registry.bushbaby.nl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Cert not yet due for renewal
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Keeping the existing certificate
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | -------------------------------------------------------------------------------
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Certificate not yet due for renewal; no action taken.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | -------------------------------------------------------------------------------
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Cert not due for renewal, but simulating renewal for dry run
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Renewing an existing certificate
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Performing the following challenges:
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | http-01 challenge for pdf.bushbaby.nl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Waiting for verification...
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Cleaning up challenges
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Domain pdf.bushbaby.nl successfully validated
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Use certbot-auto certonly --no-self-upgrade --standalone --non-interactive --expand --keep-until-expiring --email xxx@xxx --agree-tos --preferred-challenges http-01 --rsa-key-size 4096 --redirect --hsts --staple-ocsp --cert-name pdf.bushbaby.nl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Cert not yet due for renewal
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Keeping the existing certificate
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | -------------------------------------------------------------------------------
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Certificate not yet due for renewal; no action taken.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | -------------------------------------------------------------------------------
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Hello! renewAndSendToProxy runs. Today is Tue Jul 11 13:40:37 UTC 2017
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Upgrading certbot-auto 0.15.0 to 0.16.0...
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Replacing certbot-auto...
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Creating virtual environment...
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Installing Python packages...
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Had a problem while installing Python packages.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | pip prints the following errors:
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | =====================================================
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Collecting argparse==1.4.0 (from -r /tmp/tmp.BOvOZWY7pu/letsencrypt-auto-requirements.txt (line 11))
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Downloading argparse-1.4.0-py2.py3-none-any.whl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Collecting pycparser==2.14 (from -r /tmp/tmp.BOvOZWY7pu/letsencrypt-auto-requirements.txt (line 17))
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Downloading pycparser-2.14.tar.gz (223kB)
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Collecting asn1crypto==0.22.0 (from -r /tmp/tmp.BOvOZWY7pu/letsencrypt-auto-requirements.txt (line 21))
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Downloading asn1crypto-0.22.0-py2.py3-none-any.whl (97kB)
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Collecting cffi==1.10.0 (from -r /tmp/tmp.BOvOZWY7pu/letsencrypt-auto-requirements.txt (line 24))
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Downloading cffi-1.10.0.tar.gz (418kB)
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Complete output from command python setup.py egg_info:
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | unable to execute 'x86_64-linux-gnu-gcc': No such file or directory
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | unable to execute 'x86_64-linux-gnu-gcc': No such file or directory
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | No working compiler found, or bogus compiler options
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | passed to the compiler from Python's distutils module.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | See the error messages above.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | (If they are about -mno-fused-madd and you are on OS/X 10.8,
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | see http://stackoverflow.com/questions/22313407/ .)
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | ----------------------------------------
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-5qlijg/cffi
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | You are using pip version 8.0.3, however version 9.0.1 is available.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | You should consider upgrading via the 'pip install --upgrade pip' command.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | =====================================================
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Certbot has problem setting up the virtual environment.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | We were not be able to guess the right solution from your pip
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | output.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | for possible solutions.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | You may also find some support resources at https://certbot.eff.org/support/ .
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Docker Flow: Proxy DNS-Name: proxy
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | current folder name is: docker-registry.bushbaby.nl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | concat certificates for docker-registry.bushbaby.nl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | generated docker-registry.bushbaby.nl.combined.pem
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | transmit docker-registry.bushbaby.nl.combined.pem to proxy
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | HTTP/1.1 100 Continue
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | HTTP/1.1 200 OK
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Date: Tue, 11 Jul 2017 13:41:08 GMT
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Content-Length: 0
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Content-Type: text/plain; charset=utf-8
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | proxy received docker-registry.bushbaby.nl.combined.pem
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | current folder name is: hello-world.bushbaby.nl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | concat certificates for hello-world.bushbaby.nl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | generated hello-world.bushbaby.nl.combined.pem
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | transmit hello-world.bushbaby.nl.combined.pem to proxy
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | HTTP/1.1 100 Continue
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | HTTP/1.1 200 OK
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Date: Tue, 11 Jul 2017 13:41:18 GMT
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Content-Length: 0
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Content-Type: text/plain; charset=utf-8
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | proxy received hello-world.bushbaby.nl.combined.pem
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | current folder name is: pdf.bushbaby.nl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | concat certificates for pdf.bushbaby.nl
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | generated pdf.bushbaby.nl.combined.pem
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | transmit pdf.bushbaby.nl.combined.pem to proxy
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | HTTP/1.1 100 Continue
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | HTTP/1.1 200 OK
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Date: Tue, 11 Jul 2017 13:41:29 GMT
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Content-Length: 0
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Content-Type: text/plain; charset=utf-8
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | proxy received pdf.bushbaby.nl.combined.pem
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | /etc/letsencrypt will be backed up as backup-date-time.tar.gz. It's important to know that some files are symbolic links (inside this backup) and they need to be untared correctly.
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Backup created, if you like download the /etc/letsencrypt/backup folder and store it on a safe place!
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Thanks for using Docker Flow: Let's Encrypt and have a nice day!
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 |
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | Starting supervisord (which starts and monitors cron)
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | 2017-07-11 13:41:29,485 CRIT Supervisor running as root (no user in config file)
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | 2017-07-11 13:41:29,491 INFO supervisord started with pid 273
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | 2017-07-11 13:41:30,501 INFO spawned: 'cron' with pid 276
proxy_letsencrypt-companion.1.ifdi3kxs5m1r@node-1 | 2017-07-11 13:41:31,504 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
hamburml commented
Thanks for your report!
I think I know what the problem is. Certbot does update itself from 0.15.0 to 0.16.0. This is default certbot behavior but I thought I disabled that. I want to link DFLE releases with certbot releases. Looks like somewhere I forgot to set the don't autoupdate flag and version 0.16 does something a little different than 0.15. Will check it in some days.
hamburml commented
Done in 97908eb - Test via testing-tag https://hub.docker.com/r/hamburml/docker-flow-letsencrypt/tags/
hamburml commented
Certbot should stop auto updating itself :) Plase use 'latest' or https://github.com/hamburml/docker-flow-letsencrypt/releases/tag/v0.1.3