Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hooks.py: Renewal fail due to deploy-hook exception nonetype object #770

Open
TrueOsiris opened this issue May 29, 2022 · 5 comments
Open

hooks.py: Renewal fail due to deploy-hook exception nonetype object #770

TrueOsiris opened this issue May 29, 2022 · 5 comments

Comments

@TrueOsiris
Copy link

TrueOsiris commented May 29, 2022
edited

Used to work perfectly, until the last time I patched the container.
Might have been flawed 6 months ago.

profiles:
- name: godaddy_profile
  provider: godaddy
  provider_options:
    auth_key: yestthishasmycorrectkey
    auth_secret: yeahthishasmysecret
...
- domains:
  - timmer.ninja
  - "*.timmer.ninja"
  profile: godaddy_profile

2022-05-29 01:10:17 0396078a51ef dnsrobocert.core.utils[1] INFO Launching command: /usr/local/bin/python3 -m dnsrobocert.core.certbot certonly -n --user-agent-comment DNSroboCert/3.20.1 --preferred-chain "ISRG Root X1" --config-dir /etc/letsencrypt --work-dir /etc/letsencrypt/workdir --logs-dir /etc/letsencrypt/logs --manual --preferred-challenges=dns --manual-auth-hook "/usr/local/bin/python3 -m dnsrobocert.core.hooks -t auth -c \"/tmp/tmprvcqfqw2/dnsrobocert-runtime.yml\" -l \"timmer.ninja\"" --manual-cleanup-hook "/usr/local/bin/python3 -m dnsrobocert.core.hooks -t cleanup -c \"/tmp/tmprvcqfqw2/dnsrobocert-runtime.yml\" -l \"timmer.ninja\"" --expand --deploy-hook "/usr/local/bin/python3 -m dnsrobocert.core.hooks -t deploy -c \"/tmp/tmprvcqfqw2/dnsrobocert-runtime.yml\" -l \"timmer.ninja\"" --server https://acme-v02.api.letsencrypt.org/directory --cert-name timmer.ninja --key-type rsa -d timmer.ninja -d *.timmer.ninja
Saving debug log to /etc/letsencrypt/logs/letsencrypt.log
Requesting a certificate for timmer.ninja and *.timmer.ninja
Hook 'deploy-hook' reported error code 1
Hook 'deploy-hook' ran with error output:
 Error while executing the `deploy` hook:
 'NoneType' object has no attribute 'get'
 Traceback (most recent call last):
   File "/usr/local/lib/python3.9/site-packages/dnsrobocert/core/hooks.py", line 40, in main
     globals()[parsed_args.type](dnsrobocert_config, parsed_args.lineage)
   File "/usr/local/lib/python3.9/site-packages/dnsrobocert/core/hooks.py", line 131, in deploy
     _pfx_export(certificate, lineage_path)
   File "/usr/local/lib/python3.9/site-packages/dnsrobocert/core/hooks.py", line 141, in _pfx_export
     pfx = certificate.get("pfx", {})
 AttributeError: 'NoneType' object has no attribute 'get'

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/timmer.ninja-0001/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/timmer.ninja-0001/privkey.pem
This certificate expires on 2022-08-26.
These files will be updated when the certificate renews.
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.

It in fact does not replace the certificate.
In the meantime, I've been blocked for a week (too many tries without setting staging to true, my bad).

When I use staging

Certbot has been configured to prefer certificate chains with issuer 'ISRG Root X1', but no chain from the CA matched this issuer. Using the default certificate chain instead.
Hook 'deploy-hook' reported error code 1
Hook 'deploy-hook' ran with error output:
 Error while executing the `deploy` hook:
 'NoneType' object has no attribute 'get'
 Traceback (most recent call last):
   File "/usr/local/lib/python3.9/site-packages/dnsrobocert/core/hooks.py", line 40, in main
     globals()[parsed_args.type](dnsrobocert_config, parsed_args.lineage)
   File "/usr/local/lib/python3.9/site-packages/dnsrobocert/core/hooks.py", line 131, in deploy
     _pfx_export(certificate, lineage_path)
   File "/usr/local/lib/python3.9/site-packages/dnsrobocert/core/hooks.py", line 141, in _pfx_export
     pfx = certificate.get("pfx", {})
 AttributeError: 'NoneType' object has no attribute 'get'

and grep -Ei 'ISRG Root' /etc/ssl/certs/ca-certificates.crt returns nothing.

Would it be possible to catch this error so I can see what is actually going on?
@TrueOsiris TrueOsiris changed the title Renewal fail due to deploy-hook exception nonetype object hooks.py: Renewal fail due to deploy-hook exception nonetype object May 29, 2022
@adferrand
Copy link
Owner

Very sorry for the inconvenience. I will check that tonight.

@TrueOsiris
Copy link
Author

Hi & thx for having a look.
Any direction in which I can investigate myself?
Btw, I've seen this error logged very rarely, a year ago.

@TrueOsiris
Copy link
Author

Am I on my own? :-)

@paskal
Copy link

paskal commented Aug 29, 2022

Can you still reproduce that issue, or does it happen only occasionally? If it's reproducible every time, I can help you figure out how to test changes using git bisect so we would find the specific commit after which the issue started happening, and then it would be relatively easy to fix.

@TrueOsiris
Copy link
Author

I'm in the process of moving to traefik.
Yes, it was a blocking issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@paskal @TrueOsiris @adferrand