Certbot does no longer run due to an SSL error

astolzen · February 27, 2017, 6:30pm

Please fill out the fields below so we can help you better.

My domain is: *.myandi.net

I ran this command: certbot renew or certbot certonly (with local Server)

It produced this output: SSLError: unknown error (_ssl.c:2747)
details via /var/log/letsencrypt
2017-02-27 18:20:23,342:DEBUG:certbot.main:Picked account: <Account(851f5faec4bfe93c4a82aa740ff54cdd)>
2017-02-27 18:20:23,346:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2017-02-27 18:20:23,348:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-02-27 18:20:23,362:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.9.3’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 776, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 558, in obtain_cert
le_client = _init_le_client(config, auth, installer)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 375, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 190, in init
acme = acme_from_config_key(config, self.account.key)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 42, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 63, in init
self.net.get(directory).json())
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 624, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 606, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python2.7/site-packages/requests/sessions.py”, line 464, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python2.7/site-packages/requests/sessions.py”, line 576, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python2.7/site-packages/requests/adapters.py”, line 431, in send
raise SSLError(e, request=request)
SSLError: unknown error (_ssl.c:2747)

My operating system is (include version): Centos 7 (latest, yum update * last week)

My web server is (include version): nginx (but until now I used renew or certonly with cerbot inbuilt web server)

My hosting provider, if applicable, is: hetzner

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

astolzen · February 28, 2017, 1:46pm

Narrowed the problem down to “Python Dependency Hell”. Old code from the first, github based certbot installation collides with newer rpm installed stuff from epel.

How do I get rid of all certbot related packages and dependencies (rpm, pip and gitub setup.py) so that I can try a clean install?

Maybe you could recode certbot in go to get rid of all the annoying python dependencies.

schoen · February 28, 2017, 11:33pm

Hi @astolzen,

You can take a look at

List of Client Implementations

There are many different clients for Let’s Encrypt, including some written in Go. Most of them have fewer dependencies than Certbot. The main features that Certbot has that most other clients don’t are the ability to edit web server configuration files for you, and the ability to do renewals nearly automatically with certbot renew (without re-specifying domains, keys, authentication methods, etc.). If you don’t need those features, you might be happier with one of the other clients.

system · March 30, 2017, 11:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.