My domain is:
~ 10 domains, all pointing to the same site:
seasoftsys.com, discsim.com, seasoft.org, calmsim.com, etc.
I ran this command:
sudo certbot certonly --standalone --server https://acme-v02.api.letsencrypt.org/directory --cert-name seasoft -d www.calmsim.com -d catsim.com…
(~ 15 or so domains and sub-domains in that … list)
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
An unexpected error occurred:
Traceback (most recent call last):
File “/usr/local/Cellar/certbot/0.22.0/libexec/lib/python3.6/site-packages/josepy/json_util.py”, line 280, in fields_from_json
fields[slot] = field.decode(value)
File “/usr/local/Cellar/certbot/0.22.0/libexec/lib/python3.6/site-packages/josepy/json_util.py”, line 88, in decode
return self.fdec(value)
File “/usr/local/Cellar/certbot/0.22.0/libexec/lib/python3.6/site-packages/acme/messages.py”, line 123, in from_json
‘{0} not recognized’.format(cls.name))
josepy.errors.DeserializationError: Deserialization error: Status not recognized
During handling of the above exception, another exception occurred:
josepy.errors.DeserializationError: Deserialization error: Could not decode ‘status’ (‘ready’): Deserialization error: Status not recognized
Please see the logfiles in /var/log/letsencrypt for more details.
My web server is (include version):
Apache:
httpd -v or /usr/local/apache/bin/httpd -v
Server version: Apache/2.4.28 (Unix)
Server built: Oct 29 2017 19:28:54
The operating system my web server runs on is (include version):
Mac OSx 10.12.6 (Sierra)
My hosting provider, if applicable, is:
NA
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot --version
certbot 0.22.0
Brief History:
-
I have a single cert serving several domains and subdomains. It was set up and working under the ACMEv1 protocol; My certbot version is 0.22; I believe 0.22 defaults to ACMEv1 unless told otherwise. The domains link to two separate IP numbers, but all domains point to a single web site; (the second IP is just a backup in case the first goes offline for a time & vice versa).
-
I updated to ACMEv2 protocol back in Feb, 2020 with this invocation:
sudo certbot renew --force-renewal --server https://acme-v02.api.letsencrypt.org/directory
Everything worked properly as best I could tell (apachectl configtest good, all pages and domains served up via https to both IPs; acme_v2 showing n letsencrypt logs, etc.)
- Some time later, I added another group of domains & subdomains to my cert with this invocation
certbot certonly --standalone --cert-name seasoft.org -d calmsim.com -d www.calmsim.com -d catsim.com -d www.catsim.com -d discsim.com -d www.discsim.com -d jacksim.com -d www.jacksim.com, etc.
Sadly, I forgot to include the “–server https://acme-v02.api.letsencrypt.org/directory” directive, so I presume certbot defaulted to the ACMEv1 protocol.
A week or so later I got a new ACMEv2 alert from letsencrypt about that June 1 deadline, which was the first indication I had goofed.
- An attempt to get a new certificate using the correct (?) ACMEv2 invocation created the error posted above.
So, it appears something has been corrupted and I can’t think of anything else to try. And, although everything is still functional at the moment, June 1 is not far away
Perhaps I should just nuke everything and start over? I’m not even sure how to do that. Just delete /etc/letsencrypt and go from there?
