Letsencrypt pem generation failed about roxy-wi HOT 5 CLOSED

It looks like a bug, will fix it in the next release, thank you

from roxy-wi.

Fixed fb3b1d1

from roxy-wi.

Hi,

Try to create the dir manually and run again

from roxy-wi.

I would like to, but I don't know where should I do this.
If I'm right, this one is trying to make something into the / directly.

Where is the value of the {{SSL_PATH}} variable which used by ansible?

If you look at the command I think the SSL_PATH is empty

www-data 24289 0.2 0.0 4736 3500 ? S 15:40 0:00 /bin/bash ./letsencrypt.sh PROXY= haproxy_dir=/etc/haproxy DOMAIN=proxy1.idonttellyou.hu [email protected] SSH_PORT=22 SSL_PATH=error: The path must contain the name of the service. Check it in Roxy-WI settings HOST=192.168.110.2 USER=username PASS= KEY=/var/lib/roxy-wi/keys/RoxyWi-key_Default.pem

I changed the ansible role to this, and now the pem is created

    - name: Combine into pem file
#      shell: cat /etc/letsencrypt/live/{{DOMAIN}}/fullchain.pem /etc/letsencrypt/live/{{DOMAIN}}/privkey.pem > "{{SSL_PATH}}"/"{{DOMAIN}}".pem
      shell: cat /etc/letsencrypt/live/{{DOMAIN}}/fullchain.pem /etc/letsencrypt/live/{{DOMAIN}}/privkey.pem > /etc/ssl/certs/{{DOMAIN}}.pem

However, the role cannot finish, because of the cronjob cannot be created:

 'TASK [Creates cron jobs] *******************************************************', 'fatal: [192.168.110.2]: FAILED! =>
 {"changed": false, "msg": "Failed to find required executable crontab in paths: 
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"}', '', 
'PLAY RECAP *********************************************************************', 
'192.168.110.2 : ok=7 changed=3 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0 ', '', 
"error: Can't create SSL certificate"]

JFTR: the letsencrypt renew script, which should use the {{SSL_PATH}} also got an error when the template copied over:

[root(Titan:2)] </home> cat /etc/haproxy/scripts/renew_letsencrypt.sh
#!/bin/bash

cd /etc/letsencrypt/live/
email='[email protected]'
path='error:'

command='certbot certonly --standalone'

BTW, I'm using Ubuntu 22 LTS Server.

from roxy-wi.

Just a quick followup. My cron problem is caused by me, since I used minimal Ubuntu as base, and they not install cron...

About the SSL_PATH variable... I've done some research in the code, and I found the app/modules/config/add.py, where this variable got a value based on an SQL field:

ssl_path = common.return_nice_path(sql.get_setting('cert_path'))

The next line is haproxy_dir, which use a same method, but without this common.return_nice_path call, which looks like this:

def return_nice_path(return_path: str) -> str:
        if not check_is_service_folder(return_path):
                return 'error: The path must contain the name of the service. Check it in Roxy-WI settings'

        if return_path[-1] != '/':
                return_path += '/'

        return return_path

So somehow this check_is_service_folder function returns as False, since I don't use the service name in the cert_path (and why should I?)

After I changed the ssl_path to give a value without a nice path ssl_path = sql.get_setting('cert_path') I was able to request the LE certificate.

Hope this helps to point out something.

If it matters, my cert_path is configured to /etc/ssl/certs/ and I have manual installation.

from roxy-wi.