"An unexpected error occurred" while issuing certificate

My domain is: moonpower.cc

I ran this command: sudo certbot certonly --manual --preferred-challenges dns -d “moonpower.cc”

It produced this output: `Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for moonpower.cc


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?


(Y)es/(N)o: y


Please deploy a DNS TXT record under the name
_acme-challenge.moonpower.cc with the following value:

MW4H87FcZc-AhjR_AuCip2Jg3VhKT1hdiBNRmQFYQ-E

Before continuing, verify the record is deployed.


Press Enter to Continue
Waiting for verification…
Cleaning up challenges
An unexpected error occurred:
The server experienced an internal error :: Error finalizing order
Please see the logfiles in /var/log/letsencrypt for more details.`

The operating system is: archlinux

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is: certbot 0.39.0

Hi @NASAok

you have created a lot of certificates - https://check-your-website.server-daten.de/?q=moonpower.cc#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-11-17 2020-02-15 moonpower.cc - 1 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-11-17 2020-02-15 *.moonpower.cc - 1 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-11-17 2020-02-15 *.dev.moonpower.cc, *.moonpower.cc, docker.nexus.moonpower.cc - 3 entries duplicate nr. 3
Let’s Encrypt Authority X3 2019-11-17 2020-02-15 *.dev.moonpower.cc, *.moonpower.cc, docker.nexus.moonpower.cc, moonpower.cc - 4 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-11-17 2020-02-15 *.dev.moonpower.cc, *.moonpower.cc, docker.nexus.moonpower.cc - 3 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-11-17 2020-02-15 *.dev.moonpower.cc, *.moonpower.cc, docker.nexus.moonpower.cc - 3 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-10-11 2020-01-09 slava-mc-text-format-ukraine.moonpower.cc - 1 entries

The newest is your last command.

Where are these? Why don’t you use one of these.

Read the basics about rate limits:

I am also seeing this error in my domain (ronanarraes.com). In my case, I am trying to add a subdomain to my certificate.

EDIT: here is the response I get:

2019-11-17 11:44:46,857:DEBUG:acme.client:Received response:
HTTP 500
content-length: 112
cache-control: public, max-age=0, no-cache
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 38922151
date: Sun, 17 Nov 2019 14:44:46 GMT
content-type: application/problem+json
replay-nonce: 0001yyj8G-ivaCWKYE5w1VNP-jumde0wTYH4Ekr82Pwj-1I

{
  "type": "urn:ietf:params:acme:error:serverInternal",
  "detail": "Error finalizing order",
  "status": 500
}
2019-11-17 11:44:46,857:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 9, in <module>
    load_entry_point('certbot==0.39.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1378, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1265, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 307, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 364, in obtain_certificate
    cert, chain = self.obtain_certificate_from_csr(csr, orderr)
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 296, in obtain_certificate_from_csr
    orderr = self.acme.finalize_order(orderr, deadline)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 920, in finalize_order
    return self.client.finalize_order(orderr, deadline)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 752, in finalize_order
    self._post(orderr.body.finalize, wrapped_csr)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 95, in _post
    return self.net.post(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1194, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1208, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1063, in _check_response
    raise messages.Error.from_json(jobj)
Error: urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Error finalizing order
2019-11-17 11:44:46,859:ERROR:certbot.log:An unexpected error occurred:
2019-11-17 11:44:46,859:ERROR:certbot.log:The server experienced an internal error :: Error finalizing order

I am also facing the same problem with my domain ecourier.online, i have exceeded the rate limit because it took me 6 tries to setup a new server.
Is it possible to recover the certificates (i dont have certificate files)

Or can you increase the rate limit?

I am also having the same issue, I ran my domain through check-your-website and it appears the certificates were actually generated. However because the generation process failed my nginx conf was not updated automatically :confused:

EDIT: running “certbot certificates” came back with no certificates found despite what’s being reported on check-your-website

Im having the same issue im trying to generate manualy a wildcard certificate, is there something wrong with certbot right now?

Same here. Is something down?

  1. tried
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.DOMAIN.tld --manual --preferred-challenges dns-01 certonly

but it couldn’t verify the TXT record (with The server experienced an internal error :: Error finalizing order), then

  1. tried again, now facing above error directly.

It seems we are facing a service disruption. Question: when everything is normalized, will the rate limit be reseted? Because I tried many times during the problem…

1 Like

Hi @Astronought

what's your domain name?

"check your website" has an option to download the public part of the leaf certificate.

But I don't know if that has worked if Letsencrypt has such an interruption.

If that works, you should find the private key + the downloaded public key -> you can use both.

My domain is ronanarraes.com. It is working now, it is fine. The problem is that I need to add another domain to it (cloud.ronanarraes.com).

I have same problems with my service.israelinfo.co.il
How to check what happened?

There is an active incident: https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/5dd157fd53c977075541890a

Try again after that clears up.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.