Combined cert not found #25
Description
My DFPL gets this error from DFPLE and stops working because of the exception.
The cert example.container-stuff.com is on disk under /etc/letsencrypt however there is no secret as it was cleaned up. I was expecting that it will recover once the cert is needed again.
2018-02-28 08:47:02,356;ERROR;Certbot return code: 1. Skipping
2018-02-28 08:47:02,357;ERROR;Error while generating certs for [u'.container-stuff.com']
2018-02-28 08:47:02,368;ERROR;Combined certificate not found. Check logs for errors.
The exception is actually a HTML page, I just pasted the contents here in text format.
Exception
Exception: Combined cert not found
Traceback (most recent call last)
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1997, in __call__
error = None
ctx.auto_pop(error)
def __call__(self, environ, start_response):
"""Shortcut for :attr:`wsgi_app`."""
return self.wsgi_app(environ, start_response)
def __repr__(self):
return '<%s %r>' % (
self.__class__.__name__,
self.name,
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1985, in wsgi_app
try:
try:
response = self.full_dispatch_request()
except Exception as e:
error = e
response = self.handle_exception(e)
except:
error = sys.exc_info()[1]
raise
return response(environ, start_response)
finally:
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1540, in handle_exception
# if we want to repropagate the exception, we can attempt to
# raise it with the whole traceback in case we can do that
# (the function was actually called from the except part)
# otherwise, we just raise the error again
if exc_value is e:
reraise(exc_type, exc_value, tb)
else:
raise e
self.log_exception((exc_type, exc_value, tb))
if handler is None:
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1982, in wsgi_app
ctx = self.request_context(environ)
ctx.push()
error = None
try:
try:
response = self.full_dispatch_request()
except Exception as e:
error = e
response = self.handle_exception(e)
except:
error = sys.exc_info()[1]
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1614, in full_dispatch_request
request_started.send(self)
rv = self.preprocess_request()
if rv is None:
rv = self.dispatch_request()
except Exception as e:
rv = self.handle_user_exception(e)
return self.finalize_request(rv)
def finalize_request(self, rv, from_error_handler=False):
"""Given the return value from a view function this finalizes
the request by converting it into a response and invoking the
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1517, in handle_user_exception
return self.handle_http_exception(e)
handler = self._find_error_handler(e)
if handler is None:
reraise(exc_type, exc_value, tb)
return handler(e)
def handle_exception(self, e):
"""Default exception handling that kicks in when an exception
occurs that is not caught. In debug mode the exception will
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request
self.try_trigger_before_first_request_functions()
try:
request_started.send(self)
rv = self.preprocess_request()
if rv is None:
rv = self.dispatch_request()
except Exception as e:
rv = self.handle_user_exception(e)
return self.finalize_request(rv)
def finalize_request(self, rv, from_error_handler=False):
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1598, in dispatch_request
# request came with the OPTIONS method, reply automatically
if getattr(rule, 'provide_automatic_options', False) \
and req.method == 'OPTIONS':
return self.make_default_options_response()
# otherwise dispatch to the handler for that endpoint
return self.view_functions[rule.endpoint](**req.view_args)
def full_dispatch_request(self):
"""Dispatches the request and on top of that performs request
pre and postprocessing as well as HTTP exception catching and
error handling.
File "/app/app.py", line 81, in reconfigure
if 'letsencrypt.testing' in args:
testing = args['letsencrypt.testing']
if isinstance(testing, basestring):
testing = True if testing.lower() == 'true' else False
client.process(args['letsencrypt.host'].split(','), args['letsencrypt.email'], testing=testing)
# proxy requests to docker-flow-proxy
# sometimes we can get an error back from DFP, this can happen when DFP is not fully loaded.
# resend the request until response status code is 200 (${RETRY} times waiting ${RETRY_INTERVAL} seconds between retries)
t = 0
File "/app/client_dfple.py", line 184, in process
combined = [x for x in certs if '.pem' in x]
if len(combined) == 0:
logger.error('Combined certificate not found. Check logs for errors.')
# raise Exception to make a 500 response to dpf, and make it retry the request later.
raise Exception('Combined cert not found')
combined = combined[0]
if self.docker_client == None:
if created:
# no docker client provided, use docker-flow-proxy PUT request to update certificate
Exception: Combined cert not found
This is the Copy/Paste friendly version of the traceback. You can also paste this traceback into a gist:
Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/flask/app.py",
line 1997, in __call__ return self.wsgi_app(environ, start_response) File "/usr/local/lib/python2.7/site-packages/flask/app.py",
line 1985, in wsgi_app response = self.handle_exception(e) File "/usr/local/lib/python2.7/site-packages/flask/app.py",
line 1540, in handle_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python2.7/site-packages/flask/app.py",
line 1982, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python2.7/site-packages/flask/app.py",
line 1614, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python2.7/site-packages/flask/app.py",
line 1517, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python2.7/site-packages/flask/app.py",
line 1612, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python2.7/site-packages/flask/app.py",
line 1598, in dispatch_request return self.view_functions[rule.endpoint](**req.view_args) File "/app/app.py",
line 81, in reconfigure client.process(args['letsencrypt.host'].split(','), args['letsencrypt.email'],
testing=testing) File "/app/client_dfple.py", line 184, in process raise Exception('Combined
cert not found') Exception: Combined cert not found
The debugger caught an exception in your WSGI application. You can now look at the traceback which led to the error. If you enable JavaScript you can also use additional features such as code execution (if the evalex feature is enabled), automatic pasting of the exceptions and much more.
Brought to you by DON'T PANIC, your friendly Werkzeug powered traceback interpreter.
Console Locked
The console is locked and needs to be unlocked by entering the PIN. You can find the PIN printed out on the standard output of your shell that runs the server.
PIN:
Service Definition:
proxy-le:
image: nib0r/docker-flow-proxy-letsencrypt
networks:
- net
environment:
- DF_PROXY_SERVICE_NAME=proxy_proxy
# - LOG=debug
# - CERTBOT_OPTIONS=--staging
volumes:
# link docker socket to activate secrets support.
- /var/run/docker.sock:/var/run/docker.sock
# create a dedicated volume for letsencrypt folder.
# MANDATORY to keep persistent certificates on DFPLE.
# Without this volume, certificates will be regenerated every time DFPLE is recreated.
# OPTIONALY you will be able to link this volume to another service that also needs certificates (gitlab/gitlab-ce for example)
- le-certs:/etc/letsencrypt
deploy:
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- com.df.notify=true
- com.df.distribute=true
- com.df.servicePath=/.well-known/acme-challenge
- com.df.port=8080