Ok, sometime in the past few weeks something has changed that caused the command for setting up Lets Encrypt from Bench to fail. I only noticed this when I setup a fresh server and tried to get the certificate to work today. I used the following command:
sudo -H bench setup lets-encrypt erp.myerpsite.com
- erp.myerpsite.com is a tenant site on a multitenant ERPNext server.
- the server was setup with 3 tenant site over and above the site1.local site
- I started with the extra sites to create the Lets Encrypt certificates but the same error is generated even on the added domain on site1.local
- This worked only a few weeks ago and it appears I am not the only one to report it. See this link: Lets encrypt gives error
Here is the full trace of my attempt to use the bench command to setup a Lets Encrypt Certificate…
(erp.myerpsite.com is obviously a made up name to protect my real site URL)
sys_bkm@ubuntu16:~/frappe-bench$ sudo -H bench setup lets-encrypt
erp.myerpsite.com
Running this will stop the nginx service temporarily causing your sites to go offline
Do you want to continue? [y/N]: y
INFO:bench.utils:sudo systemctl stop nginx
INFO:bench.utils:/opt/certbot-auto -n --config /etc/letsencrypt/configs/erp.myerpsite.com.cfg certonly
Bootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap)
Hit:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]
Hit:4 https://deb.nodesource.com/node_8.x xenial InRelease
Hit:5 http://ams2.mirrors.digitalocean.com/mariadb/repo/10.2/ubuntu xenial InRelease
Get:6 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB]
Fetched 323 kB in 1s (187 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
gcc is already the newest version (4:5.3.1-1ubuntu1).
gcc set to manually installed.
libffi-dev is already the newest version (3.2.1-4).
ca-certificates is already the newest version (20170717~16.04.1).
libssl-dev is already the newest version (1.0.2g-1ubuntu4.12).
openssl is already the newest version (1.0.2g-1ubuntu4.12).
python is already the newest version (2.7.12-1~16.04).
python set to manually installed.
python-dev is already the newest version (2.7.12-1~16.04).
The following packages were automatically installed and are no longer required:
linux-headers-4.4.0-97 linux-headers-4.4.0-97-generic
linux-image-4.4.0-97-generic linux-image-extra-4.4.0-97-generic
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
python-pip-whl python3-virtualenv
Suggested packages:
augeas-doc augeas-tools
The following NEW packages will be installed:
augeas-lenses libaugeas0 python-pip-whl python-virtualenv python3-virtualenv
virtualenv
0 upgraded, 6 newly installed, 0 to remove and 72 not upgraded.
Need to get 1,622 kB of archives.
After this operation, 3,529 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 augeas-lenses all 1.4.0-0ubuntu1.1 [263 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libaugeas0 amd64 1.4.0-0ubuntu1.1 [154 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 python-pip-whl all 8.1.1-2ubuntu0.4 [1,110 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 python-virtualenv all 15.0.1+ds-3ubuntu1 [46.6 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 python3-virtualenv all 15.0.1+ds-3ubuntu1 [43.2 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 virtualenv all 15.0.1+ds-3ubuntu1 [4,342 B]
Fetched 1,622 kB in 0s (5,535 kB/s)
Selecting previously unselected package augeas-lenses.
(Reading database ... 146056 files and directories currently installed.)
Preparing to unpack .../augeas-lenses_1.4.0-0ubuntu1.1_all.deb ...
Unpacking augeas-lenses (1.4.0-0ubuntu1.1) ...
Selecting previously unselected package libaugeas0.
Preparing to unpack .../libaugeas0_1.4.0-0ubuntu1.1_amd64.deb ...
Unpacking libaugeas0 (1.4.0-0ubuntu1.1) ...
Selecting previously unselected package python-pip-whl.
Preparing to unpack .../python-pip-whl_8.1.1-2ubuntu0.4_all.deb ...
Unpacking python-pip-whl (8.1.1-2ubuntu0.4) ...
Selecting previously unselected package python-virtualenv.
Preparing to unpack .../python-virtualenv_15.0.1+ds-3ubuntu1_all.deb ...
Unpacking python-virtualenv (15.0.1+ds-3ubuntu1) ...
Selecting previously unselected package python3-virtualenv.
Preparing to unpack .../python3-virtualenv_15.0.1+ds-3ubuntu1_all.deb ...
Unpacking python3-virtualenv (15.0.1+ds-3ubuntu1) ...
Selecting previously unselected package virtualenv.
Preparing to unpack .../virtualenv_15.0.1+ds-3ubuntu1_all.deb ...
Unpacking virtualenv (15.0.1+ds-3ubuntu1) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up augeas-lenses (1.4.0-0ubuntu1.1) ...
Setting up libaugeas0 (1.4.0-0ubuntu1.1) ...
Setting up python-pip-whl (8.1.1-2ubuntu0.4) ...
Setting up python-virtualenv (15.0.1+ds-3ubuntu1) ...
Setting up python3-virtualenv (15.0.1+ds-3ubuntu1) ...
Setting up virtualenv (15.0.1+ds-3ubuntu1) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.
INFO:bench.utils:sudo systemctl start nginx
There was a problem trying to setup SSL for your site
sys_bkm@ubuntu16:~/frappe-bench$
.
.
One of the last things to show up in the trace was a line indicating the location of a log file that kept track of everything that happened during the process. So, I have included that log here. It is /var/log/letsencrypt/letsencrypt.log
sys_bkm@ubuntu16:~/frappe-bench$ sudo cat /var/log/letsencrypt/letsencrypt.log
2018-04-26 12:44:10,163:DEBUG:certbot.main:certbot version: 0.23.0
2018-04-26 12:44:10,164:DEBUG:certbot.main:Arguments: ['-n', '--config', '/etc/letsencrypt/configs/erp.myerpsite.com.cfg']
2018-04-26 12:44:10,164:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-04-26 12:44:10,180:DEBUG:certbot.log:Root logging level set at 20
2018-04-26 12:44:10,181:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-04-26 12:44:10,182:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2018-04-26 12:44:10,233:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7fbdfed27410>
Prep: True
2018-04-26 12:44:10,233:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7fbdfed27410> and installer None
2018-04-26 12:44:10,233:INFO:certbot.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2018-04-26 12:44:10,234:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 1266, in main
return config.func(config, plugins)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 1141, in certonly
le_client = _init_le_client(config, auth, installer)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 635, in _init_le_client
acc, acme = _determine_account(config)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 496, in _determine_account
config.email = display_ops.get_email()
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/display/ops.py", line 54, in get_email
raise errors.MissingCommandlineFlag(msg)
MissingCommandlineFlag: You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.
sys_bkm@ubuntu16:~/frappe-bench$
.
.
Hopefully someone much smarter than me can see where the problem is using these traces and log dump.
Unfortunately, I am only a pretty good implementer of ERPNext systems and not really a developer with knowledge of how these things work.
But it seems that something has changed that caused the bench command or script to break and it happened sometime between approx April 2nd and April17th. Whatever changed had to have happened in that time frame because on the 2nd I had a successful setup of a fresh ERPNext server and a Lets Encrypt certificate. On the 17th @vishdha ran into this same problem and reported it on here on the forum but he got no response.
Hopefully my complete description will be enough to find someone that can help here.
Thank you in advance for looking.
BKM
