Comments (22)
Despite all my edits above, I figured this update warranted a reply: I re-hardcoded the -it argument to effectively undo the previous commit and it is working once again. (I just ran it after making the change and I see the dialog prompting for email address instead of receiving an error message. Woo!)
And now I have a working cert from letsencrypt. Whew!
from dokku-letsencrypt.
OK, that's a very helpful hint! Apparently we're not correctly detecting that you're in a TTY. Here are some further ideas on how to debug this:
- Could you display the value of your
$PS1
and$TERM
by adding the following before/after here
dokku_log_verbose "PS1 is '$PS1', TERM is '$TERM'"
- Could you try replacing the check for a terminal with this (source):
[[ -t 1 ]] && DOKKU_RUN_OPTS="-it"
- You can mount the let's encrypt docker container's log directory to ~dokku/.letsencrypt/log by first creating that directory and then adding the following line to the docker call:
-v "$LETSENCRYPT_ROOT/log:/var/log" \
from dokku-letsencrypt.
Thank you, I will try those things and post the results.
from dokku-letsencrypt.
Derp, I just re-read the source and it should be [[ -t 1 ]]
, not [[ -t "$PS1" ]]
. I've updated the above post but wanted to give you a ping in case you haven't seen.
from dokku-letsencrypt.
I experience the same issue and tried your suggested changes. So there you go:
PS1 is '', TERM is 'xterm-256color'
I guess this issue is caused by the necessity to initially provide the email address, as reverting the changes afterwards don't seem to affect the functionality (even though letsencrypt complains about insufficient authorization in my case for all subsequent requests).
Wouldn't it be possible to provide an email address as a command line argument (for the dokku command) or something like dokku letsencrypt:register <email>
?
from dokku-letsencrypt.
Hey
No worries. Thanks for the heads up. Yea it doesnt work for me and i am facing the same issue.
I second beevelop's suggestion on using the following
dokku letsencrypt:register <email>
or
$ dokku help
letsencrypt <app> <email> Enable or renew letsencrypt certificate for app with email
as a required field
from dokku-letsencrypt.
Thanks for the update everyone! Apparently $PS1
is not a reliable way to determine if we have a TTY. Could any of you check whether replacing the TTY detection with the above-mentioned [[ -t 1 ]]
works?
I'll look into passing the e-mail to let's encrypt on the command line.
from dokku-letsencrypt.
Just a note to self, the let's encrypt command has the following option to specify the e-mail address via command line:
-m EMAIL, --email EMAIL
Email used for registration and recovery contact.
(default: None)
from dokku-letsencrypt.
i just tried
[[ -t 1 ]] && DOKKU_RUN_OPTS="-it"
and have the same error unfortunately
from dokku-letsencrypt.
@sseemayer I can confirm that chaning the [[ -t 1 ]]
did work for me...
Our setup:
we have a running dokku instance and after installing the plugin as described in the readme (dokku install...
etc) we had the pythondialogerr
after chaning only the mentioned line our first certificate is working!
I would however like to comment that having seperate e-mail addresses per app would be great, thus i'd opt for dokku letsencrypt:register <app> <email>
and afterwards a cron-jobable: dokku letsencrypt <app>
which returns a mentioning of first having to register using the :register
command.
Thanks for the work!
from dokku-letsencrypt.
Since it at least works better for some, I've switched to use the new method for now.
I've created an issue #15 to cover the discussed register
command to discuss the design of this change since it's not clear to me yet how to best handle the let's encrypt account creation.
I'll keep this issue open since the actual TTY detection method is still unreliable for @exp00 and possibly @wrockwood and @beevelop. Suggestions on a more reliable technique, anyone?
from dokku-letsencrypt.
This works for me, and I appreciate the idea of specifying the email address. My ultimate plan is to automate some of this with ansible (much like my deployment of docker/dokku itself,) and it's nice not to deal with interactivity.
from dokku-letsencrypt.
I think I have a good solution for this that I'll push on the weekend that will include a new command for specifying e-mail addresses and will never request a TTY to retrieve the certificates. The change will come together with a change to https://github.com/kuba/simp_le instead of the official client since it's much easier to automate that client.
from dokku-letsencrypt.
My commit already auto-closed this but can I have some confirmation that it is actually working as intended for everyone now? The command for specifying the e-mail address turned out to be dokku letsencrypt:email <app> <e-mail>
instead of register
because it only saves the e-mail address for the next certificate request instead of actually registering an account.
Thanks @wrockwood @beevelop @exp00 @fruitl00p for your helpful inputs!
from dokku-letsencrypt.
I can confirm it is working as expected so far.
dokku letsencrypt:email
and
dokku letsencrypt
both worked as expected, and the certificate info reflects what I would expect to see. Thanks!
from dokku-letsencrypt.
@sseemayer thanks for your hard work!
I will give it a try later but i have a question first maybe i will start a new thread
from dokku-letsencrypt.
@sseemayer Awesome work! Great that it allows e-mails per app. Are there any special precautions to take to upgrade the plugin and not break existing ssl certs?
from dokku-letsencrypt.
Account keys and certificates are now stored in a different place so any old certs that you already had installed would be ignored when you re-run dokku letsencrypt <app>
. Because no certificates are found at the new location, a new account would be registered and the certificate would get requested again.
If you care about keeping your existing account key and certificates, you could try migrating them according to the simp_le wiki and placing them in $LETSENCRYPT_CONFIG_DIR/{account_key.json,fullchain.pem,chain.pem,cert.pem,key.pem} yourself. Personally, I thought it was too much work so I just re-requested everything π
from dokku-letsencrypt.
It's still giving me this error from docker compose.
app:
image: quay.io/letsencrypt/letsencrypt:latest
command: auth
volumes:
- /var/lib/docker/opt/letsencrypt/data/etc/letsencrypt:/etc/letsencrypt
- /var/lib/docker/opt/letsencrypt/data/var/lib/letsencrypt:/var/lib/letsencrypt
- /var/lib/docker/opt/nginx/www/:/var/www/
from dokku-letsencrypt.
This error is doubly strange since we 1) don't use docker compose and 2) since a while already, we've switched away from the official letsencrypt container to use simp_le instead (see e.g. 2d801df).
Are you doing something fancy with how you're running the plugin? Are you on the latest version?
from dokku-letsencrypt.
I think I had to change something in my config file, but I forget what.
from dokku-letsencrypt.
I'm sorry but I don't understand what you're trying to do.
Can you please elaborate what software you are trying to use / combine how, which versions of things you're using and post the logs of a full run (ideally with dokku trace on
enabled) as a gist?
from dokku-letsencrypt.
Related Issues (20)
- Is it possible to use a DNS-01 challenge for a non-wildcard domain? HOT 1
- Renewal fails with "Letsencrypt not enabled for app" HOT 10
- Error enable or update SSL HOT 11
- letsencrypt:report doesnβt show the dns-provider-* options
- Broken as of dokku 0.30.0 HOT 4
- Skip domain `_` (Nginx default domain name)
- Cloudflare DNS-01 howto HOT 2
- letsencrypt:cron-job --add does not add cronjob HOT 1
- Invalid response from acme-challenge HOT 16
- Cloudflare DNS: Failed to find zone HOT 1
- Can't Renew Ceritificate, returns Error: manifest for dokku/letsencrypt:0.1.0 not found: HOT 4
- Can't Renew SSL using dokku-letsencrypt: Manifest Unkown HOT 7
- set email for app is not possible HOT 1
- letsencrypt/internal-functions: line 84: syntax error near unexpected token `fi' HOT 6
- Running on old dokku installation HOT 1
- Unable to set email address HOT 2
- feature: Make it possible to enable letsencrypt by default HOT 1
- get_available_port: command not found HOT 1
- Wildcard SSL and Non-wildcard SSL for the same Dokku app HOT 1
- Certs will expire before renewal HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dokku-letsencrypt.