Error Provisioning certificates v0.29

ERROR message when Provision fails

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.

Updated and Upgraded server
Reran $ sudo mailinabox several times and reboot. Does not all me to “Accept” ToS which is fix others have had.

I ran ./ssl_certificates.py

From log

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.

I’m not that interested in destroying my setup… anyone know if the above will work?
Looks like it’s deleting all the certs, and then re provisioning them from scratch?

It works fine in v 0.28 … you are the first to note that there is a similar issue in v0.29. I would expect that it would work. I believe it is safe to say that you will not destroy your setup attempting this.
Yes, it is deleting all the certs, but more importantly it is deleting the entire LE account data, and then provisioning them from scratch.
To be extra careful, and to be able to go back to where you started from I would suggest making a backup of the /home/user-data/ssl/ directory before deleting the contents of said directory. The instructions in the part you have quoted were not ideal as the situation was a bit different … in your case I would:
backup the contents of /home/user-data/ssl/
delete the contents of the /home/user-data/ssl/ directory (THE CONTENTS ONLY - do not remove the directory)
then rerun the command sudo mailinabox
That should be all that you need to do. This should automatically rerun the SSL certs script as part of the process.

These instruction worked for me. I just backed up the ssl directory just in case.

All good now. I think it’s a issue with never needing to install certs during v0.28. But if haven’t dealt with this issue in v0.28 or v0.29 you will eventually unless they fix it in the installer prior to certs expiring.

Just in case someone else has a similar problem:

I had this problem with 0.29. The fix mentioned above wasn’t perfect, but it got me close enough to figure it out.

I’ve been running mailinabox for a while – through several upgrades. A few days ago, I started getting warnings about certificates expiring. Re-running “mailinabox” DID NOT prompt me to agree to the Let’s Encrypt provisions.

Here’s what I did (as root)

cd /home/user-data/
tar cpf old-ssl.tar ssl
rm -rf ssl
mkdir ssl
mailinabox

This backed up, erased, and regenerated my SSL certificates, but, at this point, they were still self-signed. When I tried to reach the admin page using the machine name, Chrome wouldn’t let me connect because the certs were suddenly self-signed and HSTS was in use. Fortunately, I was able to reach the page by IP address (https://12.34.56.78/admin – not my real IP).

I logged in to the website, chose System, then “TLS (SSL) Certificates”, and then clicked the big button at the top of the page (“Provision”, I think). That worked, and I had good certificates again.

1 Like

I can confirm that this method worked for me.

Thanks, i also had the same issue today and your instructions fixed me right up. Thanks for your post and the details.

Hi,

As an update to previous issues:- Error Provisioning certificates v0.29

I have installed v0.52 into a freshly spun Digital Ocean Ubuntu 18.04 (LTS).

I could not obtain Let’s Encrypt SSL Certificates. When pressing the ‘Provision’ button throws the following error message.
“Plugins selected: Authenticator webroot, Installer None
You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.”

I took a copy (scp) of /home/user-data/ssl/ directory as a backup and then deleted the contents of ssl directory.
Then rerun the command sudo mailinabox
Next changed directory into mailinabox/management and then exec ./ssl_certificates.py

Congratulations! Your certificate and chain have been saved at:…

Next, granted ‘Security Exception’ in Firefox and logged in to control panel https://xx.xx.xx.xx/admin
checked, TLS (SSL) Certificates.
All Certificates received for my domain but still required certificates for the box (box.domain.com)
Clicked on ‘Provision’ button worked. Correctly displaying /var/log/letsencrypt/letsencrypt.log

Congratulations! Your certificate and chain have been saved at:…

Problem solved but… prior to renwal, anticipate additional work as per brokengoose post Nov 2018.

Let me break down what your initial issue was…

When you did the new v 0.52 MiaB and restored, the ‘account’ for Let’s Encrypt was not there. I haven’t delved into why but that is just what it is.

To solve the issue run the following on the command line:

certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt

Replace $STORAGE_ROOT with /home/user-data unless you have assigned a different storage root in which case you will use the path for it.