Letsencrypt will not install

I have a fresh installation of MiaB on a clean VPS with Ubuntu 18.04 and LetsEncrypt will not install (2 other installs on cloud servers went well, so I’m wondering if the issue is with this server).
I’m also new to setting up and running mail servers so please talk to me like you would to a child :slight_smile:
1: I did register my email address at LetsEncrypt.
2: I have provisioned the certificate from my Admin page.
3: Still getting this response:

You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.

4: Clicking the “Install Certificate” button beside my box name sends me to the bottom of the page where the certificate should be entered.
5: I look in /home/user-data/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/directory/ , but it’s empty.
6: I look in /home/user-data/ssl/lets_encrypt/webroot , and it’s empty too.
7: The LetsEncrypt log file contains:

466:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None

- that’s why I wonder if this server set-up might be missing a file, but I could be completely wrong of course.

Any help here would be much appreciated!

Here’s the whole log file:

2021-10-30 03:52:34,441:DEBUG:certbot.main:certbot version: 0.31.0
2021-10-30 03:52:34,442:DEBUG:certbot.main:Arguments: ['--non-interactive', '-d', 'acdit.email,autoconfig.acdit.email,autodiscover.acdit.email,mta-sts.acdit.email,www.acdit.email', '--csr', '/tmp/tmp_vvnntxk', '--cert-path', '/tmp/tmp118s0ste/cert', '--chain-path', '/tmp/tmp118s0ste/chain', '--fullchain-path', '/tmp/tmp118s0ste/cert_and_chain.pem', '--webroot', '--webroot-path', '/home/user-data/ssl/lets_encrypt/webroot', '--config-dir', '/home/user-data/ssl/lets_encrypt']
2021-10-30 03:52:34,443:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-10-30 03:52:34,463:DEBUG:certbot.log:Root logging level set at 20
2021-10-30 03:52:34,464:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-10-30 03:52:34,466:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2021-10-30 03:52:34,466:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fc748915eb8>
Prep: True
2021-10-30 03:52:34,467:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fc748915eb8> and installer None
2021-10-30 03:52:34,467:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-10-30 03:52:34,469:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/display/ops.py", line 53, in get_email
    force_interactive=True)
  File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 524, in input
    self._interaction_fail(message, cli_flag)
  File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 469, in _interaction_fail
    raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Enter email address (used for urgent renewal and security notices)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1234, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 605, in _init_le_client
    acc, acme = _determine_account(config)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 518, in _determine_account
    config.email = display_ops.get_email()
  File "/usr/lib/python3/dist-packages/certbot/display/ops.py", line 57, in get_email
    raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.

Are there any errors showing on the ‘Status Checks’ page in the dashboard?

I have to admit it’s been too long since I provisioned a cert in MiaB, but there should be an option at the top of the ‘TLS (SSL) Certificates’ page in the dashboard, I think it’s simply “provision” or something similar? The options below that are for installing certs other than Let’s Encrypt certs.

Hi @acdit

I am not going to try to figure out what exactly went tilt, but rather simply skip to the solution …

(Yes, something went tilt in the installation – I always watch closely and confirm that one of the last things is the confirmation that LE has been installed correctly.)

So to solve this simply run the following line:

sudo certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt

However, you must replace $STORAGE_ROOT with the actual path to your storage which will be /home/user-data unless you are using a unique storage directory — based on your posts I think that I can safely assume that you are not.

Let me know that this works … or not. :slight_smile:

Thanks guys. @alento - I did as you said and then on next attempt the Provision button resulted in:
The TLS certificate was provisioned and installed.

  • but the Admin TLS/SSL check still reports the self-signed certificate.
    No change after reboot and testing in a different browser on a different PC.
    Still frustrated, still puzzled, still smiling :slight_smile:

… and then, after two more Provision operations and “Sorry, something went wrong” messages, it worked :slight_smile:
The cert. is indeed installed and operational. Phew!
Thank you both very much for your help :+1:

So your issue is that the mail domains get provisioned, but the hostname istself stays at the self signed?

Is it also that the hostname is not in the list below the “Provision” button?

E.g. mail3.mydomain.tld = host = Self signed, maildomain1.tld = OK, mydomain.tld = OK.

br
Walter

@ schoberw Hi - provisioning was failing completely until I registered certbot as advised by alento above.

The issue is now fully resolved.
Thanks,
Craig