Error Provisioning certificates v0.29


#1

ERROR message when Provision fails

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.

Updated and Upgraded server
Reran $ sudo mailinabox several times and reboot. Does not all me to “Accept” ToS which is fix others have had.

I ran ./ssl_certificates.py

From log

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.

I’m not that interested in destroying my setup… anyone know if the above will work?
Looks like it’s deleting all the certs, and then re provisioning them from scratch?


#2

It works fine in v 0.28 … you are the first to note that there is a similar issue in v0.29. I would expect that it would work. I believe it is safe to say that you will not destroy your setup attempting this.
Yes, it is deleting all the certs, but more importantly it is deleting the entire LE account data, and then provisioning them from scratch.
To be extra careful, and to be able to go back to where you started from I would suggest making a backup of the /home/user-data/ssl/ directory before deleting the contents of said directory. The instructions in the part you have quoted were not ideal as the situation was a bit different … in your case I would:
backup the contents of /home/user-data/ssl/
delete the contents of the /home/user-data/ssl/ directory (THE CONTENTS ONLY - do not remove the directory)
then rerun the command sudo mailinabox
That should be all that you need to do. This should automatically rerun the SSL certs script as part of the process.


#3

These instruction worked for me. I just backed up the ssl directory just in case.

All good now. I think it’s a issue with never needing to install certs during v0.28. But if haven’t dealt with this issue in v0.28 or v0.29 you will eventually unless they fix it in the installer prior to certs expiring.


#4

Just in case someone else has a similar problem:

I had this problem with 0.29. The fix mentioned above wasn’t perfect, but it got me close enough to figure it out.

I’ve been running mailinabox for a while – through several upgrades. A few days ago, I started getting warnings about certificates expiring. Re-running “mailinabox” DID NOT prompt me to agree to the Let’s Encrypt provisions.

Here’s what I did (as root)

cd /home/user-data/
tar cpf old-ssl.tar ssl
rm -rf ssl
mkdir ssl
mailinabox

This backed up, erased, and regenerated my SSL certificates, but, at this point, they were still self-signed. When I tried to reach the admin page using the machine name, Chrome wouldn’t let me connect because the certs were suddenly self-signed and HSTS was in use. Fortunately, I was able to reach the page by IP address (https://12.34.56.78/admin – not my real IP).

I logged in to the website, chose System, then “TLS (SSL) Certificates”, and then clicked the big button at the top of the page (“Provision”, I think). That worked, and I had good certificates again.


#5

I can confirm that this method worked for me.