-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Corrupted certificate data hobbles certboto-docker
#50
Comments
Note that this situation occurred again today, except now there were 2 corrupted certificates (out of the 5 that were renewed since I deleted the corrupted certificate yesterday). I repeated the cleanup process described above and certificate creation/renewal was able to continue. I confirmed that I have the same versions of $ docker compose run certboto --version
0.1.0
certbot 1.22.0 We are running slightly different versions of Docker engine and compose and although I don't think that is the problem here, @mkreckel is going to update so that we can try to rule that out. |
This issue has struck again and now there are 17 certificates that appear to be corrupt. I'm working with our Ops folks to delete and recreate these certs, but I have yet to find any rhyme or reason why this corruption occurs. For the record:
|
🐛 Summary
An unknown issue can somehow occur where the data for a particular certificate in the S3 bucket gets corrupted. When that happens, normal
certboto-docker
commands will fail due to the warning emitted byrebuild-symlinks.py
.To reproduce
Note that the same warning will occur with any
certbot
command (even if the--shell
flag is provided), since the error occurs in the step before actually executingcertbot
commands.Expected behavior
It would be nice to do two things here:
Notes
When I manually sorted this issue out earlier today, I took the following steps to correct it:
$ docker compose run --entrypoint /bin/sh certboto
# AWS_PROFILE=mycertificatesbucketfullaccess aws s3 sync "s3://my-certificates-bucket" /etc/letsencrypt
# AWS_PROFILE=mycertificatesbucketfullaccess aws s3 sync --delete /etc/letsencrypt "s3://my-certificates-bucket"
After that,
certboto-docker
commands worked normally and a fresh certificate was able to be generated.The text was updated successfully, but these errors were encountered: