letsencrypt fails with "PythonDialogBug" error about dokku-letsencrypt HOT 22 CLOSED

Despite all my edits above, I figured this update warranted a reply: I re-hardcoded the -it argument to effectively undo the previous commit and it is working once again. (I just ran it after making the change and I see the dialog prompting for email address instead of receiving an error message. Woo!)

And now I have a working cert from letsencrypt. Whew!

from dokku-letsencrypt.

OK, that's a very helpful hint! Apparently we're not correctly detecting that you're in a TTY. Here are some further ideas on how to debug this:

• Could you display the value of your $PS1 and $TERM by adding the following before/after here

    dokku_log_verbose "PS1 is '$PS1', TERM is '$TERM'"

• Could you try replacing the check for a terminal with this (source):

[[ -t 1 ]] && DOKKU_RUN_OPTS="-it"

• You can mount the let's encrypt docker container's log directory to ~dokku/.letsencrypt/log by first creating that directory and then adding the following line to the docker call:

    -v "$LETSENCRYPT_ROOT/log:/var/log" \

from dokku-letsencrypt.

Thank you, I will try those things and post the results.

from dokku-letsencrypt.

Derp, I just re-read the source and it should be [[ -t 1 ]], not [[ -t "$PS1" ]]. I've updated the above post but wanted to give you a ping in case you haven't seen.

from dokku-letsencrypt.

I experience the same issue and tried your suggested changes. So there you go:

PS1 is '', TERM is 'xterm-256color'

I guess this issue is caused by the necessity to initially provide the email address, as reverting the changes afterwards don't seem to affect the functionality (even though letsencrypt complains about insufficient authorization in my case for all subsequent requests).

Wouldn't it be possible to provide an email address as a command line argument (for the dokku command) or something like dokku letsencrypt:register <email>?

from dokku-letsencrypt.

Hey

No worries. Thanks for the heads up. Yea it doesnt work for me and i am facing the same issue.
I second beevelop's suggestion on using the following

dokku letsencrypt:register <email>

or

$ dokku help
    letsencrypt <app> <email>                  Enable or renew letsencrypt certificate for app with email

as a required field

from dokku-letsencrypt.

Thanks for the update everyone! Apparently $PS1 is not a reliable way to determine if we have a TTY. Could any of you check whether replacing the TTY detection with the above-mentioned [[ -t 1 ]] works?

I'll look into passing the e-mail to let's encrypt on the command line.

from dokku-letsencrypt.

Just a note to self, the let's encrypt command has the following option to specify the e-mail address via command line:

  -m EMAIL, --email EMAIL
                        Email used for registration and recovery contact.
                        (default: None)

from dokku-letsencrypt.

i just tried

[[ -t 1 ]] && DOKKU_RUN_OPTS="-it"

and have the same error unfortunately

from dokku-letsencrypt.

@sseemayer I can confirm that chaning the [[ -t 1 ]] did work for me...

Our setup:
we have a running dokku instance and after installing the plugin as described in the readme (dokku install... etc) we had the pythondialogerr after chaning only the mentioned line our first certificate is working!

I would however like to comment that having seperate e-mail addresses per app would be great, thus i'd opt for dokku letsencrypt:register <app> <email> and afterwards a cron-jobable: dokku letsencrypt <app> which returns a mentioning of first having to register using the :register command.

Thanks for the work!

from dokku-letsencrypt.

Since it at least works better for some, I've switched to use the new method for now.

I've created an issue #15 to cover the discussed register command to discuss the design of this change since it's not clear to me yet how to best handle the let's encrypt account creation.

I'll keep this issue open since the actual TTY detection method is still unreliable for @exp00 and possibly @wrockwood and @beevelop. Suggestions on a more reliable technique, anyone?

from dokku-letsencrypt.

This works for me, and I appreciate the idea of specifying the email address. My ultimate plan is to automate some of this with ansible (much like my deployment of docker/dokku itself,) and it's nice not to deal with interactivity.

from dokku-letsencrypt.

I think I have a good solution for this that I'll push on the weekend that will include a new command for specifying e-mail addresses and will never request a TTY to retrieve the certificates. The change will come together with a change to https://github.com/kuba/simp_le instead of the official client since it's much easier to automate that client.

from dokku-letsencrypt.

My commit already auto-closed this but can I have some confirmation that it is actually working as intended for everyone now? The command for specifying the e-mail address turned out to be dokku letsencrypt:email <app> <e-mail> instead of register because it only saves the e-mail address for the next certificate request instead of actually registering an account.

Thanks @wrockwood @beevelop @exp00 @fruitl00p for your helpful inputs!

from dokku-letsencrypt.

I can confirm it is working as expected so far.

dokku letsencrypt:email
and
dokku letsencrypt

both worked as expected, and the certificate info reflects what I would expect to see. Thanks!

from dokku-letsencrypt.

@sseemayer thanks for your hard work!

I will give it a try later but i have a question first maybe i will start a new thread

from dokku-letsencrypt.

@sseemayer Awesome work! Great that it allows e-mails per app. Are there any special precautions to take to upgrade the plugin and not break existing ssl certs?

from dokku-letsencrypt.

Account keys and certificates are now stored in a different place so any old certs that you already had installed would be ignored when you re-run dokku letsencrypt <app>. Because no certificates are found at the new location, a new account would be registered and the certificate would get requested again.

If you care about keeping your existing account key and certificates, you could try migrating them according to the simp_le wiki and placing them in $LETSENCRYPT_CONFIG_DIR/{account_key.json,fullchain.pem,chain.pem,cert.pem,key.pem} yourself. Personally, I thought it was too much work so I just re-requested everything 😀

from dokku-letsencrypt.

It's still giving me this error from docker compose.

app:
  image: quay.io/letsencrypt/letsencrypt:latest
  command:  auth
  volumes:
    - /var/lib/docker/opt/letsencrypt/data/etc/letsencrypt:/etc/letsencrypt
    - /var/lib/docker/opt/letsencrypt/data/var/lib/letsencrypt:/var/lib/letsencrypt
    - /var/lib/docker/opt/nginx/www/:/var/www/

from dokku-letsencrypt.

This error is doubly strange since we 1) don't use docker compose and 2) since a while already, we've switched away from the official letsencrypt container to use simp_le instead (see e.g. 2d801df).

Are you doing something fancy with how you're running the plugin? Are you on the latest version?

from dokku-letsencrypt.

I think I had to change something in my config file, but I forget what.

from dokku-letsencrypt.

I'm sorry but I don't understand what you're trying to do.

Can you please elaborate what software you are trying to use / combine how, which versions of things you're using and post the logs of a full run (ideally with dokku trace on enabled) as a gist?

from dokku-letsencrypt.