A user reported an error when adding a certificate issued by LetsEncrypt using these commands:
set pki certificate access-nl acme domain-name 'vyos.my.domain.com' set pki certificate access-nl acme email '[email protected]' set pki certificate access-nl acme listen-address '192.0.2.1' set pki certificate access-nl acme rsa-key-size '4096'
This resulted in the following error:
vyos@vyos# commit Add/replace automatically imported CA certificate for "access-nl" ... [ pki ] Add/replace automatically imported CA certificate for "access-nl" ... VyOS had an issue completing a command. We are sorry that you encountered a problem while using VyOS. There are a few things you can do to help us (and yourself): - Contact us using the online help desk if you have a subscription: https://support.vyos.io/ - Make sure you are running the latest version of VyOS available at: https://vyos.net/get/ - Consult the community forum to see how to handle this issue: https://forum.vyos.io - Join us on Slack where our users exchange help and advice: https://vyos.slack.com When reporting problems, please include as much information as possible: - do not obfuscate any data (feel free to contact us privately if your business policy requires it) - and include all the information presented below Report time: 2025-07-18 10:41:16 Image version: VyOS 1.4.3 Release train: sagitta Built by: [email protected] Built on: Mon 07 Jul 2025 15:51 UTC Build UUID: e21383ca-f46f-4b6c-be6e-0f055a358fa7 Build commit ID: f327543504e3da-dirty Architecture: x86_64 Boot via: installed image System type: VMware guest Hardware vendor: VMware, Inc. Hardware model: VMware Virtual Platform Hardware S/N: VMware-42 24 85 59 58 3f 01 df-85 92 53 38 6f 7b 5a 9c Hardware UUID: 59852442-3f58-df01-8592-53386f7b5a9c Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/pki.py", line 581, in <module> generate(c) File "/usr/libexec/vyos/conf_mode/pki.py", line 545, in generate add_cli_node(['pki', 'ca', f'{autochain_prefix}{cert}', 'certificate'], value=cert_chain_base64) ^^^^^^^^^^^^ NameError: name 'add_cli_node' is not defined noteworthy: cmd 'certbot certonly --non-interactive --config-dir /config/auth/letsencrypt --cert-name access-nl --standalone --agree-tos --no-eff-email --expand --server https://acme-v02.api.letsencrypt.org/directory --email [email protected] --key-type rsa --rsa-key-size 4096 --domains vyos.my.domain.com --http-01-address 192.0.2.1 --dry-run' returned (out): Simulating renewal of an existing certificate for access.nl The dry run was successful. returned (err): Saving debug log to /var/log/letsencrypt/letsencrypt.log cmd 'certbot delete --non-interactive --config-dir /config/auth/letsencrypt --cert-name access-nl' returned (out): Deleted all files relating to certificate access-nl. returned (err): Saving debug log to /var/log/letsencrypt/letsencrypt.log cmd 'certbot certonly --non-interactive --config-dir /config/auth/letsencrypt --cert-name access-nl --standalone --agree-tos --no-eff-email --expand --server https://acme-v02.api.letsencrypt.org/directory --email [email protected] --key-type rsa --rsa-key-size 4096 --domains vyos.my.domain.com --http-01-address 192.0.2.1' returned (out): Requesting a certificate for access.nl Successfully received certificate. Certificate is saved at: /config/auth/letsencrypt/live/access-nl/fullchain.pem Key is saved at: /config/auth/letsencrypt/live/access-nl/privkey.pem This certificate expires on 2025-10-16. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - returned (err): Saving debug log to /var/log/letsencrypt/letsencrypt.log [[pki]] failed Commit failed [edit]