Automatic renew fail


#1

Hi

I have an server with centos7 and nginx web server with 3 domains. I create Let’s encrypt SSL without problem for them, and have renew all SSL one time, the next month, with and simple script :

/root/letsencrypt/letsencrypt-auto renew
/usr/sbin/nginx -t && service nginx reload

But now I always have the same error when I try to use this script :

Renewing an existing certificate
Performing the following challenges:
http-01 challenge for XXXXX.net
http-01 challenge for www.XXXXX.net
Using the webroot path /var/www for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/XXXXX.net.conf produced an unexpected error: ‘ascii’ codec can’t encode character u’\xe1’ in position 250: ordinal not in range(128). Skipping.

None of domain are IDN domain, I have do no change in python library and don’t understand the bug, Can you help me?

Thanks a lot!


#2

This is the key part. There is an invalid character in that file. can you check the file ? alternatively can you paste the full file in pastebin.com or somewhere so we can review it ?


#3

if you refer to /etc/letsencrypt/renewal/XXXXX.net.conf file, the contain is this one (Sorry, I prefer hidden real domai name by XXXXX, but no special char in it)

renew_before_expiry = 30 days

version = 0.9.3
cert = /etc/letsencrypt/live/XXXXX.net/cert.pem
privkey = /etc/letsencrypt/live/XXXXX.net/privkey.pem
chain = /etc/letsencrypt/live/XXXXX.net/chain.pem
fullchain = /etc/letsencrypt/live/XXXXX.net/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = webroot
installer = nginx
account = 7ef54115e4f79a2b8780ecca13b9efa4
server = https://acme-v01.api.letsencrypt.org/directory
webroot_path = /var/www,
[[webroot_map]]
XXXXX.net = /var/www
www.XXXXX.net = /var/www


#4

The problem is, as soon as you edit it - then the special char will probably get removed. hence asking for you to paste the complete file. I suggested pastebin, as that can be pasted for a limited amount of time, and then removed ( say 15 mins )


#5

Ohhh, I have found the problem… None of the vhosts have the “.well-known/acme-challenge” correct config, so they will return to 404 page that give the ascii error!
Putting the correct config ( location ~ /.well-known/acme-challenge { root /var/www; } in our case ) all work!

Thanks a lot serveco, with your answer I discover the problem!


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.