"'Authenticator' object has no attribute 'restart'" Error while trying to renew certificate

Timos · April 6, 2023, 12:22pm

DETAILS:

Certificate Generation Detail:
Used Certbot Standalone Mode to Retrieve Certificates.

Web server:
NGINX 1.7.0

Nodejs 9.11.1

Certbot Version:
2.5.0

I ran this command:
sudo certbot renew --noninteractive --force-renew

It produced this output:
Failed to renew certificate mydomain.com with error: 'Authenticator' object has no attribute 'restart'

The operating system my web server runs on is (include version):
NAME="Amazon Linux AMI"
VERSION="2018.03"
ID_LIKE="rhel fedora"
VERSION_ID="2018.03"
PRETTY_NAME="Amazon Linux AMI 2018.03"

I can login to a root shell on my machine:
Yes

Error Log in letsencrypt.log
File "/usr/mysafevirtualenv/lib/python3.8/dist-packages/certbot/_internal/renewal.py", line 559, in handle_renewal_request
raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2023-04-06 11:36:19,680:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)

How do I solve this issue?

_az · April 6, 2023, 12:27pm

Could you please post the contents of /etc/letsencrypt/renewal/mydomain.com.conf?

Timos · April 6, 2023, 12:32pm

Thank you for your prompt reply.
contents of /etc/letsencrypt/renewal/mydomain.com.conf

# renew_before_expiry = 30 days
version = 2.5.0
archive_dir = /etc/letsencrypt/archive/mydomain.com
cert = /etc/letsencrypt/live/mydomain.com/cert.pem
privkey = /etc/letsencrypt/live/mydomain.com/privkey.pem
chain = /etc/letsencrypt/live/mydomain.com/chain.pem
fullchain = /etc/letsencrypt/live/mydomain.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = 7a43d9366178b2357de3d3bf85665719
pref_challs = http-01,
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = standalone
key_type = ecdsa
pre_hook = sudo service nginx stop
post_hook = sudo service nginx start

Osiris · April 6, 2023, 12:32pm

Do you really require this option? Note that this option doesn't force Certbot to ignore errors or something like that.

And could you please post the entire letsencrypt.log contents?

_az · April 6, 2023, 12:37pm

Yeah I don't understand how this crash is possible. Please post the contents of /etc/letsencrypt/cli.ini as well please!

Timos · April 6, 2023, 12:41pm

I used the command "--force-renew" to Forcefully renew the certificate.

Timos · April 6, 2023, 12:42pm

Is there any other command to achieve this?

Osiris · April 6, 2023, 12:48pm

As said, there's nothing to force if Certbot errors out. If you tried to use --force-renewal to let Certbot ignore erros, then please educate yourself about the meaning of the option by reading the Certbot documentation, as this is incorrect usage of a fairly 'dangerous' option (with regard to rate limits).

Please post the log and cli.ini, then we maybe can look further.

Timos · April 6, 2023, 12:49pm

Can't find cli.ini at that location!

Timos · April 6, 2023, 12:55pm

Can't find cli.ini at /etc/letsencrypt/

Timos · April 6, 2023, 1:00pm

Is there a way to force renew all certificates regardless of whether they are due for renewal or not? Thanks

rg305 · April 6, 2023, 1:24pm

They would renew if they could.
But they can't due to some error(s).
Trying to force a renewal through those error(s) won't work.
The error(s) must be corrected first.

Timos · April 6, 2023, 1:31pm

I could not find any cli.ini at /etc/letsencrypt/ hence I created one myself by adding following configuration options to it:

email = my-email@example.com
server = https://acme-v02.api.letsencrypt.org/directory

Timos · April 6, 2023, 1:34pm

I could not find any cli.ini at /etc/letsencrypt/, hence I created one myself by adding following configuration options to it:

email = my-email@example.com
server = https://acme-v02.api.letsencrypt.org/directory

Timos · April 6, 2023, 1:46pm

I get following response "Certificate not yet due for renewal" when trying to create certificate without "--force-renew" option. I basically wanted to test the renew for myself. Any help would be appreciated.

Timos · April 6, 2023, 1:49pm

I get following response "Certificate not yet due for renewal" when trying to create certificate without

--force-renew

option. I basically wanted to test the renew for myself. Any help would be appreciated.

rg305 · April 6, 2023, 1:51pm

Why would you need to renew a cert that is not expired?
To "test" anything use the test environment.
--staging
--dry-run

Timos · April 6, 2023, 2:09pm

So that It does not fail in cron Task when I automate it for next renewal.
Thank you for your reply BTW!
I hope using test environment would guarantee successful renewal of the certificate in future. Thanks again!

Timos · April 6, 2023, 2:26pm

I've one more question for you. I could not find any cli.ini at /etc/letsencrypt/, hence I created one myself by adding following configuration options to it:

email = my-email@example.com
server = https://acme-v02.api.letsencrypt.org/directory

Would this be enough? Or have I missed something that I should have added?
Your reply would be greatly appreciated.
Thanks in Advance.

MikeMcQ · April 6, 2023, 2:35pm

use to test that

certbot renew --dry-run