Double brackets in webroot_map prevent from updating letsencrypt

[raratiru]

Describe the bug

Letsencrypt fails renewal due to webroot not beeing set.

# journalctl -n 100 -u snap.nextcloud.renew-certs
-- Logs begin at Wed 2019-10-23 00:44:10 EEST, end at Wed 2019-10-23 19:11:09 EEST. --
[673]: Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
[673]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[673]: Processing
[673]: /var/snap/nextcloud/current/certs/certbot/config/renewal/example.com.conf
[673]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[673]: Cert is due for renewal, auto-renewing...
[673]: Non-interactive renewal: random delay of 67 seconds
[673]: Plugins selected: Authenticator webroot, Installer None
[673]: Renewing an existing certificate
[673]: Performing the following challenges:
[673]: http-01 challenge for example.com
[673]: http-01 challenge for www.example.com
[673]: Cleaning up challenges
[673]: Attempting to renew cert (example.com) from /var/snap/nextcloud/current/certs/certbot/config/renewal/example.com.conf produced an unexpected error:
[673]: Select the webroot for example.com:
[673]: Choices: ['Enter a new webroot', '/var/snap/nextcloud/current/certs/certbot']
[673]: (You can set this with the --webroot-path flag). Skipping.
[673]: All renewal attempts failed. The following certs could not be renewed:
[673]:   /var/snap/nextcloud/current/certs/certbot/config/live/example.com/fullchain.pem (failure)
[673]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[673]: All renewal attempts failed. The following certs could not be renewed:
[673]:   /var/snap/nextcloud/current/certs/certbot/config/live/example.com/fullchain.pem (failure)
[673]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[673]: Running post-hook command: restart-apache
[673]: Output from post-hook command restart-apache:
[673]: Restarting apache... done
[673]: 1 renew failure(s), 0 parse failure(s)

In letsencrypt.log among the error lines the message is:

MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Select the webroot for example.com:
Choices: ['Enter a new webroot', '/var/snap/nextcloud/current/certs/certbot']

Although:

# cat /var/snap/nextcloud/current/certs/certbot/config/renewal/example.com.conf
# renew_before_expiry = 30 days
version = 0.33.1
archive_dir = /var/snap/nextcloud/current/certs/certbot/config/archive/example.com
cert = /var/snap/nextcloud/current/certs/certbot/config/live/example.com/cert.pem
privkey = /var/snap/nextcloud/current/certs/certbot/config/live/example.com/privkey.pem
chain = /var/snap/nextcloud/current/certs/certbot/config/live/example.com/chain.pem
fullchain = /var/snap/nextcloud/current/certs/certbot/config/live/example.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = 3edbd5ec965cb7b71e6bf05e0ff5d908
work_dir = /var/snap/nextcloud/current/certs/certbot/work
config_dir = /var/snap/nextcloud/current/certs/certbot/config
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = webroot
logs_dir = /var/snap/nextcloud/current/certs/certbot/logs
rsa_key_size = 4096
webroot_path = /var/snap/nextcloud/current/certs/certbot,
[[webroot_map]]
www.example.com = /var/snap/nextcloud/current/certs/certbot

I am running on Debian GNU/Linux 10 (buster)

# snap list nextcloud
Name       Version      Rev    Tracking  Publisher   Notes
nextcloud  16.0.5snap2  16402  stable    nextcloud✓  -

# snap version
snap    2.42
snapd   2.42
series  16
debian  10
kernel  4.19.0-6-amd64

[raratiru]

The error was in /var/snap/nextcloud/current/certs/certbot/config/renewal/example.com.conf.
[[webroot_map]] should have been [webroot_map].

[mateuszkwiatkowski]

I'm seeing the same issue with 16.0.5snap3. Removing extra brackets in domain_name.conf resolved the issue.

# snap version
snap    2.42
snapd   2.42
series  16
ubuntu  18.04
kernel  4.15.0-66-generic

[avilleret]

This issue is still present in 21.0.1snap2. Removing extra brackets in domain_name.conf resolved the issue.

$ snap version
snap    2.51.1
snapd   2.51.1
series  16
ubuntu  20.04
kernel  5.4.0-74-generic

[github-actions]

This issue is stale because it has been without activity for 60 days. It will be closed after 7 more days of inactivity.

[r4co0n]

This error is still present:

root@test-nextcloud:~# grep webroot_map /var/snap/nextcloud/current/certs/certbot/config/renewal/*.conf
[[webroot_map]]
root@test-nextcloud:~# uname -ar
Linux test-nextcloud 5.4.0-88-generic #99-Ubuntu SMP Thu Sep 23 17:29:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
root@test-nextcloud:~# grep webroot_map /var/snap/nextcloud/current/certs/certbot/config/renewal/*.conf
[[webroot_map]]

Fresh focal VM, upgraded all packages, rebooted and installed the snap.
This hopefully gets fixed with #1902.

[github-actions]

This issue is stale because it has been without activity for 60 days. It will be closed after 7 more days of inactivity.

[avilleret]

I don't think this issue has been solve yet, so Dear Bot, please let it open. Thanks

[xandark]

This issue is still present, I am so grateful that I found a patch solution here. This needs to be fixed, it just seems to be a matter of not having double brackets