Hi All,
When I try to renew my certificate using acme_tiny python script, I have exactly the same problem as the one described in this thread : https://community.letsencrypt.org/t/directory-access-problem/161112
Unfortunatly, I didn't find any clear solution in the post.
Before I give you all the details, you have to know that
- The script is automatically called by cron table
- The last correct renewal is dated 25/09/2021
- before that date, It had been working perfectly for many weeks without any problem. .
- As far as I know, no change at all (no update, nothing) has been done on the server around this date
- I am a developper and not a server admin so sometimes, I can get confused with that task. Please be indulgent
I ran this command: call acme_tiny python script
note : I tried also with the last version of the script found here https://github.com/diafygi/acme-tiny with the same result
It produced this output:
Parsing account key...
Parsing CSR...
Found domains: fmst.ecagroup.com
Getting directory...
Traceback (most recent call last):
File "/etc/letsencrypt/acme_tiny.py", line 199, in <module>
main(sys.argv[1:])
File "/etc/letsencrypt/acme_tiny.py", line 195, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact, check_port=args.check_port)
File "/etc/letsencrypt/acme_tiny.py", line 105, in get_crt
directory, _, _ = _do_request(directory_url, err_msg="Error getting directory")
File "/etc/letsencrypt/acme_tiny.py", line 46, in _do_request
raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error getting directory:
Url: https://acme-v02.api.letsencrypt.org/directory
Data: None
Response Code: None
Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>
Job for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details.
unable to load certificate
140613104866960:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
Note : when I try to see what I can find at the adress https://acme-v02.api.letsencrypt.org/directory, I get a json file containing :
{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
"xJuwsI2zqiE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
My web server is (include version):
Server version: Apache/2.4.10 (Debian)
on a Debian machine.
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no, command line only
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
I am not using certbot
Thanks in advance for your support
Antoine