409 Error when renewing certs imported to AWS

Hello, I am getting a 409 error when running the letsencrypt "certbot" service to renew a certificate in AWS ACM (aws certificate manager). We run this command from a Jenkins pipeline, and it was always working before, but this week we are seeing this issue. Details provided below. Not sure if this is the correct place to post this, or if I should reach out to Akamai support.

My domain is:
[test-imaging-api.ppl.backends.cms.gov]

I ran this command:

Command '['certbot', 'certonly', '-n', '--agree-tos', '--email', '${my_email}', '-a', 'dns-akamai', '--logs-dir', './manage-certs-dr_g9wpz/logs', '--config-dir', './manage-certs-dr_g9wpz/conf', '--work-dir', './manage-certs-dr_g9wpz/work', '--dns-akamai-creds_file', ****, '-d', 'test-imaging-api.ppl.backends.cms.gov']' returned non-zero exit status 1.

It produced this output:
\nRequesting a certificate for test-imaging-api.ppl.backends.cms.gov\nUsing zone guess: backends.cms.gov\nAn unexpected error occurred:\nrequests.exceptions.HTTPError: 409 Client Error: Conflict for url: https://adp.backends.cms.gov/config-dns/v2/zones/backends.cms.gov/names/_acme-challenge.test-imaging-api.ppl.backends.cms.gov/types/TXT\nAsk for help or search for solutions at https://community.letsencrypt.org.

My web server is (include version): Running on AWS EC2

The operating system my web server runs on is (include version): RedHat Enterprise v7

My hosting provider, if applicable, is: Akamai

I can login to a root shell on my machine (yes or no, or I don't know): No

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, using Akamai console.

Welcome to the community @hsal2

That looks like a problem updating your DNS TXT record. That would happen in the dns-akamai plug-in noted on the command line. You could check with the author of that for debug tips. Or, perhaps akamai about the DNS failure message.

The message from certbot referring you here is just its generic failure message. It's hard for it to know the underlying cause of all failures :slight_smile:

That said, the volunteers here collectively have a deep and diverse background. Maybe another one will have better ideas than I do.

3 Likes

These seem to conflict:

DNS-01 authentication: [requested]

HTTP-01 authentication: [error encountered]

2 Likes

409 Client Error: Conflict for url

This means Akamai thinks the TXT record the client is trying to set conflicts with … something.

Without knowing more, I would try to set the record manually in the Akamai UI and see if you get a better error. Or see if there’s an old TXT record from a previous challenge that the plug-in doesn’t know how to deal with.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.