DeserializationError: Deserialization error: Wrong directory fields

[Dabada]

Got an error when starting a nodeBB virtual host container : DeserializationError: Deserialization error: Wrong directory fields

STEPS

Container nginx-proxy

docker run -d -p 80:80 -p 443:443 \
    --name nginx-proxy \
    -v /srv/nginx/certs:/etc/nginx/certs:ro \
    -v /etc/nginx/vhost.d \
    -v /usr/share/nginx/html \
    -v /var/run/docker.sock:/tmp/docker.sock:ro \
    jwilder/nginx-proxy

Container nginx-letsencrypt

docker run -d \
    --name nginx-letsencrypt \
    -v /srv/nginx/certs:/etc/nginx/certs:rw \
    --volumes-from nginx-proxy \
    -v /var/run/docker.sock:/var/run/docker.sock:ro \
    jrcs/letsencrypt-nginx-proxy-companion

Container node-bb

docker run -e "VIRTUAL_HOST=xxx.ovh.net" \
    -e "LETSENCRYPT_HOST=xxx.ovh.net" \
    -e "LETSENCRYPT_TEST=true" \
    --name node-bb \
    --link node-bb-redis:redis \
    -p 4567:4567 -P -t -i \
    benlubar/nodebb:latest

Letsencrypt logs

docker logs -f nginx-letsencrypt

2016/12/08 13:01:38 Received event start for container 16ba23c35d3f
2016/12/08 13:01:53 Debounce minTimer fired
2016/12/08 13:01:53 Generated '/app/letsencrypt_service_data' from 3 containers
2016/12/08 13:01:53 Running '/app/update_certs'
Creating/renewal vps350014.ovh.net certificates... (vps350014.ovh.net)
2016-12-08 13:01:53,873:INFO:simp_le:1211: Generating new account key
2016-12-08 13:01:55,068:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Traceback (most recent call last):
  File "build/bdist.linux-x86_64/egg/simp_le.py", line 1401, in main
    return main_with_exceptions(cli_args)
  File "build/bdist.linux-x86_64/egg/simp_le.py", line 1386, in main_with_exceptions
    persist_new_data(args, existing_data)
  File "build/bdist.linux-x86_64/egg/simp_le.py", line 1282, in persist_new_data
    client = registered_client(args, existing_data.account_key)
  File "build/bdist.linux-x86_64/egg/simp_le.py", line 1224, in registered_client
    client = acme_client.Client(directory=args.server, key=key, net=net)
  File "build/bdist.linux-x86_64/egg/acme/client.py", line 63, in __init__
    self.net.get(directory).json())
  File "build/bdist.linux-x86_64/egg/acme/messages.py", line 169, in from_json
    raise jose.DeserializationError(str(error))
DeserializationError: Deserialization error: Wrong directory fields

Unhandled error has happened, traceback is above

Debugging tips: -v improves output verbosity. Help is available under --help.
Sleep for 3600s

[alastaircoote]

It's due to a change in the TOS. @thomastweets has been good enough to create a new version that works:

https://hub.docker.com/r/thomastweets/docker-letsencrypt-nginx-proxy-companion/

But FYI, it doesn't work with the staging server.

[kachkaev]

@alastaircoote that must be something else. Just got the same error while trying to get a cert for a .рф domain for the first time and got this (it is defined as .xn--p1ai in my ENV). Tried replacing jrcs/letsencrypt-nginx-proxy-companion with thomastweets/docker-letsencrypt-nginx-proxy-companion, but that did not help too.

It seems like this repo's image has got a right hash for the ToS because they haven't changed anything since August and I've been successfully getting certs for ASCII (non-IDE) domains since then.

This issue is likely to be a duplicate for #130, which is probably still topical although marked as fixed. The reason why I decided to get a cert for an IDE domain is because they became supported by Letsencrypt just a few hours ago: letsencrypt/boulder#2277 (comment)

[Dabada]

Thank's @alastaircoote. I'll consider this for production. Do you know why it doesn't work with the staging server ?

[alastaircoote]

Yes, I take it back - it did work for me, and issued a cert for one subdomain. But now I'm trying with another and it's failing, so I'm not sure what is going on. The core problem seems to be relying on simp_le, which seems to be kind of dead:

kuba/simp_le#118

[kachkaev]

/cc @jsha

[alastaircoote]

OK, I believe I have a fix. But I should preface this by saying that I am not well versed in either LetsEncrypt or SSL certs in general, so if I were you I wouldn't trust me.

As mentioned in the issue I linked to, simp_le pull request #112 seems to fix the issue, but it hasn't been merged. So I made a fork of this repo that switches to the acme-0.8 branch before it builds:

https://github.com/alastaircoote/docker-letsencrypt-nginx-proxy-companion

Then put that on Docker hub:

https://hub.docker.com/r/alastaircoote/docker-letsencrypt-nginx-proxy-companion/

It's working for me. But as I say, this needs someone with more knowledge than me to look it over if you're going to use it in a production environment or anything like that.

[Dabada]

@alastaircoote Great ! Works for me too (staging mode). I'll try with production mode.

[jsha]

I agree that seems like the right choice. Older version of the acme package had a bug where they would fail if presented with any fields in the directory that they didn't recognize. Upgrading to a more recent acme package fixes it.

[Dabada]

@alastaircoote your fix is the good one. It works in production too. Thank's

[mlaitinen]

@Dabada why did you close this issue? Even if it works in alastaircoote/docker-letsencrypt-nginx-proxy-companion it doesn't mean that it works in the JrCs version (=this repository). IMO this is still an issue with jrcs.

[alastaircoote]

Agree on keeping this open, if only so that people can find it on the issues page (it's how I found it).

I've submitted pull request #132 to incorporate my change into this repo - I'd much rather do that than have more and more people using my branch, which I won't be actively maintaining.

[pasgou]

It needs to stay open. I had the problem yesterday and this issue was necessary

[Toub]

@Dabada this project is broken and a lot of users experiment this problem in production!

This issue should be re-open and @alastaircoote temp fixed should be merge until a better solution is fount.

[dotellie]

While this is slightly off-topic, is @JrCs even active on this project anymore? If not, wouldn't it be better just to fork this repo and move to that permanently?

[Dabada]

@mlaitinen (and others), you are right. The issues is reopened.

[thatbudakguy]

@alastaircoote fix still runs into #128 for me.

[alastaircoote]

@thatbudakguy that looks like a totally different error to me - this only fixes the Wrong directory fields error others have encountered.

[thatbudakguy]

@alastaircoote absolutely; sorry for off-topic - just wondering if anyone else has deployed the fix and also run into #128, since I'm at a loss

[leosprikryl]

@thatbudakguy Yes, I am having exactly the same problem. I use @alastaircoote fork and I am still running into #128.

[joeknock90]

Glad it isn't just me!

[jakubgs]

Just today I tried using this image for the first time and I encountered this issue.

[alastaircoote]

AFAIK, the problems described in this issue appear fixed when using the branch I made, and will hopefully go away when the pull request is merged

This doesn't apply to the problems in #128 though.

[trash-anger]

The Issue is not fixed for me using @thomastweets ...

Still get this :

Creating/renewal gitlab.domain.tld certificates... (gitlab.domain.tld)
2016/12/13 15:37:35 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs'
2016/12/13 15:37:35 Watching docker events
2016/12/13 15:37:35 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs'
2016-12-13 15:37:36,246:INFO:simp_le:1211: Generating new account key
2016-12-13 15:37:40,587:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Traceback (most recent call last):
  File "build/bdist.linux-x86_64/egg/simp_le.py", line 1401, in main
    return main_with_exceptions(cli_args)
  File "build/bdist.linux-x86_64/egg/simp_le.py", line 1386, in main_with_exceptions
    persist_new_data(args, existing_data)
  File "build/bdist.linux-x86_64/egg/simp_le.py", line 1282, in persist_new_data
    client = registered_client(args, existing_data.account_key)
  File "build/bdist.linux-x86_64/egg/simp_le.py", line 1224, in registered_client
    client = acme_client.Client(directory=args.server, key=key, net=net)
  File "build/bdist.linux-x86_64/egg/acme/client.py", line 63, in __init__
    self.net.get(directory).json())
  File "build/bdist.linux-x86_64/egg/acme/messages.py", line 169, in from_json
    raise jose.DeserializationError(str(error))
DeserializationError: Deserialization error: Wrong directory fields

Unhandled error has happened, traceback is above

[alastaircoote]

@trash-anger try using https://hub.docker.com/r/alastaircoote/docker-letsencrypt-nginx-proxy-companion/

[trash-anger]

Oh yeah !!!! Thank you !!! ;) 👍

[smyth64]

@alastaircoote hey man you are really dope! :D

[necevil]

Thanks @alastaircoote
Was trying to figure this one out for quite a while.
Your solution worked perfectly.

[sutyrin]

@alastaircoote works like a charm, thanks, bro!

[uschtwill]

Thanks @JrCs, for not forsaking us! ;) Switching back from @alastaircoote's.

And thanks @alastaircoote for the quick fix!

[alastaircoote]

Happy to help. I strongly encourage everyone move back to this repo as I won't be maintaining my fork!