Add a certificate to an ELB that does not already have a listener added

[mtwalsh]

Probably not the use case you want to address but if the ELB only has one listener, for port 80 perhaps, the script would not do anything and actually returns an error: ValueError: need more than 0 values to unpack. It would be handy if the script could populate a vanilla ELB with a certificate and added the necessary listener.

[alex]

While I like the concept, it requires quite a bit of extra configuration. In addition to the usual port, you need to know:

• Which protocol (both HTTPS and SSL are valid)
• Which instance protocol (some people will want re-encryption, HTTP vs. `TCP)
• Which instance port

If we can come up with answers to these questions, I'm happy to add support for this.

[mtwalsh]

Good point, perhaps there should be a flag --cert-only that would just upload the certificate to IAM leaving the user to create the listener?

[alex]

That might be the right solution. I've got some refactors I want to do this
weekend that will hopefully make changes less this more straightforward.

On Wed, Jan 20, 2016 at 10:50 PM, Michael Walsh notifications@github.com
wrote:

Good point, perhaps there should be a flag --cert-only that would just
upload the certificate to IAM leaving the user to create the listener?

—
Reply to this email directly or view it on GitHub
#13 (comment)
.

"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084

[alex]

Can you file a seperate issue with a full traceback on what happens if you
pass the port as a string? It should either work or have a better error
message.

On Wed, Mar 16, 2016 at 10:13 AM, bshih-ixxus notifications@github.com
wrote:

I have come across the same error : "ValueError: need more than 0 values
to unpack", but might be under different circumstance to the original case.
It turned out that I had put double quotes around the value for "port:" in
LETSENCRYPT_AWS_CONFIG, as per instruction :-) That's:

        "elb": {
            "name": "my-elb",
            "port": "443"
        },

This converted the value of port to unicode rather than int. By removing
the double quotes, it worked just fine.

        "elb": {
            "name": "my-elb",
            "port": 443
        },

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#13 (comment)

"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6

[wilbyang]

I got the same error exactly, with the traceback as follows

Traceback (most recent call last): File "letsencrypt-aws.py", line 548, in <module> cli() File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 716, in __call__ return self.main(*args, **kwargs) File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 696, in main rv = self.invoke(ctx) File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 1060, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 889, in invoke return ctx.invoke(self.callback, **ctx.params) File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 534, in invoke return callback(*args, **kwargs) File "letsencrypt-aws.py", line 511, in update_certificates force_issue, certificate_requests File "letsencrypt-aws.py", line 409, in update_elbs cert_request, File "letsencrypt-aws.py", line 333, in update_elb current_cert = cert_request.cert_location.get_current_certificate() File "letsencrypt-aws.py", line 72, in get_current_certificate if listener["Listener"]["LoadBalancerPort"] == self.elb_port ValueError: need more than 0 values to unpack

Hope that I could use the --cert-only feature soon.

[sudochop]

+1 --cert-only is exactly what myself an others need - especially when using other tools like terraform.

[tj]

👍 how are people bootstrapping without this? I'm just getting need more than 0 values to unpack as well

[kickino]

@th: you can still create an ELB with an HTTPS listener and a dummy cert. Can be an expired old cert, or you copy a cert from an EC2 instance, anything.
After the ELB is created you can use this project to deploy the real key.
Maybe this helped. 🙃