I am trying to update certs on my servers with dehydrated and dehydrated-route53-hook-script.
Here is the complete command and error:
./xsys renewcerts
Running: cd certificates && ./dehydrated --cron
# INFO: Using main config file ..config/certificates/config
Processing mydomain.org with alternative names: dev-mydomain.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Apr 21 11:47:17 2019 GMT (Less than 30 days). Renewing!
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for dev-mydomain.org
+ Handling authorization for mydomain.org
+ 2 pending challenge(s)
+ Deploying challenge tokens...
Error: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Could not find zone for dev-mydomain.org
Running: cd certificates && ./dehydrated --cleanup
Looks like the aws credentials are failing, but from everything I can tell those are OK. I last ran this ~60 days ago and it ran fine then and (as far as I know) nothing has changed.
Any ideas on where to look for a fix is appreciated.
I found that this command is failing:
$cli53 list
Error: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
So the root issue seems to be cli53. I have credentials in ~/.aws/credentials per docs.
This ended up being an issue with cli53. I had a symlink as follows...
ls -la .aws/
total 0
drwxr-xr-x 3 myuser staff 96 Apr 5 15:33 .
drwxr-xr-x+ 143 myuser staff 4576 Apr 8 12:30 ..
lrwxr-xr-x 1 myuser staff 69 Apr 5 15:33 credentials -> /Users/myuser/ansible/myapp/_secrets/aws_credentials
...but I had recently changed this path to:
/Users/myuser/apps/myapp/_secrets/aws_credentials so it was simply a failure of cli53 being able to find the appropriate credentials.