My domain is: sunnydale.russenmafia.at
I ran this command: “/usr/bin/certbot renew”
and after i hit the rate limit
“/usr/bin/certbot renew --staging --break-my-certs”
It produced this output:
/usr/bin/certbot renew --staging --break-my-certs
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/sunnydale.russenmafia.at.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for sunnydale.russenmafia.at
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (sunnydale.russenmafia.at) from /etc/letsencrypt/renewal/sunnydale.russenmafia.at.conf produced an unexpected error: Failed authorization procedure. sunnydale.russenmafia.at (tls-sni-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout after connect (your server may be slow or overloaded). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/sunnydale.russenmafia.at/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/sunnydale.russenmafia.at/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: sunnydale.russenmafia.at
Type: connection
Detail: Timeout after connect (your server may be slow or
overloaded)To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version):
Server version: Apache/2.4.33 (Debian)
Server built: 2018-05-28T17:29:02
The operating system my web server runs on is (include version):
debian buster/sid
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
when certbot is on this line:
“tls-sni-01 challenge for sunnydale.russenmafia.at”
all hell breaks lose in my apache error log. lots of segfaults …
[Thu Jun 28 14:20:19.403724 2018] [mpm_prefork:notice] [pid 24352] AH00171: Graceful restart requested, doing restart
[Thu Jun 28 14:20:19.438262 2018] [ssl:warn] [pid 24352] AH01906: e93d5dd467e19245a47dd573950cb21b.f668b4a43afa88719f4eff557103363e.acme.inval
id:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jun 28 14:20:19.438643 2018] [mpm_prefork:notice] [pid 24352] AH00163: Apache/2.4.33 (Debian) mpm-itk/2.4.7-04 OpenSSL/1.1.0h mod_perl/2.
0.10 Perl/v5.26.2 configured – resuming normal operations
[Thu Jun 28 14:20:19.438648 2018] [core:notice] [pid 24352] AH00094: Command line: ‘/usr/sbin/apache2’
[Thu Jun 28 14:20:19.440318 2018] [core:notice] [pid 24352] AH00052: child pid 29045 exit signal Segmentation fault (11)
[Thu Jun 28 14:20:19.440328 2018] [core:error] [pid 24352] AH00546: no record of generation 0 of exiting child 29045
[Thu Jun 28 14:20:19.440331 2018] [core:notice] [pid 24352] AH00052: child pid 29046 exit signal Segmentation fault (11)
[Thu Jun 28 14:20:19.440332 2018] [core:error] [pid 24352] AH00546: no record of generation 0 of exiting child 29046
[Thu Jun 28 14:20:19.440335 2018] [core:notice] [pid 24352] AH00052: child pid 29047 exit signal Segmentation fault (11)
[Thu Jun 28 14:20:19.440336 2018] [core:error] [pid 24352] AH00546: no record of generation 0 of exiting child 29047
[Thu Jun 28 14:20:20.442505 2018] [core:notice] [pid 24352] AH00052: child pid 29048 exit signal Segmentation fault (11)
[Thu Jun 28 14:20:20.442573 2018] [core:error] [pid 24352] AH00546: no record of generation 0 of exiting child 29048
[Thu Jun 28 14:20:20.442593 2018] [core:notice] [pid 24352] AH00052: child pid 29049 exit signal Segmentation fault (11)
[Thu Jun 28 14:20:20.442601 2018] [core:error] [pid 24352] AH00546: no record of generation 0 of exiting child 29049
[Thu Jun 28 14:20:21.443722 2018] [core:notice] [pid 24352] AH00052: child pid 29126 exit signal Segmentation fault (11)
after that, my apache2 is in defunct state, not reacting anymore. i have to restart the whole service.
and i have absolutely no clue why it segfaults.