Letsencrypt 2 accounts issue

Discussion in 'Installation/Configuration' started by George Girgolas, Nov 12, 2019.

Tags:
  1. George Girgolas

    George Girgolas New Member

    Hello,
    when checking the Letsencrypt checkbox, I get an error and no certificate is issued.
    First, I receive an email

    01.11.2019-21:05 - WARNING - /bin/letsencrypt certificates --domains xxxxxxx.xx --domains www.xxxxxxxxxx.xx

    In /etc/letsencrypt/accounts I ended up with 2 accounts(I do not know how!!!). So in letsencrypt log I have

    Code:
     File "/usr/lib/python2.7/site-packages/certbot/display/ops.py", line 85, in choose_account
    "Please choose an account", labels, force_interactive=True)
  File "/usr/lib/python2.7/site-packages/certbot/display/util.py", line 503, in menu
    self._interaction_fail(message, cli_flag, "Choices: " + repr(choices))
  File "/usr/lib/python2.7/site-packages/certbot/display/util.py", line 466, in _interaction_fail
    raise errors.MissingCommandlineFlag(msg)
MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Please choose an account
    Even though I temporary move the folder of one account,still the certificate cannot be issued...

    Any ideas?
     
    George Girgolas, Nov 12, 2019
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    There should be just one account, you have to remove the second account. Take care to remove it from v1 and v2 folder.
     
    till, Nov 12, 2019
    #2
  3. George Girgolas

    George Girgolas New Member

    Hmm..you mean, informations fot the first account, exist ALSO in the v2 folder?
    This is why even though I remove one folder, the certificate is not issuing?
     
    George Girgolas, Nov 12, 2019
    #3
  4. peps

    peps New Member

    Any info about this issue? Why do we have 2 accounts in letsencrypt folder? which is the one in use?

    I have the following:
    drwx------ 3 root root 4096 Feb 12 2019 acme-staging-v02.api.letsencrypt.org/
    drwx------ 3 root root 4096 Oct 9 2018 acme-v01.api.letsencrypt.org/
    drwx------ 3 root root 4096 Oct 8 2018 acme-v02.api.letsencrypt.org/

    what should I do?
     
    peps, Dec 2, 2019
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Are you sure that you have two accounts? The above shows just the two acme versions and not two accounts, which is ok. Please post the actual error message that yougot in letsencrypt.log.
     
    till, Dec 2, 2019
    #5
  6. peps

    peps New Member

    Here the logs:
    Code:
    2019-12-02 12:20:05,211:DEBUG:certbot.main:certbot version: 0.31.0
2019-12-02 12:20:05,212:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', 'postmaster@##########$
2019-12-02 12:20:05,213:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-12-02 12:20:05,225:DEBUG:certbot.log:Root logging level set at 20
2019-12-02 12:20:05,225:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-12-02 12:20:05,234:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2019-12-02 12:20:05,252:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fdf2a89eef0>
Prep: True
2019-12-02 12:20:05,253:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fdf2a89eef0> and installer None
2019-12-02 12:20:05,253:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2019-12-02 12:20:05,417:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/letsencrypt", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1234, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 605, in _init_le_client
    acc, acme = _determine_account(config)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 513, in _determine_account
    acc = display_ops.choose_account(accounts)
  File "/usr/lib/python3/dist-packages/certbot/display/ops.py", line 86, in choose_account
    "Please choose an account", labels, force_interactive=True)
  File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 507, in menu
    self._interaction_fail(message, cli_flag, "Choices: " + repr(choices))
  File "/usr/lib/python3/dist-packages/certbot/display/util.py", line 469, in _interaction_fail
    raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Please choose an account
Choices: ['vps#####.ovh.net@2018-10-09T13:04:08Z (58a3)', 'vps#####.ovh.net@2018-10-08T20:43:10Z (573d)']
2019-12-02 12:20:06,423:DEBUG:certbot.main:certbot version: 0.31.0
2019-12-02 12:20:06,425:DEBUG:certbot.main:Arguments: ['--domains', 'radio-internet.it', '--domains', 'www.#########.com']
2019-12-02 12:20:06,425:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-12-02 12:20:06,436:DEBUG:certbot.log:Root logging level set at 20
2019-12-02 12:20:06,437:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-12-02 12:44:03,364:DEBUG:certbot.main:certbot version: 0.31.0
2019-12-02 12:44:03,365:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', 'postmaster@########$
2019-12-02 12:44:03,366:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-12-02 12:44:03,376:DEBUG:certbot.log:Root logging level set at 20
2019-12-02 12:44:03,377:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-12-02 12:44:03,378:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2019-12-02 12:44:03,396:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot

    I moved one of the folder you can see in my previous post (acme-v02.api.letsencrypt.org), and I was able to request the certificate.
    But now the content of the folder contains again 3 folders, it seems the folder acme-v02.api.letsencrypt.org has been re-created so I guess I should delete the "acme-v01.api.letsencrypt.org".

    drwx------ 5 root root 4096 Dec 2 12:44 ./
    drwxr-xr-x 9 root root 4096 Dec 2 12:44 ../
    drwx------ 3 root root 4096 Feb 12 2019 acme-staging-v02.api.letsencrypt.org/
    drwx------ 3 root root 4096 Oct 9 2018 acme-v01.api.letsencrypt.org/
    drwx------ 2 root root 4096 Dec 2 12:44 acme-v02.api.letsencrypt.org/
     
    peps, Dec 2, 2019
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    No, these are not two accounts, these are two versions of the same account. You have to take a look into these folders to check if any of them contains two accounts.
     
    till, Dec 2, 2019
    #7
    pvanthony likes this.
  8. peps

    peps New Member

    yes there was 2 direcrory inside "acme-v02.api.letsencrypt.org"
    Code:
    total 12
drwx------ 3 root   root   4096 Oct  8  2018 ./
drwxr-xr-x 4 ubuntu ubuntu 4096 Dec  2 12:42 ../
drwx------ 3 root   root   4096 Apr  8  2019 directory/
root@panel:/home/ubuntu/acme-v02.api.letsencrypt.org# cd directory/
root@panel:/home/ubuntu/acme-v02.api.letsencrypt.org/directory# ll
total 16
drwx------ 3 root root 4096 Apr  8  2019 ./
drwx------ 3 root root 4096 Oct  8  2018 ../
drwx------ 2 root root 4096 Oct  8  2018 573d04f1b5d591fb2b85492e03fa6944/
lrwxrwxrwx 1 root root   97 Apr  8  2019 58a33f42f279495a1406dd3c34d779a6 -
     
    peps, Dec 2, 2019
    #8
  9. pvanthony

    pvanthony Active Member HowtoForge Supporter

    Very helpful post. Especially after updating certbot.
     
    pvanthony, Feb 3, 2020
    #9
  10. zyzzza

    zyzzza Member HowtoForge Supporter

    HI,
    Having same issue, with more than 100 domains - however , if i remove any of those - some domains cannot be renewed :(

    Is there a way of making it use ONLY new v2 account ?
     
    zyzzza, Feb 25, 2020
    #10
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    No, you have to delete one account.
     
    till, Feb 25, 2020
    #11
  12. CorSch

    CorSch New Member

    Unfortunately this issue will happen again after updating 'certbot'

    The 2nd account in /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/ is just a symlink to the old ACME-V1 account (/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/<ID>)
     
    CorSch, Sep 2, 2020
    #12
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    You mix things up here. This thread is about having a two accounts, but what you refer to is not a second account, its the v2 version of the same account. Having a v1 and v2 version of the same account is required and not a second account. If you would have a second account, then you would have tow v1 and two v2 links / directories.
     
    till, Sep 2, 2020
    #13

Share This Page