Authz valid, challenge valid, but no certificat delivered


#1

My domain is: love.rencontres-rondes.com (wildcard)

I ran this command:

/usr/local/certbot/certbot-auto --manual --manual-auth-hook ./dns_hook_auth.sh --manual-cleanup-hook ./dns_hook_cleanup.sh --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory -n --manual-public-ip-logging-ok certonly --expand --cert-name wildcard.love.rencontres-rondes.com -d *.love.rencontres-rondes.com

It produced this output:


2018-06-15 15:22:17,809:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /acme/authz/_EwN9u12w876c6xi1OL8HOdtQP4t5io3ejfeau2G-Kc HTTP/1.1” 200 540
2018-06-15 15:22:17,810:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 540
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 15 Jun 2018 13:22:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 15 Jun 2018 13:22:17 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “love.rencontres-rondes.com
},
“status”: “valid”,
“expires”: “2018-07-07T10:11:20Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “valid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/_EwN9u12w876c6xi1OL8HOdtQP4t5io3ejfeau2G-Kc/4981615209”,
“token”: “VrhGlRNfAz6kSQrjK3BlnaEhg_bJ3XfFARjI7igZDgM”,
“validationRecord”: [
{
“hostname”: “love.rencontres-rondes.com
}
]
}
],
“wildcard”: true
}
2018-06-15 15:22:17,811:INFO:certbot.auth_handler:Performing the following challenges:
2018-06-15 15:22:17,811:INFO:certbot.auth_handler:dns-01 challenge for love.rencontres-rondes.com
2018-06-15 15:47:31,476:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 126, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/plugins/manual.py”, line 157, in perform
perform_achall(achall)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/plugins/manual.py”, line 193, in _perform_achall_with_script
_, out = hooks.execute(self.conf(‘auth-hook’))
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/hooks.py”, line 245, in execute
out, err = cmd.communicate()
File “/usr/lib/python2.7/subprocess.py”, line 479, in communicate
return self._communicate(input)
File “/usr/lib/python2.7/subprocess.py”, line 1098, in _communicate
stdout, stderr = self._communicate_with_poll(input)
File “/usr/lib/python2.7/subprocess.py”, line 1152, in _communicate_with_poll
ready = poller.poll()
KeyboardInterrupt

2018-06-15 15:47:31,476:DEBUG:certbot.error_handler:Calling registered functions
2018-06-15 15:47:31,477:INFO:certbot.auth_handler:Cleaning up challenges
2018-06-15 15:47:31,477:ERROR:certbot.error_handler:Encountered exception during recovery:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/error_handler.py”, line 108, in _call_registered
self.funcs-1
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 310, in cleanup_challenges
self.auth.cleanup(achalls)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/plugins/manual.py”, line 221, in cleanup
env = self.env.pop(achall)
KeyError: KeyAuthorizationAnnotatedChallenge(challb=ChallengeBody(chall=DNS01(token='V\xb8F\x95\x13
\x03>\xa4I\n\xe3+pe\x9d\xa1!\x83\xf6\xc9\xddw\xc5\x01\x18\xc8\xee(\x19\x0e\x03’), status=Status(valid), uri=u’https://acme-v02.api.letsencrypt.org/acme/challenge/_EwN9u12w876c6xi1OL8HOdtQP4t5io3ejfeau2G-Kc/4981615209’, validated=None, _url=u’https://acme-v02.api.letsencrypt.org/acme/challenge/_EwN9u12w876c6xi1OL8HOdtQP4t5io3ejfeau2G-Kc/4981615209’, error=None), domain=u’love.rencontres-rondes.com’, account_key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey object at 0x7f43c063bbd0>)>))
2018-06-15 15:47:31,478:ERROR:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1323, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1213, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 120, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 383, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 326, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 362, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 126, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/plugins/manual.py”, line 157, in perform
perform_achall(achall)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/plugins/manual.py”, line 193, in _perform_achall_with_script
_, out = hooks.execute(self.conf(‘auth-hook’))
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/hooks.py”, line 245, in execute
out, err = cmd.communicate()
File “/usr/lib/python2.7/subprocess.py”, line 479, in communicate
return self._communicate(input)
File “/usr/lib/python2.7/subprocess.py”, line 1098, in _communicate
stdout, stderr = self._communicate_with_poll(input)
File “/usr/lib/python2.7/subprocess.py”, line 1152, in _communicate_with_poll
ready = poller.poll()
KeyboardInterrupt

My web server is (include version): N/A, powerdns server 4.0.3

The operating system my web server runs on is (include version): Debian Stretch

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Hi,

I can’t find a error message, instead I only find keyboard interrupt… Can you share us the error message, instead of keyboard interrupt?

Thank you


#3

look at timestamps, I killed it after 25min. Also tried many hours without success.


#4

The backtrace indicates that Certbot was waiting for your manual auth hook to complete executing.

Perhaps post its contents + add logging to it to see what it’s doing.


#5

Oh nice @_ak thank you !!

there was a bug with my script which did a ‘grep -qF – “$CERTBOT_VALIDATION”’
However the $CERTBOT_VALIDATION contains a token starting with a “-”, and grep complains about unknown flags :slight_smile:

Solution: grep -qF – “$CERTBOT_VALIDATION”

Thank you guys !


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.