Certbot broke. Even reinstalling cerbot didn't help


#1

I have been running this for a long time, but yesterday’s renewal failed. I ended up setting up a host on Windows to manually get the certificate and ftp it to the jabber server. That worked. But for 48 hours now I have not been able to get Certbot to run on Ubuntu. I even did an apt purge on certbot and reinstalled. Still get same error.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jabber.aquilatech.com

I ran this command: sudo certbot certonly --dry-run --authenticator standalone -d jabber.aquilatech.com --preferred-challenges http --pre-hook “service nginx stop” --post-hook “service nginx start”

It produced this output:

2018-01-12 13:53:56,681:DEBUG:certbot.main:Root logging level set at 20
2018-01-12 13:53:56,682:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-01-12 13:53:56,682:DEBUG:certbot.main:certbot version: 0.10.2
2018-01-12 13:53:56,683:DEBUG:certbot.main:Arguments: [’–dry-run’, ‘–authenticator’, ‘standalone’, ‘-d’, ‘jabber.aquilatech.com’, ‘–preferred-challenges’, ‘http’, ‘–pre-hook’, ‘service nginx stop’, ‘–post-hook’, ‘service nginx start’]
2018-01-12 13:53:56,683:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2018-01-12 13:53:56,683:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2018-01-12 13:53:56,869:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7f63e737cc90>
Prep: True
2018-01-12 13:53:56,870:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7f63e737cc90> and installer None
2018-01-12 13:53:57,122:DEBUG:root:Sending GET request to https://acme-staging.api.letsencrypt.org/directory.
2018-01-12 13:53:57,125:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2018-01-12 13:53:57,165:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.10.2’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 849, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 621, in obtain_cert
le_client = _init_le_client(config, auth, installer)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 399, in _init_le_client
acc, acme = _determine_account(config)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 384, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 127, in register
acme = acme_from_config_key(config, key)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 41, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 69, in init
self.net.get(directory).json())
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 641, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 614, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 475, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 585, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python2.7/dist-packages/requests/adapters.py”, line 403, in send
timeout=timeout
File “/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py”, line 578, in urlopen
chunked=chunked)
File “/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py”, line 354, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=conn.timeout)
File “/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py”, line 324, in _raise_timeout
if ‘timed out’ in str(err) or ‘did not complete (read)’ in str(err): # Python 2.6
TypeError: str returned non-string (type Error)

My web server is (include version): (standalone)

The operating system my web server runs on is (include version): Ubuntu 17.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Urgh. It encountered some sort of error, and then encountered a bug displaying the original error message. So it’s hard to say what happened. :confounded:

I’d guess the connection to https://acme-staging.api.letsencrypt.org/directory failed badly – and quickly, perhaps with a DNS error or “no route to host” error.

Can you access https://acme-staging.api.letsencrypt.org/directory? If the system has IPv6, can you access it over IPv6?

More confusing still, it appears that bug was fixed in the version of urllib3 used in Ubuntu 17.04.

:confused:

By the way, Ubuntu 17.04’s support ends tomorrow.


#3

Yes, I can hit the acme staging URL fine.
That server is IPv4 only.


#4

I upgraded to 17.10.
Purged certbot and autoremoved all the python stuff.

Reinstalled certbot.

This is the error:
> 2018-01-12 17:59:58,831:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7f5e932b47d0> and installer None
> 2018-01-12 18:00:04,781:DEBUG:acme.client:Sending GET request to https://acme-staging.api.letsencrypt.org/directory.
> 2018-01-12 18:00:04,784:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
> 2018-01-12 18:00:04,837:DEBUG:certbot.log:Exiting abnormally:
> Traceback (most recent call last):
> File “/usr/bin/certbot”, line 11, in
> load_entry_point(‘certbot==0.17.0’, ‘console_scripts’, ‘certbot’)()
> File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 753, in main
> return config.func(config, plugins)
> File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 676, in certonly
> le_client = _init_le_client(config, auth, installer)
> File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 390, in _init_le_client
> acc, acme = _determine_account(config)
> File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 375, in _determine_account
> config, account_storage, tos_cb=_tos_cb)
> File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 163, in register
> acme = acme_from_config_key(config, key)
> File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 45, in acme_from_config_key
> return acme_client.Client(config.server, key=key, net=net)
> File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 71, in init
> self.net.get(directory).json())
> File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 654, in get
> self._send_request(‘GET’, url, **kwargs), content_type=content_type)
> File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 627, in _send_request
> response = self.session.request(method, url, *args, **kwargs)
> File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 502, in request
> resp = self.send(prep, **send_kwargs)
> File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 612, in send
> r = adapter.send(request, **kwargs)
> File “/usr/lib/python2.7/dist-packages/requests/adapters.py”, line 440, in send
> timeout=timeout
> File “/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py”, line 600, in urlopen
> chunked=chunked)
> File “/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py”, line 345, in _make_request
> self._validate_conn(conn)
> File “/usr/lib/python2.7/dist-packages/urllib3/connectionpool.py”, line 846, in validate_conn
> conn.connect()
> File “/usr/lib/python2.7/dist-packages/urllib3/connection.py”, line 326, in connect
> ssl_context=context)
> File "/usr/lib/python2.7/dist-packages/urllib3/util/ssl
.py", line 309, in ssl_wrap_socket
> context.load_verify_locations(ca_certs, ca_cert_dir)
> File “/usr/lib/python2.7/dist-packages/urllib3/contrib/pyopenssl.py”, line 413, in load_verify_locations
> self._ctx.load_verify_locations(cafile, capath)
> File “/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py”, line 525, in load_verify_locations
> _raise_current_error()
> File “/usr/lib/python2.7/dist-packages/OpenSSL/_util.py”, line 48, in exception_from_error_queue
> raise exception_type(errors)
> Error: [(‘asn1 encoding routines’, ‘ASN1_CHECK_TLEN’, ‘wrong tag’), (‘asn1 encoding routines’, ‘ASN1_ITEM_EX_D2I’, ‘nested asn1 error’), (‘asn1 encoding routines’, ‘ASN1_TEMPLATE_NOEXP_D2I’, ‘nested asn1 error’), (‘PEM routines’, ‘PEM_X509_INFO_read_bio’, ‘ASN1 lib’), (‘x509 certificate routines’, ‘X509_load_cert_crl_file’, ‘PEM lib’)]


#5

wget https://acme-staging.api.letsencrypt.org/directory does return valid data.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.