Attempting to renew cert produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Unable to process challenge, authorization is not pending. Skipping

Help
1

Hi! Anyy help would be appreciated...

certbot renew --dry-run works but certbot renew gives error..

My domain is: sridhar.bid

I ran this command (1):
certbot renew

It produced this output (1):

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/sridhar.bid.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sridhar.bid
http-01 challenge for www.sridhar.bid
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (sridhar.bid) from /etc/letsencrypt/renewal/sridhar.bid.conf produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Unable to process challenge, authorization is not pending. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/sridhar.bid/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/sridhar.bid/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

** Excert from log file **

2021-11-04 11:52:55,680:DEBUG:acme.client:Sending POST request to https://api.buypass.com/acme-v02/authz/E8kVj3W0bLpsB1I1UNUoabwCy0QHhoRUSe36S0twUg8/1:
{
"signature": "xxxx",
"protected": "xxxx",
"payload": "xxxx"
}
2021-11-04 11:52:56,343:DEBUG:requests.packages.urllib3.connectionpool:https://api.buypass.com:443 "POST /acme-v02/authz/E8kVj3W0bLpsB1I1UNUoabwCy0QHhoRUSe36S0twUg8/1 HTTP/1.1" 400 194
2021-11-04 11:52:56,344:DEBUG:acme.client:Received response:
HTTP 400

My web server is (include version): Apache 2.4.25

The operating system my web server runs on is (include version): Debian Linux 9

My hosting provider, if applicable, is: hostinger.com

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.28.0

2

Hi @sridharei and welcome to the LE community forum :slight_smile:

I don't don't think the --dry-run might be using the test system for BuyPass.com.
Although one might think that should not make any difference... it might.
Please show the log entries where the --dry-run worked.
And also the the renewal config file:
/etc/letsencrypt/renewal/sridhar.bid.conf

2 Likes
3

Thank you, Rudy!

The log entries where the dry-run worked are 766 lines.. (I've copied the first 100 and last 300 odd lines - please tell me if I should copy them all)

2021-11-04 11:17:35,174:DEBUG:certbot.main:certbot version: 0.28.0
2021-11-04 11:17:35,175:DEBUG:certbot.main:Arguments: ['--dry-run']
2021-11-04 11:17:35,176:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-11-04 11:17:35,186:DEBUG:certbot.log:Root logging level set at 20
2021-11-04 11:17:35,186:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-11-04 11:17:35,195:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f4fdbea63c8> and installer <certbot.cli._Default object at 0x7f4fdbea63c8>
2021-11-04 11:17:35,195:DEBUG:certbot.cli:Var dry_run=True (set by user).
2021-11-04 11:17:35,195:DEBUG:certbot.cli:Var server={'staging', 'dry_run'} (set by user).
2021-11-04 11:17:35,195:DEBUG:certbot.cli:Var dry_run=True (set by user).
2021-11-04 11:17:35,195:DEBUG:certbot.cli:Var server={'staging', 'dry_run'} (set by user).
2021-11-04 11:17:35,195:DEBUG:certbot.cli:Var account={'server'} (set by user).
2021-11-04 11:17:35,203:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-11-10 22:59:00 UTC.
2021-11-04 11:17:35,203:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-11-04 11:17:35,204:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2021-11-04 11:17:35,204:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f4fdbea6c88>
Prep: True
2021-11-04 11:17:35,205:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f4fdbea6c88> and installer None
2021-11-04 11:17:35,205:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-11-04 11:17:35,299:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2021-11-04 11:17:35,309:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
2021-11-04 11:17:36,271:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 822
2021-11-04 11:17:36,273:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 Nov 2021 05:47:36 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "Aojoyq1R8Fs": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-aaron-ari/renewalInfo/",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-11-04 11:17:36,273:DEBUG:acme.client:Requesting fresh nonce
2021-11-04 11:17:36,274:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2021-11-04 11:17:36,465:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-11-04 11:17:36,465:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 Nov 2021 05:47:36 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001JGjKKN0L3HrxicSJoIY_0REmamPkYrxNQjnVXa1Skkg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-11-04 11:17:36,466:DEBUG:acme.client:Storing nonce: 0001JGjKKN0L3HrxicSJoIY_0REmamPkYrxNQjnVXa1Skkg
2021-11-04 11:17:36,466:DEBUG:acme.client:JWS payload:
b'{\n  "termsOfServiceAgreed": true,\n  "resource": "new-reg"\n}'
2021-11-04 11:17:36,471:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-acct:
{
  "payload": "ewogICJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWUsCiAgInJlc291cmNlIjogIm5ldy1yZWciCn0",
  "signature": "dLhskBQeDCtebRXqti-4xiEUJGAsJjFF0dYfcF0C_qAo_8Erbg7oa8ynFF5u3M_shBhpyRiNaMdjvU-HwTaz49cs9kgWbhRt4OlGjMhLOr79wtELFo6lSm3iFkL3ILOde3wCIGBJGad1_raBJri2QjOHJ6nxIz1XYnKwgn8ocY46eVpV5l-aiXobcYhwXAgS7rDQM_o2SXPE4dhVb1ottQvd1fJUPtEKSqheuVrNxQLVnPSuGJMwlFgWk3n27iUOh7uYJ95k_r59aSffS-wXv7ke4UQ7xiKAeX90q1Zy5LNxfhCseyTrRCGnQjkQ0miQ8XBtp20ePWDO783VRe6Gzg",
  "protected": "eyJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAid3FtNnRHcWhVd0J5V2JEdFppbzNmYnE3dXU3WkpQZktReGh3NXdON0ZaX2p4R1RTa2Yzb09LdlZNSWk0bDdhZDlLdW1RS1VkZVZTRFhUeDhJVXBVcHNrVmg3cEZZOTRpTkRxaEJZZ2tqUmhMWmYxZTNmRDd2TncyQjBhYjkzQUNJWl9OQ09MMUU4RTFlTjN2YkpUSFVXNTFYN0FySVNXSlpEYmJIRUdJVVBRS1N2UTdtNkJjd21BaEJrYUtwNnZmVkhqeEJ0UE0yNlcxVEJxSVdXSG5Ka3VTYTRkaThLMy0zOF8zVUpPa0RZUXc4XzVMLXhfWkRjR1FzNVotTlhaUXBUcFI3eXBxdUFrSWZwcVBQWjgwdjV3U3hUblhJemtlX3RUeERnb0NKQkVwTFZ1a0JMVGlSTVRiblN5Y3FyT2VkaUV1ZG9Ib0g1MGZmeGN1a1VtdmlRIn0sICJhbGciOiAiUlMyNTYiLCAibm9uY2UiOiAiMDAwMUpHaktLTjBMM0hyeGljU0pvSVlfMFJFbWFtUGtZcnhOUWpuVlhhMVNra2ciLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LWFjY3QifQ"
}
2021-11-04 11:17:37,492:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 529
2021-11-04 11:17:37,493:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 04 Nov 2021 05:47:37 GMT
Content-Type: application/json
Content-Length: 529
Connection: keep-alive
Boulder-Requester: 32458958
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/acct/32458958
Replay-Nonce: 00011AbzckyO_G3ymRjcEav8E-o47b5lWrp12T0gSFeNX5g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "key": {
    "kty": "RSA",
    "n": "wqm6tGqhUwByWbDtZio3fbq7uu7ZJPfKQxhw5wN7FZ_jxGTSkf3oOKvVMIi4l7ad9KumQKUdeVSDXTx8IUpUpskVh7pFY94iNDqhBYgkjRhLZf1e3fD7vNw2B0ab93ACIZ_NCOL1E8E1eN3vbJTHUW51X7ArISWJZDbbHEGIUPQKSvQ7m6BcwmAhBkaKp6vfVHjxBtPM26W1TBqIWWHnJkuSa4di8K3-38_3UJOkDYQw8_5L-x_ZDcGQs5Z-NXZQpTpR7ypquAkIfpqPPZ80v5wSxTnXIzke_tTxDgoCJBEpLVukBLTiRMTbnSycqrOediEudoHoH50ffxcukUmviQ",
    "e": "AQAB"
  },
  "initialIp": "2a02:4780:3:3:e99e:7d03:cf14:d0b3",
  "createdAt": "2021-11-04T05:47:37.398980086Z",
  "status": "valid"
}
2021-11-04 11:17:37,493:DEBUG:acme.client:Storing nonce: 00011AbzckyO_G3ymRjcEav8E-o47b5lWrp12T0gSFeNX5g
2021-11-04 11:17:37,496:DEBUG:certbot.reporter:Reporting to user: Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
.
.
.
2021-11-04 11:17:45,728:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/853819408:
{
  "payload": "",
  "signature": "hrEYzDR4NI4KEcTe32lNypC7wjIzT2QXyiuwWaiFo0MGJplNSziy2KMqs5gqUiXn1CYhQ5qiKOmMJWNpyST-MLI-3BVUA3nr5ZaKllpdsk4bIxGIjxl68ZpF5ZQfBLGBGu9lbnoC-3bToRhOj_qemChw83vFy0eqipgfARGAFO4jo0lI5gLYflIe7LfA7FLVdqnGnxZd8pc_LJxDqMtmgKN8LcN8Qcpa1DjTwkmq2hEnfTsuoT-ODzB07ks_cLuUUaw0iwPnXEdSKe02bDgijVGyP6gMWtk06Epk-P75Sk_2qz-c2i-YUpD3WUlRp9t2I2kwevjzUbkdUP0oqqGbsw",
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8zMjQ1ODk1OCIsICJub25jZSI6ICIwMDAyX2JDQVpDTWctbm5rTU5Ga0RLRVBkRG1XTHpxQW5GMEMzanBkeDZNNEo5SSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My84NTM4MTk0MDgifQ"
}
2021-11-04 11:17:45,922:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/853819408 HTTP/1.1" 200 1082
2021-11-04 11:17:45,922:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 Nov 2021 05:47:45 GMT
Content-Type: application/json
Content-Length: 1082
Connection: keep-alive
Boulder-Requester: 32458958
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001sZzXUJTfgb6DDJTM8-jSdCfv9m6jDXL82wVJjW6EYrg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.sridhar.bid"
  },
  "status": "valid",
  "expires": "2021-12-04T05:47:42Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/853819408/iVJDRw",
      "token": "EG8QtxwmaJCQI36qtQgCNIpJstDayK3uRIXk2hmNhy4",
      "validationRecord": [
        {
          "url": "http://www.sridhar.bid/.well-known/acme-challenge/EG8QtxwmaJCQI36qtQgCNIpJstDayK3uRIXk2hmNhy4",
          "hostname": "www.sridhar.bid",
          "port": "80",
          "addressesResolved": [
            "194.59.165.89"
          ],
          "addressUsed": "194.59.165.89"
        },
        {
          "url": "https://www.sridhar.bid/.well-known/acme-challenge/EG8QtxwmaJCQI36qtQgCNIpJstDayK3uRIXk2hmNhy4",
          "hostname": "www.sridhar.bid",
          "port": "443",
          "addressesResolved": [
            "194.59.165.89"
          ],
          "addressUsed": "194.59.165.89"
        }
      ],
      "validated": "2021-11-04T05:47:38Z"
    }
  ]
}
2021-11-04 11:17:45,923:DEBUG:acme.client:Storing nonce: 0001sZzXUJTfgb6DDJTM8-jSdCfv9m6jDXL82wVJjW6EYrg
2021-11-04 11:17:45,923:DEBUG:certbot.error_handler:Calling registered functions
2021-11-04 11:17:45,923:INFO:certbot.auth_handler:Cleaning up challenges
2021-11-04 11:17:45,924:DEBUG:certbot.plugins.webroot:Removing /home/sridhar/public_html/.well-known/acme-challenge/4zbT2-PtuujyDSKtB0pLmZ4b_wueMV_CTorYxIH28q4
2021-11-04 11:17:45,924:DEBUG:certbot.plugins.webroot:Removing /home/sridhar/public_html/.well-known/acme-challenge/EG8QtxwmaJCQI36qtQgCNIpJstDayK3uRIXk2hmNhy4
2021-11-04 11:17:45,924:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2021-11-04 11:17:45,925:DEBUG:certbot.client:CSR: CSR(file=None, data=b'-----BEGIN CERTIFICATE REQUEST-----\nMIICfzCCAWcCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOzX\n6T/kZDTWhVzjCgUbLaA51Kdu9ese7ORWfDfq8EpTlJFYaoblGKLdWiBzXojuYkV8\nFq/qY0mAbIS8rTTspNMz7LBx7u5aDikkxYOzVDLey4oQSGCdR5zha0KJHOnJKhCW\nUCY/Ii7UdrR2glzs1qPbGNYNVbyg8EoeF/RYMXD6L5y6WXP/p2juZ56I454Li4B/\n9epIv/PNZxa69UM5pDI1c6cu7c47k2ZhIfQMmfdL6Jv2IMaYu5vuH3MxI8AP67XH\nBWr+boeDgS+CQWquRgKDuPXg6Gx+3kqchjvgB7qeWXtTu9wA3BT49mrcgquLMHpj\n4kJnRB/geo4infYvF68CAwEAAaA6MDgGCSqGSIb3DQEJDjErMCkwJwYDVR0RBCAw\nHoILc3JpZGhhci5iaWSCD3d3dy5zcmlkaGFyLmJpZDANBgkqhkiG9w0BAQsFAAOC\nAQEAFL/LA/AIa4ncHdkLcwp7y4vzNMzy/KQqNMIHMzOOAzSVEmlPD8cijWyzOOJk\nt8gm16L9/+viavlunglnrEOpLF34sOpCo9osA/nY/W8Hy2I2f+shjogystG26xe4\nhHYTBorLlnUifFkYE9GQefqRv5EyHBkZc+zaBt79h55cTHP4qFkONajqazpBmSme\nRi4FIMzKkynW+1O51CPTU4qFvIHsvzU7jjpPt5CfR0kOKkhta0FRJOI8iW4+oyeB\nYt9vGXqNZe6O3qO0QPhA0lX+aA0EDT7wB/dts7GyW3inUGywJOiEqx57UAN4FLI8\n3OVp1jbMYiN7RgzOBztIX4wKgw==\n-----END CERTIFICATE REQUEST-----\n', form='pem')
2021-11-04 11:17:45,926:DEBUG:acme.client:JWS payload:
b'{\n  "csr": "xxxx",\n  "resource": "new-cert"\n}'
2021-11-04 11:17:45,928:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/finalize/32458958/928134508:
{
  "payload": "xxxx",
  "signature": "xxxx",
  "protected": "xxxx"
}
2021-11-04 11:17:46,823:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/finalize/32458958/928134508 HTTP/1.1" 200 598
2021-11-04 11:17:46,824:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 Nov 2021 05:47:46 GMT
Content-Type: application/json
Content-Length: 598
Connection: keep-alive
Boulder-Requester: 32458958
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/32458958/928134508
Replay-Nonce: 00026B8fXr7kk38KTwvy8qETio7aB4VRzZxHqstJyC1_8JY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "valid",
  "expires": "2021-11-11T05:47:37Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "sridhar.bid"
    },
    {
      "type": "dns",
      "value": "www.sridhar.bid"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/853819398",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/853819408"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/32458958/928134508",
  "certificate": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/fab2b7638259f87f22a778cee6542f6475aa"
}
2021-11-04 11:17:46,824:DEBUG:acme.client:Storing nonce: 00026B8fXr7kk38KTwvy8qETio7aB4VRzZxHqstJyC1_8JY
2021-11-04 11:17:47,825:DEBUG:acme.client:JWS payload:
b''
2021-11-04 11:17:47,827:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/order/32458958/928134508:
{
  "payload": "",
  "signature": "jZJSRXFFse1T97rQY8Pl0799_JJ2b5s2DWlnkeThSpabNNdGVzIMYgeSKEtTfNsijKKoP-Z5zbNSvJddt9PQqAC8zsNhCXYDXjYvp0ClSU2VQRtvKoeJPdV-Sz1DO_A73jCRrZ6FbRuxgHy1MrGv7YTBUFHFZD_uee8oopkHgkX_v3YS0iQ7aRRMBm_zQliVT6_9VsFxXIB1D9zXzjS_7qxgWHVeKEHVA96AO2jxFRDQKyXS9-YvmEJ5qNOF5i9-QG--HnbYgSj9vJuq4yeT3r3vNzvKpvNaDO3HYQjlH1orZCprZkuRSSgTb32dH8v1iIykCJhuYzFOUsZYtN8ggA",
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8zMjQ1ODk1OCIsICJub25jZSI6ICIwMDAyNkI4ZlhyN2trMzhLVHd2eThxRVRpbzdhQjRWUnpaeEhxc3RKeUMxXzhKWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9vcmRlci8zMjQ1ODk1OC85MjgxMzQ1MDgifQ"
}
2021-11-04 11:17:48,022:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/order/32458958/928134508 HTTP/1.1" 200 598
2021-11-04 11:17:48,023:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 Nov 2021 05:47:47 GMT
Content-Type: application/json
Content-Length: 598
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001DuNE-m-lqEzXSkHm7tGqd6Acbzg2GDhVWilk3zFgGtE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "valid",
  "expires": "2021-11-11T05:47:37Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "sridhar.bid"
    },
    {
      "type": "dns",
      "value": "www.sridhar.bid"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/853819398",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/853819408"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/32458958/928134508",
  "certificate": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/fab2b7638259f87f22a778cee6542f6475aa"
}
2021-11-04 11:17:48,023:DEBUG:acme.client:Storing nonce: 0001DuNE-m-lqEzXSkHm7tGqd6Acbzg2GDhVWilk3zFgGtE
2021-11-04 11:17:48,024:DEBUG:acme.client:JWS payload:
b''
2021-11-04 11:17:48,026:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/cert/fab2b7638259f87f22a778cee6542f6475aa:
{
  "payload": "",
  "signature": "xxx",
  "protected": "xxx"
}
2021-11-04 11:17:48,220:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/cert/fab2b7638259f87f22a778cee6542f6475aa HTTP/1.1" 200 5747
2021-11-04 11:17:48,221:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 Nov 2021 05:47:48 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 5747
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/cert/fab2b7638259f87f22a778cee6542f6475aa/1>;rel="alternate"
Replay-Nonce: 0002PNgY9YcS43ZzrkAcCCeyEzG39Ibu9VZAFB0hrbVBJI0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----

2021-11-04 11:17:48,221:DEBUG:acme.client:Storing nonce: 0002PNgY9YcS43ZzrkAcCCeyEzG39Ibu9VZAFB0hrbVBJI0
2021-11-04 11:17:48,249:DEBUG:certbot.renewal:Dry run: skipping updating lineage at /etc/letsencrypt/live/sridhar.bid
2021-11-04 11:17:48,252:DEBUG:certbot.updater:Skipping updaters in dry-run mode.
2021-11-04 11:17:48,253:DEBUG:certbot.renewal:no renewal failures

**************************
/etc/letsencrypt/renewal/sridhar.bid.conf
**************************
# renew_before_expiry = 30 days
version = 0.28.0
archive_dir = /etc/letsencrypt/archive/sridhar.bid
cert = /etc/letsencrypt/live/sridhar.bid/cert.pem
privkey = /etc/letsencrypt/live/sridhar.bid/privkey.pem
chain = /etc/letsencrypt/live/sridhar.bid/chain.pem
fullchain = /etc/letsencrypt/live/sridhar.bid/fullchain.pem

# Options used in the renewal process
[renewalparams]
webroot_path = /home/sridhar/public_html,
authenticator = webroot
account = 9647649ea56f981d345f9bb31316cf87
server = https://api.buypass.com/acme/directory
[[webroot_map]]
www.sridhar.bid = /home/sridhar/public_html
sridhar.bid = /home/sridhar/public_html
**************************

Hope these help!

Sridhar

1 Like
4

As I expected, using --dry-run goes against the LE staging environment.
So you are not comparing apples to apples.
I don't know if BuyPass.com has a staging environment, nor how you could set certbot to test to it.
So, here, we should focus on your actual real problem: You can't obtain a cert from BuyPass.com.
I think we should first validate the LE logs with respect to that, then (if needed) seek assistance from the BuyPass.com support channels.

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.