Wrong version letsencrypt

Discussion in 'Installation/Configuration' started by Steffan, Feb 19, 2020.

Page 1 of 2
  1. Steffan

    Steffan Member

    When looking at
    Code:
    /server/lib/classes/letsencrypt.inc.php
    i see:
    Code:
    $letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt /opt/eff.org/certbot/venv/bin/certbot'));
 ....
$letsencrypt_version = exec($letsencrypt . ' --version  2>&1', $ret, $val);
                    if(preg_match('/^(\S+|\w+)\s+(\d+(\.\d+)+)$/', $letsencrypt_version, $matches)) {
                        $letsencrypt_version = $matches[2];
                    }
                    if (version_compare($letsencrypt_version, '0.22', '>=')) {
                        $acme_version = 'https://acme-v02.api.letsencrypt.org/directory';
                    } else {
                        $acme_version = 'https://acme-v01.api.letsencrypt.org/directory';
    But when renewing or registrating a cert i see that it goes to https://acme-v01.api.letsencrypt.org/directory
    im i dowing something wrong or is this a bug?

    Code:
     which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt /opt/eff.org/certbot/venv/bin/certbot
/usr/bin/which: no letsencrypt in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/bin)
/usr/local/bin/certbot
/root/.local/share/letsencrypt/bin/letsencrypt
/opt/eff.org/certbot/venv/bin/certbot

[root@61 server]# /usr/local/bin/certbot --version
certbot 1.2.0

[root@61 server]# /root/.local/share/letsencrypt/bin/letsencrypt --version
certbot 1.2.0

[root@61 server]# /opt/eff.org/certbot/venv/bin/certbot --version
certbot 1.2.0
     
    Steffan, Feb 19, 2020
    #1
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Check the 'server = ' setting in /etc/letsencrypt/renewal/{domain}.conf, it probably has v01 there.

    Yikes, you should delete all but one to avoid confusion and problems.
     
    Jesse Norell, Feb 19, 2020
    #2
  3. Steffan

    Steffan Member

    if i just leave this one
    /usr/local/bin/certbot

    and than request a new one it still uses https://acme-v01.api.letsencrypt.org/

    If i change the line:
    Code:
    if (version_compare($letsencrypt_version, '0.22', '>=')) {
    to
    Code:
    if (version_compare($letsencrypt_version, '0.22', '<=')) {
    it works :)

    So somehow it is not getting the right version.
     
    Steffan, Feb 19, 2020
    #3
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Code:
    $ php  -r 'echo version_compare( "1.2.0", "0.22", ">=" ) ? "true\n" : "false\n";'                                     
true
    The comparison looks to work correctly, so my guess is that $letsencrypt_version didn't get set correctly. Add a debug line that prints the value of $letsencrypt_version just before it compares.
     
    Jesse Norell, Feb 19, 2020
    #4
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Sorry to interrupt but as discussed before in other thread, I don't think acme version in renewal conf can be fixed automatically, as it will only be used and not be changed during renewal, so it must be fixed manually.

    That code is meant only for the creation of new certs to use acme version 2, not renewal.
     
    ahrasis, Feb 20, 2020
    #5
  6. Steffan

    Steffan Member

    I made a file based on the exsisting code:

    Code:
    <?php
           $letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt /opt/eff.org/certbot/venv/bin/certbot'));
                $letsencrypt = reset($letsencrypt);
                if(!is_executable($letsencrypt)) {
                        $letsencrypt = false;
echo 1;
                }
                 if($letsencrypt) {
print_r ($letsencrypt);
echo 2;
                                    $letsencrypt_version = exec($letsencrypt . ' --version  2>&1', $ret, $val);
print_r ($ret);
print_r ($val);

echo 3;
                   if(preg_match('/^(\S+|\w+)\s+(\d+(\.\d+)+)$/', $letsencrypt_version, $matches)) {
echo 4;
                        $letsencrypt_version = $matches[2];
echo 5;
print_r ($matches);
echo 6;
                    }
echo "version = ".$letsencrypt_version;
}

                                    $letsencrypt_version = exec($letsencrypt . ' --version  2>&1', $ret, $val);
print_r ($ret);
print_r ($val);

?>
    I run it with php -f test.php
    It waits 10 seconds after echo 2;

    The result:

    Code:
     which: no letsencrypt in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/bin)
which: no letsencrypt in (/root/.local/share/letsencrypt/bin)
2
/usr/local/bin/certbot
Array
(
    [0] => certbot 1.2.0
    [1] =>
)

0
3
version =
    So it finds certbot
    It find the verion
    But the preg_match is not working?

    If i change the line in:
    Code:
       if(preg_match('/^(\S+|\w+)\s+(\d+(\.\d+)+)$/', $ret[0], $matches)) {
    it is working
     
    Last edited: Feb 20, 2020
    Steffan, Feb 20, 2020
    #6
  7. Steffan

    Steffan Member

    Looks like a centos 6 issue
    The same script works on centos 7
    But centos 6 is using certbot-auo
    and only then i getting a extra empty array [1]
    (
    [0] => certbot 1.2.0
    [1] =>
    )
     
    Steffan, Feb 20, 2020
    #7
  8. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Nice find; you could submit a patch to support both, but I noticed centos 6 is not listed as a supported OS anymore, so you could just patch it locally until you get your OS updated, when it should work correctly again.
     
    Last edited: Feb 24, 2020
    Jesse Norell, Feb 24, 2020
    #8
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    certbot-auto is an installer for certbot and not a replacement. Use certbot-auto to install certbot as described in the recent perfect server guides. The full commands are:

    Code:
    cd /usr/local/bin
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto --install-only
     
    till, Feb 24, 2020
    #9
    HenrysCat and ahrasis like this.
  10. Steffan

    Steffan Member

    Yes but that is not the problem.
    Centos 6 returns a empty array[1]

    but im planning to migrate of centos 6
    i read that you guys are working on centos 8.
    Any idees when it will go in production?
     
    Steffan, Feb 25, 2020
    #10
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you run the commands again that I posted and then tested it again?
     
    till, Feb 25, 2020
    #11
  12. Steffan

    Steffan Member

    shure

    Code:
    [root@61 /]# php -f test.php
 which: no letsencrypt in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/bin)
which: no certbot in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/bin)
which: no letsencrypt in (/root/.local/share/letsencrypt/bin)
2
/opt/eff.org/certbot/venv/bin/certbotArray
(
    [0] => certbot 1.2.0
    [1] =>
)
03
Array
(
)
version =
[root@61 /]#
     
    Steffan, Feb 25, 2020
    #12
  13. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    I guess when you run "/opt/eff.org/certbot/venv/bin/certbot --version" that you get two lines of output instead of one. That is a quite uncommon result and the reason it fails.
     
    Croydon, Feb 25, 2020
    #13
  14. Steffan

    Steffan Member

    no that is not the case

    [root@61 /]# /opt/eff.org/certbot/venv/bin/certbot --version
    certbot 1.2.0
    [root@61 /]#
     
    Steffan, Feb 25, 2020
    #14
  15. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    so what if you run:
    Code:
    php -r "var_dump(exec('/opt/eff.org/certbot/venv/bin/certbot --version'));"
    and
    Code:
    php -r "var_dump(exec('/opt/eff.org/certbot/venv/bin/certbot --version 2>&1'));"
     
    Croydon, Feb 25, 2020
    #15
  16. Steffan

    Steffan Member

    Code:
    [root@61 /]# php -r "var_dump(exec('/opt/eff.org/certbot/bin/certbot --version'));"
sh: /opt/eff.org/certbot/bin/certbot: No such file or directory
    :)


    Code:
    [root@61 /]# php -r "var_dump(exec('/opt/eff.org/certbot/venv/bin/certbot  --version'));"
string(8) ""
[root@61 /]#
    Code:
    [root@61 /]# php -r "var_dump(exec('/opt/eff.org/certbot/venv/bin/certbot  --version 2>&1'));"
string(8) ""
[root@61 /]#
     
    Steffan, Feb 26, 2020
    #16
  17. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    That does not make any sense if certbot is installed as it should return the version with the command and so should exec output it. There must be something wrong either with your certbot, your php or your system I guess.
     
    Croydon, Feb 26, 2020
    #17
  18. Steffan

    Steffan Member

    as you can read above the version is outputted, but not with your command


    Code:
    $letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt /opt/eff.org/certbot/venv/bin/certbot'));
                $letsencrypt = reset($letsencrypt);
                if(!is_executable($letsencrypt)) {
                        $letsencrypt = false;
echo 1;
                }
                 if($letsencrypt) {
echo 2;
print_r ($letsencrypt);

                                    $letsencrypt_version = exec($letsencrypt . ' --version  2>&1', $ret, $val);
print_r ($ret);
    returns....
    Code:
    [root@61 /]# php -f test.php
which: no letsencrypt in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/bin)
which: no certbot in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/bin)
which: no letsencrypt in (/root/.local/share/letsencrypt/bin)
2
/opt/eff.org/certbot/venv/bin/certbot

Array
(
    [0] => certbot 1.2.0
    [1] =>
)
[root@61 /]#
     
    Steffan, Feb 26, 2020
    #18
  19. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    I think this is definitively an issue with your system or program version(s). The exec call to --version returns 2 lines but it must only return a single one. So it would e. g. help changing
    Code:
    $letsencrypt_version = exec($letsencrypt . ' --version  2>&1', $ret, $val);
    to
    Code:
    $letsencrypt_version = exec($letsencrypt . ' --version  2>&1 | head -n 1', $ret, $val);
    But as we will drop centos 6 soon as far as I know, this patch won't possibly make it into the core imho.
     
    Croydon, Feb 26, 2020
    #19
  20. Steffan

    Steffan Member

    the head works.
    No idee why he returns 2 values.
    I i change

    $letsencrypt . ' --version 2>&1'
    to dovecot --verion
    i only got one reply.
    But it works, i just need to remember it when updating ;-)

    Any plans of releasing a centos 8 install version?
     
    Steffan, Feb 26, 2020
    #20
Page 1 of 2

Share This Page