A user reported an error when adding a certificate issued by LetsEncrypt using these commands:
set pki certificate access-nl acme domain-name 'vyos.my.domain.com' set pki certificate access-nl acme email 'vyos@vyos.net' set pki certificate access-nl acme listen-address '192.0.2.1' set pki certificate access-nl acme rsa-key-size '4096'
This resulted in the following error:
vyos@vyos# commit
Add/replace automatically imported CA certificate for "access-nl" ...
[ pki ]
Add/replace automatically imported CA certificate for "access-nl" ...
VyOS had an issue completing a command.
We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Contact us using the online help desk if you have a subscription:
https://support.vyos.io/
- Make sure you are running the latest version of VyOS available at:
https://vyos.net/get/
- Consult the community forum to see how to handle this issue:
https://forum.vyos.io
- Join us on Slack where our users exchange help and advice:
https://vyos.slack.com
When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
business policy requires it)
- and include all the information presented below
Report time: 2025-07-18 10:41:16
Image version: VyOS 1.4.3
Release train: sagitta
Built by: autobuild@vyos.net
Built on: Mon 07 Jul 2025 15:51 UTC
Build UUID: e21383ca-f46f-4b6c-be6e-0f055a358fa7
Build commit ID: f327543504e3da-dirty
Architecture: x86_64
Boot via: installed image
System type: VMware guest
Hardware vendor: VMware, Inc.
Hardware model: VMware Virtual Platform
Hardware S/N: VMware-42 24 85 59 58 3f 01 df-85 92 53 38 6f 7b 5a 9c
Hardware UUID: 59852442-3f58-df01-8592-53386f7b5a9c
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/pki.py", line 581, in <module>
generate(c)
File "/usr/libexec/vyos/conf_mode/pki.py", line 545, in generate
add_cli_node(['pki', 'ca', f'{autochain_prefix}{cert}', 'certificate'], value=cert_chain_base64)
^^^^^^^^^^^^
NameError: name 'add_cli_node' is not defined
noteworthy:
cmd 'certbot certonly --non-interactive --config-dir /config/auth/letsencrypt --cert-name access-nl --standalone --agree-tos --no-eff-email --expand --server https://acme-v02.api.letsencrypt.org/directory --email vyos@vyos.net --key-type rsa --rsa-key-size 4096 --domains vyos.my.domain.com --http-01-address 192.0.2.1 --dry-run'
returned (out):
Simulating renewal of an existing certificate for access.nl
The dry run was successful.
returned (err):
Saving debug log to /var/log/letsencrypt/letsencrypt.log
cmd 'certbot delete --non-interactive --config-dir /config/auth/letsencrypt --cert-name access-nl'
returned (out):
Deleted all files relating to certificate access-nl.
returned (err):
Saving debug log to /var/log/letsencrypt/letsencrypt.log
cmd 'certbot certonly --non-interactive --config-dir /config/auth/letsencrypt --cert-name access-nl --standalone --agree-tos --no-eff-email --expand --server https://acme-v02.api.letsencrypt.org/directory --email vyos@vyos.net --key-type rsa --rsa-key-size 4096 --domains vyos.my.domain.com --http-01-address 192.0.2.1'
returned (out):
Requesting a certificate for access.nl
Successfully received certificate.
Certificate is saved at: /config/auth/letsencrypt/live/access-nl/fullchain.pem
Key is saved at: /config/auth/letsencrypt/live/access-nl/privkey.pem
This certificate expires on 2025-10-16.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
returned (err):
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[[pki]] failed
Commit failed
[edit]