Certbot renew error on Debian9

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:https://matzber-direct.com/

I ran this command:certbot renew

It produced this output: # certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/matzber-direct.com.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Attempting to renew cert (matzber-direct.com) from /etc/letsencrypt/renewal/matzber-direct.com.conf produced an unexpected error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:720). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/matzber-direct.com/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/matzber-direct.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:Apache/2.4.25 (Debian)

I can login to a root shell on my machine (yes or no, or I don't know): yes sure

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 0.28.0

2

Hi @eran82 and welcome to the LE community forum :slight_smile:

Please check if your system can connect and show us the output of:
echo | openssl s_client -connect acme-v02.api.letsencrypt.org:443 | head

I get:

echo | openssl s_client -connect acme-v02.api.letsencrypt.org:443 | head
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = acme-v01.api.letsencrypt.org
verify return:1
CONNECTED(00000005)
---
Certificate chain
 0 s:CN = acme-v01.api.letsencrypt.org
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---
1 Like
3

Sure, this is what i get:

root@debian-s-1vcpu-1gb-lon1-01:~# echo | openssl s_client -connect acme-v02.api.letsencrypt.org:443 | head
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = acme-v01.api.letsencrypt.org
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/CN=acme-v01.api.letsencrypt.org
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
---
4

i solved it by removing the certbot with apt-get remove and than installing the latest version from snapd, thanks! i really really appreciate this community and Letsencrypt in particular! you are doing amazing job!

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.