Attempting to parse the version 0.20.0 renewal with version 0.19.0 of Certbot


#1

Hi there,

I’m trying to update my certificate, but I keep getting an error:

Attempting to parse the version 0.20.0 renewal configuration file found at /etc/letsencrypt/renewal/grants.nif.org.au.conf with version 0.19.0 of Certbot. This might not work.

No idea where to go from here.

Thanks.

My domain is: grants.nif.org.au

I ran this command: sudo certbot renew --dry-run

It produced this output:

Attempting to parse the version 0.20.0 renewal configuration file found at /etc/letsencrypt/renewal/grants.nif.org.au.conf with version 0.19.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for grants.nif.org.au
Cleaning up challenges
Attempting to renew cert (grants.nif.org.au) from /> etc/letsencrypt/renewal/grants.nif.org.au.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/grants.nif.org.au/fullchain.pem (failure)

My web server is (include version): Apache/2.4.7 (I’m using a Bitnami installation, Bitnami LAMP 5.6.30-2)

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is: Azure

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Hi,

Can you try run this command:
sudo apt-get upgrade

And see if certbot upgrades?

Thank yoh


#3

Or, did you previously use certbot-auto and then switch to an OS-provided version of Certbot afterward?


#4

I tried apt-get update but that didn’t seem to change anything.

I can’t remember whether I had originally tried certbot-auto, but it’s certainly possible. Any ideas on how I can do it?


#5

You could try locate certbot-auto to see if it’s present on your system.


#6

Seems like it’s there:

/opt/bitnami/letsencrypt/certbot-auto
/opt/eff.org/certbot/venv/certbot-auto-bootstrap-version.txt

Content of certbot-auto-bootstrap-version.txt is:

BootstrapDebCommon 1

Can/should I remove it?


#7

You could also use it for your renewal!


#8

I ran ./certbot-auto renew and got this response:

Attempting to renew cert (grants.nif.org.au) from /etc/letsencrypt/renewal/grants.nif.org.au.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6… Skipping.


#9

Did you maybe use --standalone when you originally issued your certificate, and did you not have an HTTPS service enabled yet at that time?


#11

I don’t remember, sorry. (I appreciate your help so far.)

From memory there were issues with Bitnami’s installation and I couldn’t just the automatic installation, I had to copy files.


#12

Well, it should work for now if you stop Apache before performing the renewal and then restart it afterward. If that works, we can then set it so that this happens automatically in the future.


#13

I think ti worked? It ran without any errors and I got a response

new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/grants.nif.org.au/fullchain.pem

But I looked at the certificate and it says

Expires: Friday, 16 March 2018 at 9:05:41 am Australian Eastern Daylight Time

Is that to be expected?


#14

Hello guys, got the same issues, probably 2 versions of certbot.

Attempting to parse the version 0.14.0 renewal configuration file │
│ found at /etc/letsencrypt/renewal/nabil.photo.conf with version │
│ 0.8.1 of Certbot. This might not work.

How can I clean this to just have the last version ?

And how to erase a cert for an abandoned domain ? Revoke ?

Thanks a lot 4 your Help :slight_smile:


#15

No, that’s not expected - if everything was working correctly, it should start using the new certificate right away.

If you copied the files originally, your Apache configuration might still be pointing at the old copies. Search the relevant Apache config file for SSLCertificateFile and SSLCertificateKeyFile - they should be pointed at the symbolic links /etc/letsencrypt/live/grants.nif.org.au/fullchain.pem and /etc/letsencrypt/live/grants.nif.org.au/privkey.pem respectively. If they’re not, you should fix them and restart Apache.

(Those links get updated when the cert is renewed; if you copied the files instead, you would have to copy them again after each renewal)

(EDIT: I assumed when you said you “looked at the certificate” you mean the certificate served by your website, as opposed to the certificate file on your server, right?)


#16

Hi @kameleon1er, do you have certbot-auto installed somewhere?

There is a certbot delete command where you specify a --cert-name to indicate which one to delete (you can find it, among other things, by running certbot certificates).


#17

Brilliant @jmorahan. That worked a treat. Thanks so much. (Yes, I was looking in Chrome.)

Expires: Tuesday, 12 June 2018 at 4:20:47 pm Australian Eastern Standard Time

To automate it going forward, can I create a shell script that does this:

sudo /opt/bitnami/ctlscript.sh stop
./certbot-auto renew
sudo /opt/bitnami/ctlscript.sh start

And run it as a cron job? Every day? Week? Month?

L.


#18

You could do that, but of course it would temporarily stop your server every time the cron job runs. A better approach would be to use certbot’s hooks. For example, run something like this, once:

sudo ./certbot-auto renew --force-renewal --pre-hook "/opt/bitnami/ctlscript.sh stop" --post-hook "/opt/bitnami/ctlscript.sh start"

Then you can just run /path/to/certbot-auto renew from your cron job, as root, once or twice a day. It remembers the hooks, and they only kick in when the cert is actually due for renewal, so it’s ok to run it that frequently, which gives it a chance to recover in case of a temporary failure.


#19

Many many thanks to everyone who helped.


#20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.