I installed Certbot from source code (certbot-1.4.0, certbot-1.4.0.tar.gz).
I ran this command: certbot renew --config-dir=config --logs-dir=logs --work-dir=work
It produced this output: Attempting to renew cert ([...]) from /home/[...]/[...].cf.conf produced an unexpected error: bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],). Skipping.
Certbot's behavior differed from what I expected because: Renew failure.
The version is:
$ certbot --version
I don't understand it worked for years and now it does not work anymore, I am unable to renew my certificate, do you know why please?
At the end of Sept a root certificate for Let's Encrypt expired. There are numerous posts on this topic. As part of addressing that the certificate chain sent by Let's Encrypt for its ACME server changed. It now uses what we are call the "short chain" which terminates in a cert called ISRG Root X1. Clients, like certbot, need to be able to validate that chain.
You have a few options:
Update your CA Certificate store to include ISRG Root X1. I am not at all familiar with your os version so cannot advise specifics.
Use a different CA to issue your certificates
As to option 1, see this thread for possible ways to do that on slackware 14.1. Perhaps ask the slackware community about it. If you do find a way to install ISRG Root X1 please post back to help future readers of this forum.
If that does not work and a different CA is not viable you could, as a last resort, have certbot ignore the security checks on the cert chain from the LE server. You do this by adding --no-verify-sslto the command line. If you choose this option you should take care to validate the certificates you receive just to be sure they are legit.
I have upgraded the python-requests Python package and installed the python-certifi Python package.
Some dependencies were not satisfied so I had to upgrade and install other Python packages too.
This is the new complete list of Python packages I have installed for certbot (in bold, what has changed):
Now the problem I have is that as I have upgraded OpenSSL, a lot of my services are not working anymore on my server: DNS (bind), Web (httpd), VoIP (mumble), IRC (ircd-hybrid), ...
Indeed, these services had the old OpenSSL library as dependency and now they have to be rebuilt and linked against the new OpenSSL library.
I have to rebuild all of these programs, this will be long.
Anyway, thanks to all participants, the problem with certbot is fixed.