Certbot debian nginx

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tt-osl-pokal.de

I ran this command: certbot renew

It produced this output:The following certs are not due for renewal yet:
/etc/letsencrypt/live/mail.tt-osl-pokal.de/fullchain.pem (skipped)
/etc/letsencrypt/live/www.tt-osl-pokal.de/fullchain.pem (skipped)
No renewals were attempted.

My web server is (include version):1.10.3

The operating system my web server runs on is (include version): Debian 4.9.65-3 (2017-12-03) x86_64 GNU/Linux

My hosting provider, if applicable, is: ispone

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

What exactly is the problem you’re having? If a certificate isn’t about to expire within the next 30 days, certbot renew won’t renew the certificate, because that’s not necessary yet. Only when it’s about to expire, it will renew the certificate.

i becam news from letsencrypt. The certificat is out of date now. thats is the problem.

wfg

Eval

This does not have to be true.
Look at the transparency logs:

https://crt.sh/?q=%tt-osl-pokal.de

Two certificates (with 7 distinct domain names) have been renewed on 2018-01-06.
BTW: You seem to be using the wrong certificate for your website (mail.tt-osl-pokal.de instead of www.tt-osl-pokal.de).

mmh icant follow you. I have only the two certificats and nothing to do on the configs.

Or the renew command renew only one certificate ?

Have a look at the output of the command certbot certificates.
This will list each certificate including the domain names and the expiration date.

Yes i have the that was renew but my demon say this is a old certificate.

I have now try to delete the both certificate from the folder: live, archive, keys
And make new certificate but the error is now: ERROR:certbot.log:The request message was malformed :: Error creating new authz :: Name does not end in a public suffix

the log: 2018-02-05 13:50:06,171:DEBUG:acme.client:Storing nonce: j–gFfUJarPGZU13BUGyFJYg6eAME2ZpqnaB_AdfKgE
2018-02-05 13:50:06,171:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/letsencrypt”, line 11, in
load_entry_point(‘certbot==0.19.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 861, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 786, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 85, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 357, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 318, in obtain_certificate
self.config.allow_subset_of_names)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 66, in get_authorizations
self.authzr[domain] = self.acme.request_domain_challenges(domain)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 212, in request_domain_challenges
typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 191, in request_challenges
response = self.net.post(self.directory.new_authz, new_authz)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 682, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 695, in _post_once
return self._check_response(response, content_type=content_type)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 582, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:malformed :: The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
2018-02-05 13:50:06,173:ERROR:certbot.log:An unexpected error occurred:
2018-02-05 13:50:06,173:ERROR:certbot.log:The request message was malformed :: Error creating new authz :: Name does not end in a public suffix

You should definitely not have done this. There is a command certbot delete for this case. Futhermore, you will now be unable to restart the services which used the certificate files.

To start from scratch, it might be easier to delete all files below /etc/letsencrypt/, maybe another community member could elaborate on whether this works or not.

1 Like

I have purge the certbot and reinstall but this:

now make this fail: letsencrypt certonly --standalone --rsa-key-size 4096 -d tt-osl-pokal.de -d www.tt-osl-pokal.de -d downloads.tt-osl-pokal.de -d gast.tt-osl-pokal.d -d netdata.tt-osl-pokal.de -d ts3wi.tt-osl-pokal.de -d mail.tt-osl-pokal.de -d imap.tt-osl-pokal.de -d smtp.tt-osl-pokal.de -d pop3.tt-osl-pokal.de
Traceback (most recent call last):
File “/usr/bin/letsencrypt”, line 11, in
load_entry_point(‘certbot==0.10.2’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 828, in main
args = cli.prepare_and_parse_args(plugins, cli_args)
File “/usr/lib/python2.7/dist-packages/certbot/cli.py”, line 1057, in prepare_and_parse_args
return helpful.parse_args()
File “/usr/lib/python2.7/dist-packages/certbot/cli.py”, line 517, in parse_args
parsed_args = self.parser.parse_args(self.args)
File “/usr/lib/python2.7/dist-packages/configargparse.py”, line 402, in parse_args
env_vars = env_vars)
File “/usr/lib/python2.7/dist-packages/configargparse.py”, line 556, in parse_known_args
self, args=args, namespace=namespace)
File “/usr/lib/python2.7/argparse.py”, line 1733, in parse_known_args
namespace, args = self._parse_known_args(args, namespace)
File “/usr/lib/python2.7/argparse.py”, line 1968, in _parse_known_args
self._get_value(action, action.default))
File “/usr/lib/python2.7/argparse.py”, line 2260, in _get_value
result = type_func(arg_string)
File “/usr/lib/python2.7/posixpath.py”, line 364, in abspath
cwd = os.getcwd()
OSError: [Errno 2] No such file or directory

Just a guess: you have reinstalled certbot while staying in a directory which got deleted during deinstallation.
Try the following command and then retry calling certbot:

cd

no the same:
root@mail:/etc/letsencrypt# cd
root@mail:~# letsencrypt certonly --standalone --rsa-key-size 4096 -d tt-osl-pokal.de -d www.tt-osl-pokal.de -d downloads.tt-osl-pokal.de -d gast.tt-osl-pokal.d -d netdata.tt-osl-pokal.de -d ts3wi.tt-osl-pokal.de -d mail.tt-osl-pokal.de -d imap.tt-osl-pokal.de -d smtp.tt-osl-pokal.de -d pop3.tt-osl-pokal.de
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
Please see the logfiles in /var/log/letsencrypt for more details.

Its obviously not the same error!
The problem is the 4th. mentioned domain: gast.tt-osl-pokal.d
The ending is not correct.

Ok thanks that was it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.