Attempting to renew cert unexpected error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: theracloudwifi1.com

I ran this command: sudo certbot renew --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.theracloudwifi1.com.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Attempting to renew cert (www.theracloudwifi1.com) from /etc/letsencrypt/renewal/www.theracloudwifi1.com.conf produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.theracloudwifi1.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.theracloudwifi1.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)

My web server is (include version): Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-87-generic x86_64)

The operating system my web server runs on is (include version):
Apache/2.4.18
My hosting provider, if applicable, is:

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.23.0

/var/log/letsencrypt/letsencrypt.log:
2020-04-16 16:05:36,267:DEBUG:certbot.main:certbot version: 0.23.0

2020-04-16 16:05:36,267:DEBUG:certbot.main:Arguments: [’–dry-run’]

2020-04-16 16:05:36,267:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#ma$

2020-04-16 16:05:36,272:DEBUG:certbot.log:Root logging level set at 20

2020-04-16 16:05:36,272:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log

2020-04-16 16:05:36,278:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7f85fe94$

2020-04-16 16:05:36,278:DEBUG:certbot.cli:Var dry_run=True (set by user).

2020-04-16 16:05:36,278:DEBUG:certbot.cli:Var server=set([‘staging’, ‘dry_run’]) (set by user).

2020-04-16 16:05:36,278:DEBUG:certbot.cli:Var account=set([‘server’]) (set by user).

2020-04-16 16:05:36,281:DEBUG:parsedatetime:parse (top of loop): [30 days]

2020-04-16 16:05:36,284:DEBUG:parsedatetime:CRE_UNITS matched

2020-04-16 16:05:36,284:DEBUG:parsedatetime:parse (bottom) [30 days]

2020-04-16 16:05:36,284:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridi$

2020-04-16 16:05:36,284:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False

2020-04-16 16:05:36,284:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2020, tm_mon=4, tm_mday=16, tm_h$

2020-04-16 16:05:36,284:DEBUG:parsedatetime:_buildTime: [30 ][days]

2020-04-16 16:05:36,284:DEBUG:parsedatetime:units days --> realunit days

2020-04-16 16:05:36,284:DEBUG:parsedatetime:return

2020-04-16 16:05:36,284:INFO:certbot.renewal:Cert not due for renewal, but simulating renewal for dry run

2020-04-16 16:05:36,284:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache

2020-04-16 16:05:36,343:DEBUG:certbot_apache.configurator:Apache version is 2.4.18

2020-04-16 16:05:36,577:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache

Description: Apache Web Server plugin - Beta

Interfaces: IAuthenticator, IInstaller, IPlugin

Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT

Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f85fe952e10>

Prep: True

2020-04-16 16:05:36,578:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache

Description: Apache Web Server plugin - Beta

Interfaces: IAuthenticator, IInstaller, IPlugin

Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT

Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f85fe952e10>

Prep: True
2020-04-16 16:05:36,578:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfi$

2020-04-16 16:05:36,578:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache

2020-04-16 16:05:36,589:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=u’valid’$

2020-04-16 16:05:36,590:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.

2020-04-16 16:05:36,593:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.$

2020-04-16 16:05:37,791:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 724

2020-04-16 16:05:37,792:DEBUG:acme.client:Received response:

HTTP 200

Content-Length: 724

Strict-Transport-Security: max-age=604800

Server: nginx

Connection: keep-alive

Cache-Control: public, max-age=0, no-cache

Date: Thu, 16 Apr 2020 06:05:37 GMT

X-Frame-Options: DENY

Content-Type: application/json
{
“RVKtRrk1yss”: “Adding random entries to the directory”,
“keyChange”: “https://acme-staging-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org/docs/staging-environment/
},
“newAccount”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
}
2020-04-16 16:05:37,792:INFO:certbot.main:Renewing an existing certificate
2020-04-16 16:05:37,908:DEBUG:acme.client:Requesting fresh nonce
2020-04-16 16:05:37,908:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-or$
2020-04-16 16:05:38,161:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-order HTTP/1.1” 405 0
2020-04-16 16:05:38,162:DEBUG:acme.client:Received response:
HTTP 405
Content-Length: 103
Server: nginx
Connection: keep-alive
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Allow: POST
Cache-Control: public, max-age=0, no-cache
Date: Thu, 16 Apr 2020 06:05:37 GMT
Content-Type: application/problem+json
Replay-Nonce: 0002EdqKOXHZd1yvrafT5XiK4j1hZRvuOQUuuQtni672F_o

2020-04-16 16:05:38,162:DEBUG:acme.client:Storing nonce: 0002EdqKOXHZd1yvrafT5XiK4j1hZRvuOQUuuQtni672F_o
2020-04-16 16:05:38,163:DEBUG:acme.client:JWS payload:
{
“status”: “pending”,
“identifiers”: [
{
“type”: “dns”,
“value”: “www.theracloudwifi1.com
},
{
“type”: “dns”,
“value”: “theracloudwifi1.com
}
],
“resource”: “new-order”
}
2020-04-16 16:05:38,164:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-or$
{
“protected”: "eyJub25jZSI6ICIwMDAyRWRxS09YSFpkMXl2cmFmVDVYaUs0ajFoWlJ2dU9RVXV1UXRuaTY3MkZfbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY2$
“payload”: "ewogICJzdGF0dXMiOiAicGVuZGluZyIsIAogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2$
“signature”: "jw4xkMCAM3eBYhjPPu9pvdfwKCoHl-F3B-31EsPPk3W-KR8IVfjaRSeMPS2830UXvytqRK4W8mb66rwdYr1Ymc_Bv3491Lg50i49tcqGbz$
}
2020-04-16 16:05:38,460:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-order HTTP/1.1” 201 511

2020-04-16 16:05:38,460:DEBUG:acme.client:Received response:

HTTP 201

Content-Length: 511

Boulder-Requester: 10374635

Strict-Transport-Security: max-age=604800

Server: nginx

Connection: keep-alive

Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”

Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/10374635/85336028

Cache-Control: public, max-age=0, no-cache

Date: Thu, 16 Apr 2020 06:05:38 GMT

X-Frame-Options: DENY

Content-Type: application/json

Replay-Nonce: 0001VM55ZlWkZiQvLcEZESwfw1NSwmwPuzFFlpPrUcEPw20
{
“status”: “pending”,
“expires”: “2020-04-23T06:05:38.263261912Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “theracloudwifi1.com
},
{
“type”: “dns”,
“value”: “www.theracloudwifi1.com
}
],
“authorizations”: [
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/49575945”,
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/49575946
],
“finalize”: “https://acme-staging-v02.api.letsencrypt.org/acme/finalize/10374635/85336028
}
2020-04-16 16:05:38,460:DEBUG:acme.client:Storing nonce: 0001VM55ZlWkZiQvLcEZESwfw1NSwmwPuzFFlpPrUcEPw20
2020-04-16 16:05:38,461:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v$
2020-04-16 16:05:38,725:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz-v3/49575945 HTTP/1.1” 405 103
2020-04-16 16:05:38,726:DEBUG:acme.client:Received response:
HTTP 405
Content-Length: 103
Server: nginx
Connection: keep-alive
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Cache-Control: public, max-age=0, no-cache
Date: Thu, 16 Apr 2020 06:05:38 GMT
Content-Type: application/problem+json

{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Method not allowed”,
“status”: 405
}
2020-04-16 16:05:38,726:WARNING:certbot.renewal:Attempting to renew cert (www.theracloudwifi1.com) from /etc/letsencrypt/r$
2020-04-16 16:05:38,730:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 422, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 1102, in renew_cert
_get_and_save_cert(le_client, config, lineage=lineage)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 113, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 297, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 294, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 326, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 779, in new_order
return self.client.new_order(csr_pem)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 609, in new_order
authorizations.append(self._authzr_from_response(self.net.get(url), uri=url))
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 1041, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 943, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed

2020-04-16 16:05:38,731:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2020-04-16 16:05:38,731:ERROR:certbot.renewal: /etc/letsencrypt/live/www.theracloudwifi1.com/fullchain.pem (failure)
2020-04-16 16:05:38,732:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.23.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 1266, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 1179, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 443, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

Ask for help thanks

Follow these instructions to update your Certbot to the latest version available for Ubuntu Xenial: https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache

That will fix the “malformed” error.

1 Like

Hi @arthurj58

simple answer: Your certbot is too old. Methods had changed, so instead of a GET a POST is required.

So that error

is the result.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.