Cert renew --dry-run failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: easternwinds.biz

I ran this command: sudo certbot renew --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/easternwinds.biz.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Attempting to renew cert (easternwinds.biz) from /etc/letsencrypt/renewal/easternwinds.biz.conf produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/easternwinds.biz/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/easternwinds.biz/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)
root@EasternWinds:/var/www/html# echo $?
1
root@EasternWinds:/var/www/html#

My web server is (include version):
root@EasternWinds:/var/www/html# apache2 -v
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2019-09-16T13:13:53
root@EasternWinds:/var/www/html#

The operating system my web server runs on is (include version):
root@EasternWinds:/var/www/html# uname -a
Linux EasternWinds 4.15.0-74-generic #83~16.04.1-Ubuntu SMP Wed Dec 18 04:56:23 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
root@EasternWinds:/var/www/html#
root@EasternWinds:/var/www/html# cat /etc/issue
Ubuntu 16.04.5 LTS \n \l

root@EasternWinds:/var/www/html#

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

root@EasternWinds:/var/www/html# certbot --version
certbot 0.31.0
root@EasternWinds:/var/www/html#

Here are last lines and traceback from /var/log/letsencrypt/letsencrypt.log:

2020-06-29 18:27:15,553:WARNING:certbot.renewal:Attempting to renew cert (easternwinds.biz) from /etc/letsencrypt/renewal/easternwinds.biz.conf produced an unexpected error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed. Skipping.
2020-06-29 18:27:15,564:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 452, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1193, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 310, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 369, in obtain_certificate
cert, chain = self.obtain_certificate_from_csr(csr, orderr)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 301, in obtain_certificate_from_csr
orderr = self.acme.finalize_order(orderr, deadline)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 908, in finalize_order
return self.client.finalize_order(orderr, deadline)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 743, in finalize_order
content_type=DER_CONTENT_TYPE).text
File “/usr/lib/python3/dist-packages/acme/client.py”, line 791, in _post_as_get
return self.net.get(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1152, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1054, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed

2020-06-29 18:27:15,565:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2020-06-29 18:27:15,566:ERROR:certbot.renewal: /etc/letsencrypt/live/easternwinds.biz/fullchain.pem (failure)
2020-06-29 18:27:15,566:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1272, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 477, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)

Appreciate any help.

1 Like

Make sure python3-acme is upgraded to the latest version.

2 Likes

Great!

Upgrading to python3-acme all 0.31.0-2+ubuntu16.04.6+certbot+2 did it.

Thanks for resolving this. This issue can be closed.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.