Comments (7)
I used to run it like this:
acmetool --xlog.severity=debug > dump 2>&1
Have always made my config by hand, so no detailed clues.
from acmetool.
Thanks, now I can figure the cause of the problem:
20200427082524 [DEBUG] acmetool.reshttp: acquire port "[::]:80" "xxxxxxxxx"
20200427082524 [DEBUG] acmetool.reshttp: failed to listen on [::]:80: listen tcp 0.0.0.0:80: bind: address already in use
20200427082524 [DEBUG] acmetool.reshttp: acquire port ":80" "xxxxxxxxxx"
20200427082524 [DEBUG] acmetool.reshttp: failed to listen on :80: listen tcp :80: bind: address already in use
It seems that this version of acmetool must run as root and the webserver must have been stopped first.
So the Rootless setup is not working anymore. Did I miss something or is that wanted?
from acmetool.
I may be off base here, but binding to low ports is restricted.
https://unix.stackexchange.com/questions/10735/allowing-a-user-to-let-listen-to-a-port-below-1024
Good luck.
from acmetool.
I see, that I should clarify:
Up to now it was possible to run acmetool reconcile
as a cronlob without stopping the webserver (apache, nginx,...)
This version of acmetool is starting itself a webserver on port 80 and it seems that you are not even able to tell him to start it on an other port.
maybe I'm wrong, but the only way to reconcile seems to be a script like this:
systemctl stop nginx
/usr/bin/acmetool reconcile
systemctl start nginx
from acmetool.
I think the strategies have remained the same as before with v0.0.x. It also doesn't make sense to have acmetool listening on other ports (unless you are using DNS-01, for which custom hooks are needed, cf. Wiki).
The symptoms you describe here seems to suggest that you have chosen a different authentication method than intended. I have tested on my own computer (Mac) that selecting WEBROOT
works as expected. Try running acmetool quickstart
again to specify that. With WEBROOT
nothing should be spawned by the tool.
Also, Ubuntu has imported the packaged version at https://launchpad.net/ubuntu/+source/acmetool/0.2.1-2, so systemd units should be working as expected.
from acmetool.
@CL-Jeremy Of course it makes sense to have acmetool listening on other ports. The documentation even mentions it.
@kaikrueger I had the same problem and fixed it.
Rootless operation is still possible, but you need to work around a few pitfalls. /var/run/acme needs to be owned by the user acme, and the builtin self-test will cause funny failures for non-root operation on nonstandard ports. I recommend tracing your nftables rules (if applicable) and checking whether /var/lib/acme/desired/myhostname-someid needs a few more lines similar to
request:
challenge:
http-ports:
- 0.0.0.0:4402
Note that the self-tests do funny stuff like connecting to 127.0.1.1 (not 127.0.0.1), so make sure the self-tests can successfully connect to the builtin acmetool instance of a web server, and also check if you need to specify 0.0.0.0:4402 as http-ports instead of just 4402.
from acmetool.
Hi @kaikrueger, thanks for posting this issue. Using acmetool myself for several years, a few weeks/months back it stopped renewing certificates (unnoticed). My acmetool's error and debug log is nearly identical to the one you posted above.
I did the required upgrade to 0.2.1 because of Let's Encrypt APIv2. With that, not a single reconcile run was successful.
Did you manage to run it successfully? I'd be more than happy to hear how!
from acmetool.
Related Issues (20)
- ACMEv2 beta (v0.2.1) now available HOT 78
- github.com/godbus/dbus/v5: cannot find package in 0.2.1 Beta
- pull requests wait on "continuous-integration/travis-ci Expected — Waiting for status to be reported" HOT 1
- Missing license HOT 3
- build failed WindowsX64 to build LinuxX64 HOT 1
- Let's Encrypt ACMEv2 compatible HOT 2
- manually fence unseen nodes
- No Release File - ubuntu 20.04
- quickstart loops and times out HOT 1
- acmetool v0.2.1 failing getting certificate (ACMEv2) HOT 1
- Binary installed under directory name
- PKCS #11 support request HOT 1
- staging URL in defaultconf with live URL in desired files makes for a lot of accounts
- Adding flock() support
- Support for specifying alternate chain (like --preferred-chain in certbot) ?
- lookup git.devever.net: no such host HOT 7
- /var/lib/acme/conf/target file permission HOT 3
- Building from source is difficult HOT 1
- Repository Does Not Have Release File HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acmetool.