[SOLVED] Snapd, Certbot inside a (privileged) Proxmox container

[Grunchy]

(Why a privileged container: well it's the only way I figured out how to pass through iGPU from the host APU to Ubuntu 22.10 running in LXC.)

I'm trying to install the Certbot snap inside a privileged Proxmox container but having issues.

Setting up squashfs-tools (1:4.5.1-1) ...
Setting up snapd (2.58+22.10.1) ...
apparmor_parser: Unable to replace "mount-namespace-capture-helper".  Permission denied; attempted to load a profile while confined?
apparmor_parser: Unable to replace "/usr/lib/snapd/snap-confine".  Permission denied; attempted to load a profile while confined?
Created symlink /etc/systemd/system/multi-user.target.wants/snapd.aa-prompt-listener.service -> /lib/systemd/system/snapd.aa-prompt-listener.service.
Created symlink /etc/systemd/system/multi-user.target.wants/snapd.apparmor.service -> /lib/systemd/system/snapd.apparmor.service.
Created symlink /etc/systemd/system/multi-user.target.wants/snapd.autoimport.service -> /lib/systemd/system/snapd.autoimport.service.
Created symlink /etc/systemd/system/multi-user.target.wants/snapd.core-fixup.service -> /lib/systemd/system/snapd.core-fixup.service.
Created symlink /etc/systemd/system/multi-user.target.wants/snapd.recovery-chooser-trigger.service -> /lib/systemd/system/snapd.recovery-chooser-trigger.service.
Created symlink /etc/systemd/system/multi-user.target.wants/snapd.seeded.service -> /lib/systemd/system/snapd.seeded.service.
Created symlink /etc/systemd/system/cloud-final.service.wants/snapd.seeded.service -> /lib/systemd/system/snapd.seeded.service.
Unit /lib/systemd/system/snapd.seeded.service is added as a dependency to a non-existent unit cloud-final.service.
Created symlink /etc/systemd/system/multi-user.target.wants/snapd.service -> /lib/systemd/system/snapd.service.
Created symlink /etc/systemd/system/timers.target.wants/snapd.snap-repair.timer -> /lib/systemd/system/snapd.snap-repair.timer.
Created symlink /etc/systemd/system/sockets.target.wants/snapd.socket -> /lib/systemd/system/snapd.socket.
Created symlink /etc/systemd/system/final.target.wants/snapd.system-shutdown.service -> /lib/systemd/system/snapd.system-shutdown.service.
Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
snapd.failure.service is a disabled or a static unit, not starting it.
snapd.mounts-pre.target is a disabled or a static unit, not starting it.
snapd.mounts.target is a disabled or a static unit, not starting it.
snapd.snap-repair.service is a disabled or a static unit, not starting it.
Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
Processing triggers for man-db (2.10.2-2) ...
Processing triggers for dbus (1.14.0-2ubuntu2) ...
Processing triggers for libc-bin (2.36-0ubuntu4) ...

Any direction, ideas will be greatly appreciated!
Thanks.

 

[BobhWasatch]

You're installing containers inside of containers and that rarely ends well. On Debian certbot is installable using apt, I would expect that Ubuntu is the same. If so that would be the way to go.

There's also lego, which is a standalone binary with no dependencies. The linux-386 version should work fine on almost any x86 Linux. That is also available via apt on Debian but you can get a generic version here:

https://github.com/go-acme/lego

 

[Grunchy]

Hey thanks a lot, this is what worked.

Certbot Installation
https://www.digitalocean.com/commun...cure-nginx-with-let-s-encrypt-on-ubuntu-20-04

# sudo apt install certbot python3-certbot-nginx
# nginx -t
# systemctl reload nginx
# certbot --nginx
# systemctl status certbot.timer
# certbot renew --dry-run