sudo certbot certonly -c /etc/letsencrypt/cli.ini -vv
Root logging level set at 0
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator apache and installer apache
Apache version is 2.4.18
Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0xb6f144ac>
Prep: True
Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0xb6f144ac>
Prep: True
Selected authenticator <certbot_apache.configurator.ApacheConfigurator object at 0xb6f144ac> and installer <certbot_apache.configurator.ApacheConfigurator object at 0xb6f144ac>
Plugins selected: Authenticator apache, Installer apache
Picked account: <Account(RegistrationResource(new_authzr_uri='https://acme-v01.api.letsencrypt.org/acme/new-authz', body=Registration(status=None, key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0xb5ed508c>)>), agreement='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', contact=('mailto:jan-peter@ruehmann.name',)), uri='https://acme-v01.api.letsencrypt.org/acme/reg/7371366', terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), 5cc881b14b0450a6e4563db3d8cd4827, Meta(creation_host='sakura', creation_dt=datetime.datetime(2016, 12, 16, 18, 1, 19, tzinfo=<UTC>)))>
Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
"GET /directory HTTP/1.1" 200 561
Received response:
HTTP 200
connection: keep-alive
pragma: no-cache
strict-transport-security: max-age=604800
content-type: application/json
replay-nonce: 6qLtAoeGD7nppT5ubEJHaOamnwsImurRX2x2b63uZ9I
x-frame-options: DENY
date: Sat, 14 Oct 2017 09:39:10 GMT
cache-control: max-age=0, no-cache, no-store
server: nginx
expires: Sat, 14 Oct 2017 09:39:10 GMT
content-length: 561
b'{\n "iWyoGpCoCCU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",\n "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",\n "meta": {\n "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"\n },\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
Should renew, less than 30 days before certificate expiry 2017-11-11 21:01:00 UTC.
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Requesting fresh nonce
Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
"HEAD /acme/new-authz HTTP/1.1" 405 0
Received response:
HTTP 405
connection: keep-alive
allow: POST
content-length: 91
content-type: application/problem+json
pragma: no-cache
date: Sat, 14 Oct 2017 09:39:10 GMT
cache-control: max-age=0, no-cache, no-store
server: nginx
expires: Sat, 14 Oct 2017 09:39:10 GMT
replay-nonce: xwYKFP1XG4Gchxc5TmT6G6SSf-hqPQWR1jIrCp6bCpQ
b''
Storing nonce: xwYKFP1XG4Gchxc5TmT6G6SSf-hqPQWR1jIrCp6bCpQ
JWS payload:
b'{\n "identifier": {\n "value": "jpruehmann.dnshome.de",\n "type": "dns"\n },\n "resource": "new-authz"\n}'
Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"signature": "cOqkCywAI0YM7BxEHH80nGS5Q10N886l4kNr6MrMCScGMiLm24YMAU2bMRucklRlmftW0wZ4sejEekXIlZBxSr8fD1O_oCcpS6AauST_vnWrKfkHHfZXqQZar3m4fFjXlrJ5Wb2gCIaeDUejDC7Bb37AaXszNCJrL9I-yEUPGM4_CCy8G78GFAJOCOEvrXnz6DdqLKlyx8QD8yr3AUr5gfGwTi8Ih5wl-otUIKyOZH80HJXcJ9zTbi6EhdJuKnGm2wcjoMnLOU6sHfCg2tfJxnAvMpEH2nkC1IL5dPXcHBp7zYf3QJYDATJhhbb8PS5OaHAEDZfy7_Q_ePGBm2J0-A",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInZhbHVlIjogImpwcnVlaG1hbm4uZG5zaG9tZS5kZSIsCiAgICAidHlwZSI6ICJkbnMiCiAgfSwKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9",
"protected": "eyJqd2siOiB7Im4iOiAieU9oTFVMUUZFM1Q4UUtlY0M1dW1OZVBGQTBhUWpZRVhLclEtVVkzaE1JOHJqYjNqeGFGZjNtbkpkRmMta3pvazgza2VZRDVKQk1iWFA0QjBVb2NaTGt5MnNBVzdwUE9JNU9ITXRrUVIzOVZ3Yl83c3hFV2UwWVJ4N1V0WHJYTEh1LUlqYThzdklJeTBJU0Vhczh2ZkxYU3ZJS0R3OWlkVlplS2Mzb0V5OFN1b2w2c0MyaURiS2xHVk5jejlyQWRtYjB3SUkwa0RDMUo0a1J3ZnppbFl6MkxoQWhiVkNSRHJKcDF0dmVQRkxxNThRNHRCeWh6a2hlUGRkUHVtejQzWlZjNWp0c1hVaFlLYk00cTk2NDgtMlR3OXdNcXBhcEFMVEhwcjZsckdhdHk4RVR6OTVsVFVZeGRibm1kU0ZxSW9semxRSWhxMmFqUEpBek5ITk1uZEd3IiwgImt0eSI6ICJSU0EiLCAiZSI6ICJBUUFCIn0sICJub25jZSI6ICJ4d1lLRlAxWEc0R2NoeGM1VG1UNkc2U1NmLWhxUFFXUjFqSXJDcDZiQ3BRIiwgImFsZyI6ICJSUzI1NiJ9"
}
"POST /acme/new-authz HTTP/1.1" 201 999
Received response:
HTTP 201
pragma: no-cache
link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
date: Sat, 14 Oct 2017 09:39:10 GMT
location: https://acme-v01.api.letsencrypt.org/acme/authz/AlYiFS0w2kdwEXUlw37PYoYZ3StEH6hiUoOjsSrTYb0
server: nginx
replay-nonce: 8QyoHMtmazH_spmIpREoD24fDeGiadnq-kjyxc786d4
boulder-requester: 7371366
connection: keep-alive
strict-transport-security: max-age=604800
content-type: application/json
x-frame-options: DENY
cache-control: max-age=0, no-cache, no-store
content-length: 999
expires: Sat, 14 Oct 2017 09:39:10 GMT
b'{\n "identifier": {\n "type": "dns",\n "value": "jpruehmann.dnshome.de"\n },\n "status": "pending",\n "expires": "2017-10-19T22:00:04Z",\n "challenges": [\n {\n "type": "dns-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/AlYiFS0w2kdwEXUlw37PYoYZ3StEH6hiUoOjsSrTYb0/2191368067",\n "token": "MipxMsTPIggcEu0Q151UkS3DqNSN-bxglYP1vYb--sA"\n },\n {\n "type": "tls-sni-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/AlYiFS0w2kdwEXUlw37PYoYZ3StEH6hiUoOjsSrTYb0/2191368086",\n "token": "17DT9NDAl4986LZFIKIZzwVpNHiqMVn9cJA5bOETVzY"\n },\n {\n "type": "http-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/AlYiFS0w2kdwEXUlw37PYoYZ3StEH6hiUoOjsSrTYb0/2191368110",\n "token": "GPTgGqEisIWsC5WFEcyUOny38XEPiPvLHpuHlY4n3a8"\n }\n ],\n "combinations": [\n [\n 0\n ],\n [\n 2\n ],\n [\n 1\n ]\n ]\n}'
Storing nonce: 8QyoHMtmazH_spmIpREoD24fDeGiadnq-kjyxc786d4
Performing the following challenges:
tls-sni-01 challenge for jpruehmann.dnshome.de
Encountered exception:
Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/certbot/auth_handler.py", line 115, in _solve_challenges
resp = self.auth.perform(self.achalls)
File "/usr/local/lib/python3.5/dist-packages/certbot_apache/configurator.py", line 1884, in perform
sni_response = chall_doer.perform()
File "/usr/local/lib/python3.5/dist-packages/certbot_apache/tls_sni_01.py", line 76, in perform
responses.append(self._setup_challenge_cert(achall))
File "/usr/local/lib/python3.5/dist-packages/certbot/plugins/common.py", line 374, in _setup_challenge_cert
cert_key=cert_key)
File "/usr/local/lib/python3.5/dist-packages/certbot/achallenges.py", line 54, in response_and_validation
self.account_key, *args, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/acme/challenges.py", line 205, in response_and_validation
self.validation(account_key, *args, **kwargs))
File "/usr/local/lib/python3.5/dist-packages/acme/challenges.py", line 506, in validation
return self.response(account_key).gen_cert(key=kwargs.get('cert_key'))
File "/usr/local/lib/python3.5/dist-packages/acme/challenges.py", line 417, in gen_cert
'dummy', self.z_domain.decode()], force_san=True), key
File "/usr/local/lib/python3.5/dist-packages/acme/crypto_util.py", line 246, in gen_ss_cert
cert.set_serial_number(int(binascii.hexlify(OpenSSL.rand.bytes(16)), 16))
AttributeError: module 'OpenSSL' has no attribute 'rand'
Calling registered functions
Cleaning up challenges
File:
- Could not be found to be deleted /var/lib/letsencrypt/17DT9NDAl4986LZFIKIZzwVpNHiqMVn9cJA5bOETVzY.pem - Certbot probably shut down unexpectedly
File:
- Could not be found to be deleted /var/lib/letsencrypt/17DT9NDAl4986LZFIKIZzwVpNHiqMVn9cJA5bOETVzY.crt - Certbot probably shut down unexpectedly
Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 11, in <module>
sys.exit(main())
File "/usr/local/lib/python3.5/dist-packages/certbot/main.py", line 755, in main
return config.func(config, plugins)
File "/usr/local/lib/python3.5/dist-packages/certbot/main.py", line 694, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/local/lib/python3.5/dist-packages/certbot/main.py", line 77, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/local/lib/python3.5/dist-packages/certbot/renewal.py", line 297, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File "/usr/local/lib/python3.5/dist-packages/certbot/client.py", line 318, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/local/lib/python3.5/dist-packages/certbot/auth_handler.py", line 74, in get_authorizations
resp = self._solve_challenges()
File "/usr/local/lib/python3.5/dist-packages/certbot/auth_handler.py", line 115, in _solve_challenges
resp = self.auth.perform(self.achalls)
File "/usr/local/lib/python3.5/dist-packages/certbot_apache/configurator.py", line 1884, in perform
sni_response = chall_doer.perform()
File "/usr/local/lib/python3.5/dist-packages/certbot_apache/tls_sni_01.py", line 76, in perform
responses.append(self._setup_challenge_cert(achall))
File "/usr/local/lib/python3.5/dist-packages/certbot/plugins/common.py", line 374, in _setup_challenge_cert
cert_key=cert_key)
File "/usr/local/lib/python3.5/dist-packages/certbot/achallenges.py", line 54, in response_and_validation
self.account_key, *args, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/acme/challenges.py", line 205, in response_and_validation
self.validation(account_key, *args, **kwargs))
File "/usr/local/lib/python3.5/dist-packages/acme/challenges.py", line 506, in validation
return self.response(account_key).gen_cert(key=kwargs.get('cert_key'))
File "/usr/local/lib/python3.5/dist-packages/acme/challenges.py", line 417, in gen_cert
'dummy', self.z_domain.decode()], force_san=True), key
File "/usr/local/lib/python3.5/dist-packages/acme/crypto_util.py", line 246, in gen_ss_cert
cert.set_serial_number(int(binascii.hexlify(OpenSSL.rand.bytes(16)), 16))
AttributeError: module 'OpenSSL' has no attribute 'rand'
An unexpected error occurred:
AttributeError: module 'OpenSSL' has no attribute 'rand'
Please see the logfiles in /var/log/letsencrypt for more details.
# This is an example of the kind of things you can do in a configuration file.
# All flags used by the client can be configured here. Run Certbot with
# "--help" to learn more about the available options.
non-interactive = true
# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096
# Uncomment and update to register with the specified e-mail address
email = jan-peter@ruehmann.name
# Uncomment and update to generate certificates for the specified
# domains.
domains = jpruehmann.dnshome.de
# Uncomment to use a text interface instead of ncurses
# text = True
# Uncomment to use the standalone authenticator on port 443
# authenticator = standalone
# standalone-supported-challenges = tls-sni-01
# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
# authenticator = webroot
# webroot-path = /usr/share/nginx/html
installer = apache
authenticator = apache
apache-enmod = a2enmod
apache-dismod = a2dismod
apache-le-vhost-ext = 000-default-le-ssl.conf
apache-server-root = /etc/apache2
apache-vhost-root = /etc/apache2/sites-available
apache-challenge-location = /etc/apache2
apache-handle-modules = "True"
apache-handle-sites = "True"