Comments (7)
@rene-pxl I believe you're running into an issue where specifying multiple domain names causes multiple certificates to be unnecessarily uploaded to IAM/CloudFront. It's unresolved at the moment, although I commented on #31 regarding the issue.
Also, for what it's worth, once you get "stuck" in this situation, you probably need to delete the "le-ms1.example.com-new" certificate manually, or else the renewals won't work. This can be done using the AWS CLI:
aws iam delete-server-certificate --server-certificate-name le-ms1.example.com-new
from certbot-s3front.
@aripringle
Thanks for your reply.
Yeah that's what i thought as well.
So far i never needed to manually delete any certificates, it still worked to renew the certificates (for all domains, not only for one or specific ones).
I will try to keep on eye on updates and fixes and in case i need to, use your CLI command.
best regards,
renΓ©
from certbot-s3front.
@rene-pxl I think the issue is solved now but please let me know if you see it again.
from certbot-s3front.
I just ran into this issue. I wanted to create a cert that includes domain.com
, www.domain.com
, and cdn.domain.com
. This resulted in an attempt to install the same certificate multiple times, and the error message mentioned above. (I used only the installer part of s3front and webroot for the authenticator, as I'm using CloudFront as a CDN for a WordPress site via W3 Total Cache.)
As a workaround, I generated one certificate (with multiple names) that is kept local, and another one for only cdn.domain.com
that gets installed on AWS. This works, but it would be great if I only needed one certificate.
My certbot is version 0.9.3 (on Debian from jessie-backports) and s3front installed via pip seems to be 0.2.0.
from certbot-s3front.
I'm running into this issue as well, with three domains. In each case, I get an error that looks like this:
Starting new HTTPS connection (1): iam.amazonaws.com
An unexpected error occurred:
ClientError: An error occurred (EntityAlreadyExists) when calling the UploadServerCertificate operation: The Server Certificate with name le-<domain-name>-new already exists.
When I look in /var/log/letsencrypt/letsencrypt.log
, I don't really get much more information than that; it shows the request sent, and the response received, which provides that same information.
I've seen some suggestions to use this:
$ aws iam delete-server-certificate --server-certificate-name le-<domain-name>-new
Which I have tried. However, the response I get back is "Certificate is currently inuse by CloudFront Distribution . Please remove it first before deleting it from IAM."
These errors have only started in the last two weeks, and I've been able to reproduce them reliably. I'm currently using certbot from thePPA, which installs 0.11.1; I've installed certbot-s3front using pip2.7 (which I discovered through trial and error is necessary, as it does not work with python3), and have 0.2.0 installed.
Any assistance would be greatly appreciated!
from certbot-s3front.
@dlapiduz
Sorry to open this again, in the same time frame @weierophinney mentioned, the whole thing stopped working for me as well.
Maybe AWS changed something on their site? Because i didn't change anything at all, in fact i did set up a Cronjob since my last post in this issue and it worked until end of february.
The creation of the certificate itself is still correct, as shown in the log
2017-04-27 11:53:11,458:INFO:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/ms0.DOMAIN.com/fullchain.pem. Your cert will expire on 2017-07-26. To obtain a new version of the certificate in the future, simply run Certbot again.
At the end of the log i get this message again
ClientError: An error occurred (EntityAlreadyExists) when calling the UploadServerCertificate operation: The Server Certificate with name le-ms0.DOMAIN.com-new already exists.
This is basically the same message i got in the initial post in this issue BUT this time its not working at all, theres no update process at my cloudfront distribution despite the error message. (I was fine with getting an error message but ending up with a working SSL configuration)
I can only repeat what @weierophinney said,
Any assistance would be greatly appreciated!
from certbot-s3front.
This still happens.
from certbot-s3front.
Related Issues (20)
- ot
- This worked like a dream! Thank you. =) HOT 1
- Issue installing with certbot 0.23.0 HOT 1
- NoCredentialsError HOT 3
- Max retries exceeded with url HOT 3
- Can generate initial certificate, but silently fails to renew HOT 6
- [0.4.0] SyntaxError with python 3.6.6 HOT 1
- KeyError: 'IAMCertificateId' on new distribution HOT 10
- Error in configuring distribution with certificate HOT 1
- Cannot run on raspbian stretch HOT 1
- Not Python3 compatible HOT 2
- AttributeError: module 'certbot.interfaces' has no attribute 'RenewDeployer' HOT 1
- Configure dns in aws route 53
- Unreliable with load balancers and API Gateways HOT 1
- issue with certificate generation HOT 1
- Support non Amazon hosts (region endpoints)
- Unable to upload/update renewed cert via s3front HOT 1
- Add support for certbot 2.x HOT 1
- Failing when trying to use the docker container
- certbot: error: unrecognized arguments: --certbot-s3front:auth-s3-bucket my-bucket HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certbot-s3front.