Certbot renew failed with "malformed :: Method not allowed"

I found some topic same as this problem

My system is Ubuntu 16.04 and all package upgrade to lastest, including python3-certbot, python3-certbot-dns-rfc2136 and python3-acme. Certbot version with certbot --version is certbot 0.39.0

My problem is: when I run certbot certonly --dry-run, it tell me The request message was malformed :: Method not allowed

This is my logs:

2020-06-16 18:23:01,372:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/cert/fa2f09e920e8d7d6f63fedad54fbc1cb2a89 HTTP/1.1" 415 168
2020-06-16 18:23:01,374:DEBUG:acme.client:Received response:
HTTP 415
Server: nginx
Date: Tue, 16 Jun 2020 10:23:01 GMT
Content-Type: application/problem+json
Content-Length: 168
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001VmMZpppSJQW8eNMfqGsBtW8GRLKiBqPbxXusbq8iQHM

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Invalid Content-Type header on POST. Content-Type must be \"application/jose+json\"",
  "status": 415
}
2020-06-16 18:23:01,374:DEBUG:acme.client:Error during a POST-as-GET request, your ACME CA may not support it:
urn:ietf:params:acme:error:malformed :: The request message was malformed :: Invalid Content-Type header on POST. Content-Type must be "application/jose+json"
2020-06-16 18:23:01,375:DEBUG:acme.client:Retrying request with GET.
2020-06-16 18:23:01,375:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa2f09e920e8d7d6f63fedad54fbc1cb2a89.
2020-06-16 18:23:01,561:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/cert/fa2f09e920e8d7d6f63fedad54fbc1cb2a89 HTTP/1.1" 405 103
2020-06-16 18:23:01,563:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Date: Tue, 16 Jun 2020 10:23:01 GMT
Content-Type: application/problem+json
Content-Length: 103
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Method not allowed",
  "status": 405
}
2020-06-16 18:23:01,563:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.39.0', 'console_scripts', 'certbot')()
  File "build/bdist.linux-x86_64/egg/certbot/main.py", line 1378, in main
    return config.func(config, plugins)
  File "build/bdist.linux-x86_64/egg/certbot/main.py", line 1265, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "build/bdist.linux-x86_64/egg/certbot/main.py", line 121, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "build/bdist.linux-x86_64/egg/certbot/client.py", line 405, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "build/bdist.linux-x86_64/egg/certbot/client.py", line 364, in obtain_certificate
    cert, chain = self.obtain_certificate_from_csr(csr, orderr)
  File "build/bdist.linux-x86_64/egg/certbot/client.py", line 296, in obtain_certificate_from_csr
    orderr = self.acme.finalize_order(orderr, deadline)
  File "/home/ncnu/.local/lib/python2.7/site-packages/acme/client.py", line 908, in finalize_order
    return self.client.finalize_order(orderr, deadline)
  File "/home/ncnu/.local/lib/python2.7/site-packages/acme/client.py", line 743, in finalize_order
    content_type=DER_CONTENT_TYPE).text
  File "/home/ncnu/.local/lib/python2.7/site-packages/acme/client.py", line 791, in _post_as_get
    return self.net.get(*args, **kwargs)
  File "/home/ncnu/.local/lib/python2.7/site-packages/acme/client.py", line 1152, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/home/ncnu/.local/lib/python2.7/site-packages/acme/client.py", line 1054, in _check_response
    raise messages.Error.from_json(jobj)
Error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Method not allowed
2020-06-16 18:23:01,569:ERROR:certbot.log:An unexpected error occurred:
2020-06-16 18:23:01,570:ERROR:certbot.log:The request message was malformed :: Method not allowed

Does there any idea can fixed it?
Thanks.

1 Like

I am curious where you got Certbot 0.39. The PPA for Ubuntu Xenial does not include that version. It carries an earlier version (0.31.0-2), but has all of the “method not allowed” fixes backported to it.

I would try removing all of the Certbot (and especially python3-acme) packages from your system, and then trying to install again using the instructions at https://certbot.eff.org/lets-encrypt/ubuntuxenial-other . Back up /etc/letsencrypt if you want to, but all your existing certificates should be safe during the downgrade.

3 Likes

You’re right, I’m confused that why my certbot is 0.39. I think I install via binary or other way before.

I remove certbot with apt remove and remove /usr/local/bin/certbot (because after I autoremove and purge it still there) and re-install certbot that version is 0.31.

All thing seems great now, I success to update my certificate.

Thanks a lot.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.