I ran this command:
certbot certonly --text --webroot --webroot-path /var/lib/haproxy -d garage.[x].be --agree-tos --email [companymailaddress]

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for garage.[x].be
An unexpected error occurred:
AttributeError: can't set attribute
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

If I do a --dry-run it returns "The dry run was successful."

2024-02-26 08:51:27,294:DEBUG:certbot._internal.main:certbot version: 2.1.0
2024-02-26 08:51:27,295:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2024-02-26 08:51:27,295:DEBUG:certbot._internal.main:Arguments: ['--text', '--webroot', '--webroot-path', '/var/lib/haproxy', '-d', 'garage.coeck.be', '--agree-tos', '--email', 'it.support@coeck.be', '-v']
2024-02-26 08:51:27,295:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-02-26 08:51:27,303:DEBUG:certbot._internal.log:Root logging level set at 20
2024-02-26 08:51:27,304:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2024-02-26 08:51:27,305:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f0b6954b410>
Prep: True
2024-02-26 08:51:27,305:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f0b6954b410> and installer None
2024-02-26 08:51:27,305:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2024-02-26 08:51:27,356:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/807147117', new_authzr_uri=None, terms_of_service=None), 3dc0892312151bab3275191ae8067ce3, Meta(creation_dt=datetime.datetime(2022, 11, 3, 13, 12, 10, tzinfo=<UTC>), creation_host='nie-cl02-srv17', register_to_eff=None))>
2024-02-26 08:51:27,357:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-02-26 08:51:27,358:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-02-26 08:51:27,870:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2024-02-26 08:51:27,870:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 26 Feb 2024 08:51:28 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "R_BEkbCUaVw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-02-26 08:51:27,880:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for garage.coeck.be
2024-02-26 08:51:27,891:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0886_key-certbot.pem
2024-02-26 08:51:27,902:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0886_csr-certbot.pem
2024-02-26 08:51:27,903:DEBUG:acme.client:Requesting fresh nonce
2024-02-26 08:51:27,903:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-02-26 08:51:28,058:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-02-26 08:51:28,059:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 26 Feb 2024 08:51:28 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: pC4d3G7NfC1jqR8NgVX8uQCNzWb6XVEXmT9wgbNSNXCStFEvPiY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2024-02-26 08:51:28,059:DEBUG:acme.client:Storing nonce: pC4d3G7NfC1jqR8NgVX8uQCNzWb6XVEXmT9wgbNSNXCStFEvPiY
2024-02-26 08:51:28,059:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "garage.coeck.be"\n    }\n  ]\n}'
2024-02-26 08:51:28,062:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODA3MTQ3MTE3IiwgIm5vbmNlIjogInBDNGQzRzdOZkMxanFSOE5nVlg4dVFDTnpXYjZYVkVYbVQ5d2diTlNOWENTdEZFdlBpWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "OjzJmPdFHoGCbZYAIdzgEL6EosnYV-ORui4R_eO03Btq7egSeh-JEdrm64qZEvSL7iBG3JVI1WycdTB5-0EOgWohWiBigOVakwdJBr6y8UG3r2pvtAeAcfC3oyoWUUDRuzqw93i9XZBMjpvlc5xD43uBHhMyNeAufkySijOev6WjEhZ0elUGNefw8zzGMAdcnwAEMEAXZQoq6ZpbJfrw_5WY81GNjQpvIkI7-ywvBqPkFN74tQOhAz-uMN0wDmhd_C8MT_sX7lfoReaAmxjaoQR9wJCN1-zgGDyA5xVtx_TQ7iHqKbVS_pVsmpjynbPt1zLlOE51wnTt32fHpaThGw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImdhcmFnZS5jb2Vjay5iZSIKICAgIH0KICBdCn0"
}
2024-02-26 08:51:28,335:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 213
2024-02-26 08:51:28,336:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Mon, 26 Feb 2024 08:51:28 GMT
Content-Type: application/problem+json
Content-Length: 213
Connection: keep-alive
Boulder-Requester: 807147117
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: pC4d3G7NaggFxsPc1GqBqqSHr0HhFTStT7Vr2ZDMVzdnCFBd9PA

{
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/",
  "status": 429
}
2024-02-26 08:51:28,336:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/lib/python3.11/contextlib.py", line 155, in __exit__
    self.gen.throw(typ, value, traceback)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1683, in make_displayer
    yield displayer
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1736, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1590, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 138, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 516, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 478, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 138, in new_order
    response = self._post(self.directory['newOrder'], order)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 338, in _post
    return self.net.post(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 711, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 724, in _post_once
    response = self._check_response(response, content_type=content_type)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 575, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.1.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1733, in main
    with make_displayer(config) as displayer:
  File "/usr/lib/python3.11/contextlib.py", line 188, in __exit__
    exc.__traceback__ = traceback
    ^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/josepy/util.py", line 191, in __setattr__
    raise AttributeError("can't set attribute")
AttributeError: can't set attribute
2024-02-26 08:51:28,339:ERROR:certbot._internal.log:An unexpected error occurred:
2024-02-26 08:51:28,340:ERROR:certbot._internal.log:AttributeError: can't set attribute

This is a new domain on our haproxy.
If we renew an old certificate then it works fine but it's only for a new one
please advise

Issue solved by running it manually once

Hi @Vincentvdm, and welcome to the LE community forum

Not sure where you got that command.
But that's was not a valid parameter.

That said, I'm glad you were able to adapt and obtain a cert none-the-less

A+

Please update your Certbot to the newest version, at least 2.3.0 or newer. In 2.3.0 the attribute error was fixed.

It actually is. It's just suppressed from regular --help output.

hmm...
Why can't I find --text in the user guide?
User Guide — Certbot 2.10.0.dev0 documentation (eff-certbot.readthedocs.io)

Because that output is based on certbot --help all and the option is suppressed from that. Probably because it isn't necessary any longer and should probably be deprecated and removed. (It was useful in the time Certbot still had its (n)curses interface.) But I'm guessing it's not really that important, as it doesn't actually do anything and removing it could break old commands.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.