Can't request a cerificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dragonpvp.it

I ran this command: certbot certonly --nginx -d dragonpvp.it

It produced this output: Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 490, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2854, in load_entry_point
return ep.load()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2445, in load
return self.resolve()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 2451, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 10, in
import josepy as jose
File "/usr/lib/python3/dist-packages/josepy/init.py", line 41, in
from josepy.interfaces import JSONDeSerializable
File "/usr/lib/python3/dist-packages/josepy/interfaces.py", line 7, in
from josepy import errors, util
File "/usr/lib/python3/dist-packages/josepy/util.py", line 7, in
import OpenSSL
File "/usr/lib/python3/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1553, in
class X509StoreFlags(object):
File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1573, in X509StoreFlags
CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): (it gives me the same error)

Certbot 0.40.0 is ancient. Please update Certbot according to the instructions at https://certbot.eff.org/.

Also, 1.18.0 is not an Ubuntu version number.

With snapd it shows me an error regarding a nginx plugin for certbot that isn't installed and i could not find any package according to that.

The nginx plugin is built into the certbot snap. Please show the output so we can interpret it better. (In the future it's probably best to immediately provide such output..)

It showed an error about the same plugin for nginx but now it works, thanks... i guess

nvm:

Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/www.dragonpvp.it/certificate.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/www.dragonpvp.it/certificate.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] cannot load certificate "/etc/letsencrypt/live/www.dragonpvp.it/certificate.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(\'/etc/letsencrypt/live/www.dragonpvp.it/certificate.crt\',\'r\') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')

This is not a correct Certbot file, where does that line in your nginx.conf come from? Apparently it also doesn't exist any longer, as nginx can't find it, thus breaking your nginx configuration.

it also does the same if i put "fullchain.pem" or "privkey.pem", also i have a different .conf file named nameless.conf

Do those file exist?

Ok.

No, i tried requesting first the certificates for "dragonpvp.it" and then for "www.dragonpvp.it" but it worked only in the first case

Your nginx configuration should not have anything configured to non-existing files: nginx doesn't like that and errors out. You could temporarily point to the dragonpvp.it certificate. This would mean browsers/clients would temporarily complain about a hostname mismatch, but at least nginx would work, so you can get a new certificate.

My advice would be to include dragonpvp.it and www.dragonpvp.it in the same certificate.

Thanks a lot! It worked now!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.