Comments (5)
What error do you see ?
from acme.sh.
I see the following in my cron job output:
sudo: no tty present and no askpass program specified
Note: I don't receive such errors when running interactively.
I receive multiple (5) security alerts from sudo:
FQDN : Feb 13 22:40:01 : USER : a password is required ; TTY=unknown ; PWD=/working/path ; USER=root ; COMMAND=/usr/bin/uptime
I followed the flow of a "renew" through the code and see no need for sudo to be used for a renewal. In fact, when I searched for sudo in the code, the only two places I see reference to it is the test in _initpath() and the routine that creates the cron job.
So, I don't understand why sudo is included at all, especially when there is a comment that it's not require
from acme.sh.
just fixed. "sudo" is removed from the crontab.
"Not required to be root" doesn't mean "Not be root in any cases". for example, If you use standalone mode to issue cert, when the crontab tries to re-issue the cert , it must be root to be able to listen to 80 port.
Your machine just seems not quite normal: the root user is required to input password when using sudo.
In most normal cases, the password is not required for root user to use sudo.
Yes, this issue maybe a problem for a normal sudoer, who is required to input password. That's why I removed 'sodu' from crontab.
I think normal sudoers should use other approaches to get rid of the issue above.
from acme.sh.
Is sudo still part of the _initpath() function?
You seem to be assuming that I'm running the cron job as root. That is a false assumption. I'm not running the cron job as root. I'm running the cron job as my unprivileged user.
Many distrobutions may allow root to run sudo, some even with NOPASSWD: However, assuming ~> expecting that to be the case is very dangerous. Many ~> most enterprise environments will abandon the defaults with prejudice. (I know of a top 100 consulting company that just finished a company wide security audit / cleanup effort for thousands of their client companies restricting sudo like I'm describing.)
Even if root is allowed to run sudo -and- do so with NOPASSWD:, there is an EXTREMELY good chance that sudo is configured to 'requiretty'. So, unless someone goes WAY out of their way to generate a bogus tty (something that is not trivial to do), non-interactive jobs (like cron) won't have a tty. Thus they can't satisfy the 'requiretty' parameter.
from acme.sh.
@drscriptt see f9a1b64
from acme.sh.
Related Issues (20)
- When using the env DOCKER_HOST, an error occurred during the deployment to docker containers HOT 1
- Report bugs to Alviy.com DNS API HOT 1
- grep: unrecognized option: P HOT 14
- #4942 Issue with cPanel (How to use multiple API for different DNS provider to issue SAN certificate?) HOT 1
- Hostinger DNS selectel.ru added new API DNS HOT 1
- Feature: Add new version DNS API for SELECTEL hostinger HOT 1
- Edge case: _contains using grep with regex matches incorrectly for 'g.domain.com', at least for INWX api HOT 1
- TrueNAS not updating the SSL as ot was before HOT 3
- multiple cronjob support for multiple `--config-home` HOT 1
- Support removing clientAuth from extended key usage extension HOT 1
- Non-existent error code 139,resulting in application failure HOT 1
- docker最新版的镜像使用dns_ali会颁发证书失败,改用3.0.1版本可以颁发成功 HOT 1
- Issue cert fail using aliyun api HOT 2
- The "unathorized" error sends http code 401 and not 403 (according to RFC8555) HOT 1
- Report bugs to Timeweb Cloud DNS API HOT 1
- SERVFAIL looking up CAA HOT 4
- 请问如何生成 windows iis 用的pfx文件? HOT 3
- same cert for different domains and webroots HOT 3
- 如何手动增加域名验证文件 HOT 1
- Trouble issuing certs with dns_simply.sh plugin HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme.sh.