Can´t renew cert or create a new one

Server
1

Hi,
i wanted to renew my certs for my Domains. So i updated certbot to 0.28.0. When i run “cerbot renew --dry-run”, i got the same error on all Domains:

Attempting to renew cert (xxxxxx.de) from /etc/letsencrypt/renewal/xxxxx.de.conf produced an unexpected error: ‘utf-8’ codec can’t decode byte 0xfc in position 15: invalid start byte. Skipping.

There are no Special Chars or something in my Domains. My OS is Debian 9.8 (stretch)

Then i wanted to install a new cert with “certbot --Apache” and i got the same error:

UnicodeDecodeError: ‘utf-8’ codec can’t decode byte 0xfc in position 15: invalid start Byte

Here is the logfile for renew a domain:

2019-03-19 11:48:53,860:DEBUG:certbot.renewal:Dry run: skipping updating lineage at /etc/letsencrypt/live/xxxxx.de-0001
2019-03-19 11:48:53,863:DEBUG:certbot.updater:Skipping updaters in dry-run mode.
2019-03-19 11:48:53,864:DEBUG:certbot.cli:Var dry_run=True (set by user).
2019-03-19 11:48:53,865:DEBUG:certbot.cli:Var server={‘dry_run’, ‘staging’} (set by user).
2019-03-19 11:48:53,865:DEBUG:certbot.cli:Var account={‘server’} (set by user).
2019-03-19 11:48:53,868:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2019-04-02 22:01:57 UTC.
2019-03-19 11:48:53,868:INFO:certbot.renewal:Cert is due for renewal, auto-renewing…
2019-03-19 11:48:53,868:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer apache
2019-03-19 11:48:53,941:DEBUG:certbot_apache.configurator:Apache version is 2.4.25
2019-03-19 11:48:54,345:WARNING:certbot.renewal:Attempting to renew cert (xxxxx.de) from /etc/letsencrypt/renewal/xxxxx.de.conf produced an unexpected error: ‘utf-8’ codec can’t decode byte 0xfc in position 15: invalid start byte. Skipping.
2019-03-19 11:48:54,346:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 430, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1162, in renew_cert
installer, auth = plug_sel.choose_configurator_plugins(config, plugins, “certonly”)
File “/usr/lib/python3/dist-packages/certbot/plugins/selection.py”, line 228, in choose_configurator_plugins
installer = pick_installer(config, req_inst, plugins, installer_question)
File “/usr/lib/python3/dist-packages/certbot/plugins/selection.py”, line 32, in pick_installer
config, default, plugins, question, (interfaces.IInstaller,))
File “/usr/lib/python3/dist-packages/certbot/plugins/selection.py”, line 106, in pick_plugin
verified.prepare()
File “/usr/lib/python3/dist-packages/certbot/plugins/disco.py”, line 251, in prepare
return [plugin_ep.prepare() for plugin_ep in six.itervalues(self._plugins)]
File “/usr/lib/python3/dist-packages/certbot/plugins/disco.py”, line 251, in
return [plugin_ep.prepare() for plugin_ep in six.itervalues(self._plugins)]
File “/usr/lib/python3/dist-packages/certbot/plugins/disco.py”, line 132, in prepare
self._initialized.prepare()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 258, in prepare
self.vhosts = self.get_virtual_hosts()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 847, in get_virtual_hosts
new_vhost = self._create_vhost(path)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 823, in _create_vhost
self._add_servernames(vhost)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 773, in _add_servernames
servername, serveraliases = self._get_vhost_names(host.path)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 755, in _get_vhost_names
serveralias = self.parser.get_arg(alias)
File “/usr/lib/python3/dist-packages/certbot_apache/parser.py”, line 467, in get_arg
value = self.aug.get(match)
File “/usr/lib/python3/dist-packages/augeas.py”, line 147, in get
return dec(value.value)
File “/usr/lib/python3/dist-packages/augeas.py”, line 65, in dec
return st.decode(AUGENC)
UnicodeDecodeError: ‘utf-8’ codec can’t decode byte 0xfc in position 15: invalid start byte

and for Register an new cert:

2019-03-19 11:48:59,706:DEBUG:certbot.main:certbot version: 0.28.0
2019-03-19 11:48:59,707:DEBUG:certbot.main:Arguments: [’–apache’]
2019-03-19 11:48:59,708:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-03-19 11:48:59,717:DEBUG:certbot.log:Root logging level set at 20
2019-03-19 11:48:59,718:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-03-19 11:48:59,719:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-03-19 11:48:59,799:DEBUG:certbot_apache.configurator:Apache version is 2.4.25
2019-03-19 11:49:00,189:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.28.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1340, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1076, in run
installer, authenticator = plug_sel.choose_configurator_plugins(config, plugins, “run”)
File “/usr/lib/python3/dist-packages/certbot/plugins/selection.py”, line 225, in choose_configurator_plugins
authenticator = installer = pick_configurator(config, req_inst, plugins)
File “/usr/lib/python3/dist-packages/certbot/plugins/selection.py”, line 25, in pick_configurator
(interfaces.IAuthenticator, interfaces.IInstaller))
File “/usr/lib/python3/dist-packages/certbot/plugins/selection.py”, line 106, in pick_plugin
verified.prepare()
File “/usr/lib/python3/dist-packages/certbot/plugins/disco.py”, line 251, in prepare
return [plugin_ep.prepare() for plugin_ep in six.itervalues(self._plugins)]
File “/usr/lib/python3/dist-packages/certbot/plugins/disco.py”, line 251, in
return [plugin_ep.prepare() for plugin_ep in six.itervalues(self._plugins)]
File “/usr/lib/python3/dist-packages/certbot/plugins/disco.py”, line 132, in prepare
self._initialized.prepare()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 258, in prepare
self.vhosts = self.get_virtual_hosts()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 847, in get_virtual_hosts
new_vhost = self._create_vhost(path)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 823, in _create_vhost
self._add_servernames(vhost)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 773, in _add_servernames
servername, serveraliases = self._get_vhost_names(host.path)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 755, in _get_vhost_names
serveralias = self.parser.get_arg(alias)
File “/usr/lib/python3/dist-packages/certbot_apache/parser.py”, line 467, in get_arg
value = self.aug.get(match)
File “/usr/lib/python3/dist-packages/augeas.py”, line 147, in get
return dec(value.value)
File “/usr/lib/python3/dist-packages/augeas.py”, line 65, in dec
return st.decode(AUGENC)
UnicodeDecodeError: ‘utf-8’ codec can’t decode byte 0xfc in position 15: invalid start byte
2019-03-19 11:49:00,191:ERROR:certbot.log:An unexpected error occurred:

2

Hi @Shallowain

check your config file. And your Apache vHost.

Or share these files.

1 Like
3

ok, here is the vHost( i removed the Domainname):

ServerAdmin xxxxx@xxxxx.de ServerName xxxxx.de ServerAlias www.xxxxx.de DocumentRoot /var/www/xxxxx.de/public_html/ ErrorLog /var/www/xxxxx.de/logs/error.log CustomLog /var/www/xxxx.de/logs/access.log combined SSLCertificateFile /etc/letsencrypt/live/xxxxx.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/xxxxx.de/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf

and the config:

renew_before_expiry = 30 days

version = 0.10.2
archive_dir = /etc/letsencrypt/archive/xxxxx.de
cert = /etc/letsencrypt/live/xxxxxx.de/cert.pem
privkey = /etc/letsencrypt/live/xxxxx.de/privkey.pem
chain = /etc/letsencrypt/live/xxxxxx.de/chain.pem
fullchain = /etc/letsencrypt/live/xxxxx.de/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = webroot
installer = apache
account = 46d020905c7caed680b56d20e4f80e68
[[webroot_map]]
xxxxx.de = /var/www/xxxxx.de/public_html
www.xxxxx.com.de = /var/www/xxxxx.de/public_html

4

0xfc = 252 = “ü” - there must be an “ü” somewhere. In one of your vHost files.

5

Python is a bit flaky with UTF-8 BOM (byte-order marks). Check that you’re saving without BOM.

6

Thanks, there was a ü in a dead config file.
Now, this Problem is solved and i got another one, but it looks like the Firewall is Blocking.

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.