ldez/traefik-certs-dumper

acme.json unexpected EOF

jalbstmeijer opened this issue · 4 comments

jalbstmeijer commented

Hi,

I sometimes get;

file.go:118: error: v2: dump failed: failed to unmarshal file "/traefik/acme.json": unexpected EOF

when having traefik-certs-dumper 2.8.1 running as;

traefik-certs-dumper file --version v2 --watch --source /traefik/acme.json --dest /data/certs --post-hook "sh /hook/hook.sh

could it be caused by multiple certificates being requested at the same time?

ldez commented

could it be caused by multiple certificates being requested at the same time?

The number of requested certificates doesn't influence this.

I think it's maybe because the dump happens when Traefik is writing the file.

jalbstmeijer commented

Most important, will it retry? or will it just miss that certificate update?

ldez commented

it will not retry.

dwydler commented

I had today the same error in my log file.

 2023/04/15 19:17:22 file.go:118: error: v2: dump failed: failed to unmarshal file "/data/acme_letsencrypt.json": unexpected EOF
traefik-certs-dumper  | dump
traefik-certs-dumper  | ├──certs
traefik-certs-dumper  | │  ├──privatebin.domain.de.crt
traefik-certs-dumper  | │  ├──traefik.domain.de.crt
traefik-certs-dumper  | └──private
traefik-certs-dumper  |    ├──letsencrypt.key
traefik-certs-dumper  |    ├──privatebin.domain.de.key
traefik-certs-dumper  |    ├──traefik.domain.de.key

After restart the container (docker compose restart traefik-certs-dumper), the dump was successfully.

traefik-certs-dumper  | dump
traefik-certs-dumper  | ├──certs
traefik-certs-dumper  |     ├──authelia..domain.de.crt
traefik-certs-dumper  | │  ├──privatebin.domain.de.crt
traefik-certs-dumper  | │  ├──traefik.domain.de.crt
traefik-certs-dumper  | └──private
traefik-certs-dumper  |    ├──authelia..domain.de.key
traefik-certs-dumper  |    ├──privatebin.domain.de.key
traefik-certs-dumper  |    ├──traefik.domain.de.key

The hoster of the domain is Hetzner Online GmbH.
In my environment dns challenge is used. As polling interval in the docker-compose.yml from traefik is 5 seconds defined.

After some tests it seems that traefik-certs-dumper sees the change in acme.json too quickly. The private key for the certificate was written to the acme.json, but the public certificate is not written yet.

Is it possible to configure a delay of x seconds when using the parameter --watch?