Letsencrypt-auto certonly fails with KeyError: 'webroot'

Elmi · 2016-01-03T17:20:53.299Z

When I try to get a certificate on my Ubuntu 12.04 LTS with

./letsencrypt-auto certonly -d domain.de -d www.domain.de --debug --standalone

this procedure fails with

An unexpected error occurred:
KeyError: ‘webroot’

after some time and without getting a cert. nginx is installed.

Any idea what could be wrong?

eva2000 · 2016-01-04T02:21:28.058Z

The problem is you aren’t passing the webroot path at all as per https://letsencrypt.readthedocs.org/en/latest/using.html#webroot

--webroot

Fsantiago1979 · 2016-01-04T02:33:44.914Z

But he specified standalone. There is no need for webroot, no?

eva2000 · 2016-01-04T02:36:48.701Z

ah could be a bug…

maybe try different order with --standalone after certonly instead

Elmi · 2016-01-04T06:13:12.905Z

The same happens when I specify the webroot:

./letsencrypt-auto certonly --webroot /home/user/domain.de/ -d domain.de -d www.domain.de --debug

Fsantiago1979 · 2016-01-05T12:06:54.052Z

The proper syntax is --webroot -w /

So in your above example just add -w after webroot but just prior to your webroot path and it should work provided your nginx is configured to serve that location properly.

Elmi · 2016-01-05T16:07:54.941Z

So it should be

letsencrypt-auto certonly --webroot -w /home/user/domain.de/ -d domain.de --debug

?

Result is still the same:

An unexpected error occurred:
KeyError: 'webroot'
Please see the logfile 'letsencrypt.log' for more details.

And letsencrypt.log tells me:

Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/cli.py", line 1350, in main
    args = prepare_and_parse_args(plugins, cli_args)
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/cli.py", line 1066, in prepare_and_parse_args
    _plugins_parsing(helpful, plugins)
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/cli.py", line 1193, in _plugins_parsing
    help="public_html / webroot path. This can be specified multiple times to "
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/cli.py", line 849, in add
    if self.visible_topics[topic]:
KeyError: 'webroot'

sahsanu · 2016-01-05T16:21:41.543Z

Elmi:

letsencrypt-auto certonly --webroot -w /home/user/domain.de/ -d domain.de --debug

Maybe you are using an old let's encrypt version, change --webroot by -a webroot and try again.

Edit: If it fails again, change -w by --webroot-path.

Cheers,
sahsanu

Elmi · 2016-01-06T17:00:39.121Z

I tried all variants of these parameters - result is always the same. Btw: I’m running latest version from GIT always, this should give me the latest version?

sahsanu · 2016-01-06T17:53:48.291Z

Hi @Elmi,

Elmi:

I'm running latest version from GIT always, this should give me the latest version?

Yes, the last version is the version available in github.

Just in case you have a "corrupted" installation you could remove your installation and start over.

Example using /root/ dir as home directory where we installed letsencrypt cloning it with git.

cd /root/
tar zcvf backup-local_letsencrypt-2016-Jan-06.tar.gz .local/share/letsencrypt/  
tar zcvf backup-letsencrypt_github-2016-Jan-06.tar.gz letsencrypt/
rm -rf .local/share/letsencrypt/
rm -rf letsencrypt/
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt/
./letsencrypt-auto --help

If no errors, you can try again to create the certificates:

./letsencrypt-auto certonly --webroot -w /home/user/domain.de -d domain.de --debug --email youremail@whatever.tld --text --agree-tos --staging

Explanation:

certonly will generate the certs but won't try to install it in your apache or nginx installation, the certs should be available (once created) in /etc/letsencrypt/live/yourdomain.tld/

--webroot It specifies to letsencrypt that challenge will use this web root method (it will left the file challenge in the path specified by -w switch)

-w /home/user/domain.de Specifies the document root for your domain. In this case, letsencrypt will left the challenge file into /home/user/domain.de/.well-known/acme-challenge/random_challenge_file so you should be sure that files put into /home/user/domain.de/.well-known/acme-challenge/ are accesible using this from a browser http://domain.de/.well-known/acme-challenge/whateverfile

-d domain.de specifies the domains that the cert will be generated for. It could be specified by several -d switches -d domain.de -d www.domain.de or by the domains separated by comma -d domain-de,www.domain.de keep in mind that all the specified domains should share the same document root, if that is not the case we can also specify a document root per domain -w /home/user/domain.de -d domain.de -w /home/user/www.domain.de -d www.domain.de

--debug this switch will show more info about the process but also will be able to use some experimental functions like to work using python 2.6 (letsencrypt has been made to use python 2.7 but using --debug enables support for python 2.6).

--email youremail@whatever.tld is used as recovery contact, also, letsencrypt will notify to this email when the cert is about to expire. If you don't want to use it, change the switch by --register-unsafely-without-email

--text use the text output instead of the curses UI

--agree-tos you automatically agree the Terms Of Service.

--staging you will create a fake certificate for your domain, it won't be valid for browsers but you won't hit the rate limit for creating your certs, once the process is ok for you, just remove this switch and rerun the command to create a valid certificate.

Good luck.
sahsanu

Elmi · 2016-01-07T21:03:59.659Z

sahsanu:

./letsencrypt-auto certonly --webroot -w /home/user/domain.de -d domain.de --debug --email youremail@whatever.tld --text --agree-tos --staging

Hm, sorry, no - still the same

sahsanu · 2016-01-07T23:30:18.161Z

Hi Elmi,

sahsanu:

./letsencrypt-auto certonly --webroot -w /home/user/domain.de -d domain.de --debug --email youremail@whatever.tld --text --agree-tos --staging

I've just installed Ubuntu 12.04.5 LTS in a Virtual Machine just to try to reproduce your issue but it is working fine and the python version installed is 2.7.3:

root@ubuntu:~/letsencrypt# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.5 LTS
Release:        12.04
Codename:       precise

root@ubuntu:~/letsencrypt# python --version
Python 2.7.3

Sorry but I have run out of ideas, maybe you should take a look to other clients like this one that is written in bash and has no python dependencies.

Cheers,
sahsanu

Elmi · 2016-01-09T16:09:49.679Z

le ist working perfectly - thanks!!!

seriyps · 2016-01-30T20:08:38.557Z

Have the same issue:

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 12.04.5 LTS
Release:	12.04
Codename:	precise
$ virtualenv le
New python executable in le/bin/python
Installing distribute.............................................................................................................................................................................................done.
Installing pip...............done.
$ source le/bin/activate
(le)$ pip install -U pip
Downloading/unpacking pip from https://pypi.python.org/packages/source/p/pip/pip-8.0.2.tar.gz#md5=3a73c4188f8dbad6a1e6f6d44d117eeb
...skipped...
    Installing pip script to /home/seriy/le/bin
    Installing pip2.7 script to /home/seriy/le/bin
    Installing pip2 script to /home/seriy/le/bin
Successfully installed pip
(le)$ pip install letsencrypt==0.3.0
...skipped...
Successfully installed ConfigArgParse-0.10.0 PyOpenSSL-0.15.1 acme-0.3.0 cffi-1.5.0 configobj-5.0.6 cryptography-1.2.2 enum34-1.1.2 funcsigs-0.4 idna-2.0 ipaddress-1.0.16 letsencrypt-0.3.0 mock-1.3.0 ndg-httpsclient-0.4.0 parsedatetime-1.5 pbr-1.8.1 psutil-3.4.2 pyasn1-0.1.9 pycparser-2.14 pyrfc3339-1.0 python2-pythondialog-3.3.0 pytz-2015.7 requests-2.9.1 setuptools-19.6.1 six-1.10.0 werkzeug-0.11.3 zope.component-4.2.2 zope.event-4.1.0 zope.interface-4.1.3
/home/seriy/le/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning

(le)$ ./le/bin/letsencrypt -h certonly
An unexpected error occurred:
KeyError: 'webroot'
Please see the logfile 'letsencrypt.log' for more details.
(le)$ cat letsencrypt.log 
Traceback (most recent call last):
  File "./le/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/seriy/le/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1406, in main
    args = prepare_and_parse_args(plugins, cli_args)
  File "/home/seriy/le/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1122, in prepare_and_parse_args
    _plugins_parsing(helpful, plugins)
  File "/home/seriy/le/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1249, in _plugins_parsing
    help="public_html / webroot path. This can be specified multiple times to "
  File "/home/seriy/le/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 892, in add
    if self.visible_topics[topic]:
KeyError: 'webroot'