8000 [pki] Remove ACME contacts feature by oxmie · Pull Request #2602 · debops/debops · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

[pki] Remove ACME contacts feature #2602

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[pki] Remove ACME contacts feature #2602

wants to merge 1 commit into from

Conversation

oxmie
Copy link
Contributor
@oxmie oxmie commented Jun 16, 2025
edited
Loading

Description

As Let's encrypt ended it's expiration notification (see https://letsencrypt.org/2025/01/22/ending-expiration-emails/) the contact settings does not work anymore (see also diafygi/acme-tiny#299 ).

DebOps uses acme-tiny to generate new or renewal Let's encrypt certificates. Currently there will be an error thrown and no new certificate is generated.

root@host:/etc/pki/realms# cat <DOMAIN>/acme/error.log 
Parsing account key...
Parsing CSR...
Found domains: <DOMAIN>
Getting directory...
Directory found!
Registering account...
Registered!
Traceback (most recent call last):
  File "/usr/bin/acme-tiny", line 33, in <module>
    sys.exit(load_entry_point('acme-tiny==4.1.0', 'console_scripts', 'acme-tiny')())
  File "/usr/lib/python3/dist-packages/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/lib/python3/dist-packages/acme_tiny.py", line 116, in get_crt
    log.info("Updated contact details:\n{0}".format("\n".join(account['contact'])))
KeyError: 'contact'

Solution

1. Remove acme_contacts-feature

  • see this pull request

2. Remove config['acme_contacts'] from .../config/realm.conf

find /etc/pki/realms -type f -path "*/config/realm.conf" -exec sed -i '/acme_contacts/d' {} \;

3. Delete error.log containing KeyError: 'contact' to allow regeneration of new certificates.

find /etc/pki/realms -type f -path "*/acme/error.log" -exec rm -i {} \;

4. (Optional) Run certificate generation manually

cd /etc/pki/realms/;
for realm in *;
do
  echo -n "$realm ... ";
  /usr/local/lib/pki/pki-realm run -n $realm;
  echo "DONE";
done

@oxmie oxmie requested review from drybjed and tasosalvas as code owners June 16, 2025 08:56
@oxmie oxmie mentioned this pull request Jun 16, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drybjed drybjed Awaiting requested review from drybjed drybjed is a code owner

@tasosalvas tasosalvas Awaiting requested review from tasosalvas tasosalvas is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@oxmie
0