Cerbot renewal failure Error adding TXT record: Expecting value: line 1 column 1 (char 0)

gratefulfrog · October 24, 2023, 3:06pm

My domain is: thermostat.gratefulfrog.org
I ran this command: sudo certbot renew --dry-run
It produced this output:

$ sudo certbot renew --dry-run 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/thermostat.gratefulfrog.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for thermostat.gratefulfrog.org
Failed to renew certificate thermostat.gratefulfrog.org with error: Error adding TXT record: Expecting value: line 1 column 1 (char 0)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/thermostat.gratefulfrog.org/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx version: nginx/1.18.0
The operating system my web server runs on is (include version): Debian GNU/Linux 11 (bullseye) on raspberry pi 3Bplus
My hosting provider, if applicable, is: OVH
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.7.2

I am really a noobie to all this, and am at a loss as to how to proceed. I did see this issue, but it seems to indicate that it is fixed in certbot 2.72 ? https://github.com/certbot/certbot/issues/9799

Any thoughts?

Bruce5051 · October 24, 2023, 3:51pm

Hello @gratefulfrog, welcome to the Let's Encrypt community.

I suggest sharing the contents of the file

Bruce5051 · October 24, 2023, 3:56pm

Also using the online tool https://unboundtest.com/ yields these results https://unboundtest.com/m/TXT/_acme-challenge.thermostat.gratefulfrog.org/YPPZVUQH
for TXT records for _acme-challenge.thermostat.gratefulfrog.org, which look good to me.

Query results for TXT _acme-challenge.thermostat.gratefulfrog.org

Response:
;; opcode: QUERY, status: NOERROR, id: 15211
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: do; udp: 512

;; QUESTION SECTION:
;_acme-challenge.thermostat.gratefulfrog.org.	IN	 TXT

;; ANSWER SECTION:
_acme-challenge.thermostat.gratefulfrog.org.	0	IN	TXT	"5Ots6QXEvYSb1uNlVRMO0ah3_yc7MPDTmUrfa74pwpM"
_acme-challenge.thermostat.gratefulfrog.org.	0	IN	RRSIG	TXT 8 4 60 20231123142406 20231024142406 9166 gratefulfrog.org. Q+ZmiCjym/D01xyMtOilpsUDhvSz4nfieWE7qh9jBoW3L8ba7uPpLAuekzCkrI7UbTtJhgMSWPXMkvqPtWn7ULaRAWxEhBOKTGr3GmNGrQguiO8B+ebpyaPZDM/OQPtbzFEZKVQGFG2ed0EeJJ7oRZTwx39lnKcjYGaIrb5rvLg=

----- Unbound logs -----
Oct 24 15:45:56 unbound[258432:0] notice: init module 0: validator
Oct 24 15:45:56 unbound[258432:0] notice: init module 1: iterator
Oct 24 15:45:56 unbound[258432:0] info: start of service (unbound 1.16.3).
Oct 24 15:45:57 unbound[258432:0] query: 127.0.0.1 _acme-challenge.thermostat.gratefulfrog.org. TXT IN
Oct 24 15:45:57 unbound[258432:0] info: resolving _acme-challenge.thermostat.gratefulfrog.org. TXT IN

Bruce5051 · October 24, 2023, 4:02pm

And a certificate was issued 2023-10-24

Validity
    Not Before: Oct 24 14:24:06 2023 GMT
    Not After : Jan 22 14:24:05 2024 GMT
Subject:
    commonName                = thermostat.gratefulfrog.org

gratefulfrog · October 24, 2023, 4:09pm

In the meantime, after lots and lots of googling, I found that I needed to update the snaps, in particular the snap that has the certbot ovh dns tools which was one version behind certbot.

$ snap list
Name             Version    Rev    Tracking       Publisher     Notes
certbot          2.7.2      3422   latest/stable  certbot-eff✓  classic
certbot-dns-ovh  2.7.2      3008   latest/stable  certbot-eff✓

Now my cron job will work also, I hope.

Thanks for all the support - this is a great community.

system · November 23, 2023, 4:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.