본문 바로가기
Certificates, ssl, tls

(에러)Certbot fails to run hook scripts

콴트 2021. 11. 15. 19:05

 

sudo docker run -it --rm --name certbot -v '/etc/letsencrypt:/etc/letsencrypt' certbot -d $SERVER_DOMAIN --agree-tos --register-unsafely-without-email --manual \
--preferred-challenges dns --manual-auth-hook $HOOK_RENEWAL \
--manual-cleanup-hook $HOOK_CLEANUP --manual-public-ip-logging-ok \
--force-renewal certonly

 

다음과 같이 docker로 certbot을 실행시키고 hook으로 script를 건네줄 때, 혹은 certbot을 docker container 내에서 실행시킬 때, 혹은 bash script를 다음과 같은 not found 에러가 발생할 수 있다.

 

Running post-hook command: /etc/letsencrypt/renewal-hooks/post/renewal.sh
Hook command "/etc/letsencrypt/renewal-hooks/post/renewal.sh" returned error code 127
Error output from renewal.sh:
/bin/sh: /etc/letsencrypt/renewal-hooks/post/renewal.sh: not found

Running post-hook command: /etc/letsencrypt/renewal-hooks/post/cleanup.sh
Hook command "/etc/letsencrypt/renewal-hooks/post/cleanup.sh" returned error code 127
Error output from cleanup.sh:
/bin/sh: /etc/letsencrypt/renewal-hooks/post/cleanup.sh: not found

 

- renewal.sh

 

GODADDY_API_KEY="A4otjwa2kPt_2KapsqJz9suLQJVxYn6dWR"
GODADDY_API_SECRET="EKmVZPBnjxSZKLcKRZA96e"
GODADDY_URL="https://api.godaddy.com/"
############################################################

# Replace all of a Domain's type of DNS Records

DNS_REC_TYPE=TXT
DNS_REC_NAME="_acme-challenge"
DNS_REC_DATA="$CERTBOT_VALIDATION"
DNS_REC_TTL="600"

IFS='.' read -ra ADDR <<< $CERTBOT_DOMAIN
if [[ ${#ADDR[@]} > 2 ]]; then
        DNS_REC_NAME=`echo $CERTBOT_DOMAIN | cut --delimiter="." -f 1`;
        DNS_REC_NAME=`echo _acme-challenge.$DNS_REC_NAME`;
fi

curl -X PUT \
"${GODADDY_URL}/v1/domains/${CERTBOT_DOMAIN}/records/${DNS_REC_TYPE}/${DNS_REC_NAME}" \
-H  "accept: application/json" -H  "Content-Type: application/json" \
-H  "Authorization: sso-key ${GODADDY_API_KEY}:${GODADDY_API_SECRET}" \
-d "[{ \"data\": \"${DNS_REC_DATA}\", \"name\": \"${DNS_REC_NAME}\", \"ttl\": ${DNS_REC_TTL} }]"

# Sleep to make sure DNS propagates before lets encrypt validates.
sleep 30​

 

그 이유는 bash라는 프로그램을 사용하는데 있어서, 현재 실행하는 docker container는 bash를 포함하고 있지 않아서 /bin/sh가 scripts를 해석할 수 없다는 의미로 not found 에러를 표시하는 것이다. 이는 bash적인 표현을 없애거나 bash interpreter를 설치해주거나 맨 위에 #!/bin/bash를 넣어주면 해결된다.

'Certificates, ssl, tls' 카테고리의 다른 글

Auto Renewal for let's encrypt certificate with wildcard domain  (0) 2021.11.15
Certificates and Let's encrypt  (0) 2021.11.15

'Certificates, ssl, tls' Related Articles

티스토리툴바