After Migration, letsencrypt fails, two accounts

Discussion in 'Plugins/Modules/Addons' started by rbartz, Jun 10, 2019.

  1. rbartz

    rbartz Member HowtoForge Supporter

    Hello!

    I migrated a number of sites from one ispconfig3 to a new server using the migration tool. Went well. However, on problem I have after migration, I cannot add new letsencrypt SSL certificates to websites. There are several threads saying there are two accounts in the /etc/letsencrypt/accounts directory and to delete one. That is true, one dated originally when letsencrypt was created on the OLD server.

    If I delete the old account, I get failures because files and directories are missing from the new account directory. If I restore the old account and remove the new account, it recreates the new directory and fails on "Please choose and account" again.

    Help!

    HANK you all so much.

    Richard

    First is the log when both are present. Below is the log if I mv the older server directory from /etc/letsencrypt/accounts/. Then the error is that there are
    BOTH accounts present
    Traceback (most recent call last):
    File "/opt/eff.org/certbot/venv/bin/certbot", line 11, in <module>
    sys.exit(main())
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1364, in main
    return config.func(config, plugins)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1233, in certonly
    le_client = _init_le_client(config, auth, installer)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 604, in _init_le_client
    acc, acme = _determine_account(config)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 512, in _determine_account
    acc = display_ops.choose_account(accounts)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/display/ops.py", line 85, in choose_account
    "Please choose an account", labels, force_interactive=True)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/display/util.py", line 507, in menu
    self._interaction_fail(message, cli_flag, "Choices: " + repr(choices))
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/display/util.py", line 469, in _interaction_fail
    raise errors.MissingCommandlineFlag(msg)
    MissingCommandlineFlag: Missing command line flag or config entry for this setting:
    Please choose an account
    Choices: ['216-55-167-109.phx.dedicated.codero.com`@2017-07-29T15:35:03Z (bec0)', '[email protected]:54:04Z (5edf)']
    OLD account removed
    Traceback (most recent call last):
    File "/opt/eff.org/certbot/venv/bin/certbot", line 11, in <module>
    sys.exit(main())
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1364, in main
    return config.func(config, plugins)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1233, in certonly
    le_client = _init_le_client(config, auth, installer)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 604, in _init_le_client
    acc, acme = _determine_account(config)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 520, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 183, in register
    account_storage.save(acc, acme)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/account.py", line 248, in save
    self._save(account, acme, regr_only=False)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/account.py", line 327, in _save
    self.config.strict_permissions)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/util.py", line 183, in make_or_verify_dir
    os.makedirs(directory, mode)
    File "/opt/eff.org/certbot/venv/lib64/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
    OSError: [Errno 2] No such file or directory: '/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/0cb74e541192dec7c0b3757bc87bdb05'
    OLD account restored, NEW account removed
    Traceback (most recent call last):
    File "/opt/eff.org/certbot/venv/bin/certbot", line 11, in <module>
    sys.exit(main())
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1364, in main
    return config.func(config, plugins)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 1233, in certonly
    le_client = _init_le_client(config, auth, installer)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 604, in _init_le_client
    acc, acme = _determine_account(config)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 512, in _determine_account
    acc = display_ops.choose_account(accounts)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/display/ops.py", line 85, in choose_account
    "Please choose an account", labels, force_interactive=True)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/display/util.py", line 507, in menu
    self._interaction_fail(message, cli_flag, "Choices: " + repr(choices))
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/display/util.py", line 469, in _interaction_fail
    raise errors.MissingCommandlineFlag(msg)
    MissingCommandlineFlag: Missing command line flag or config entry for this setting:
    Please choose an account
    Choices: ['216-55-167-109.phx.dedicated.codero.com`@2017-07-29T15:35:03Z (bec0)', '[email protected]:54:04Z (5edf)']
     
  2. rbartz

    rbartz Member HowtoForge Supporter

    I think I may have solved the problem by deleting BOTH accounts and then adding a new site. The certificate was created and works. I am not sure now about what will happen with renewals.

    Watching.

    Richard
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    The renewal config files might contain the old accounts, maybe you should consider to back them up and then replace the old accounts in the renewal files with your new account. The duplicate account problem is known, but I'm not sure what's the best way to solve it. Maybe an automatic replacement of the old account ID in the renewal files. or we have to built an account selector in ISPConfig.
     

Share This Page