Certbot updated still errors?

Help
1

Hi,

I recently updated Certbot to 0.27.0 with the command "sudo certbot renew --dry-run". Everything is running fine but i am not sure if ACMEv02 is running. In the log file /var/log/letsencrypt/letsencrypt.log i see no entry of acme-v02. Is there another way to verify i am running ACMEv02?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://odoo.smarterliving.nl

I ran this command: sudo certbot renew --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/odoo.smarterliving.nl.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for odoo.smarterliving.nl
Waiting for verification...
Cleaning up challenges

new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/odoo.smarterliving.nl/fullchain.pem

** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/odoo.smarterliving.nl/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)

Running post-hook command: /etc/letsencrypt/renewal-hooks/post/post.sh

My web server is (include version): NGINX 1.14.0

The operating system my web server runs on is (include version): Ubuntu 4.15.0-74-generic

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.27.0

1 Like
2

Since only ACMEv2 is allowed, then you must be using it.

If you want to SEE it, then check the log file:
grep v02 /var/log/letsencrypt/letsencrypt.log
If it isn't in there, try adding "-vv":
sudo certbot renew --dry-run --vv
then check the log file again:
grep v02 /var/log/letsencrypt/letsencrypt.log

2 Likes
3

Hi rg305, thank you for your reply.
I have tried the command and could not find that string in the log file.
When i ran the: sudo certbot renew --dry-run -vv and after checking the log file i can find "v02" in the log file.

Thank you very much for the support.

PS: Is it mandatory to update certbot higher than 0.27.0?

2 Likes
4

Please show this output:
grep v02 /var/log/letsencrypt/letsencrypt.log

1 Like
5

This would be the whole output.

root@odoo-dev:/# grep v02 /var/log/letsencrypt/letsencrypt.log
2021-05-25 11:21:00,326:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fca2b00b5f8>)>), contact=(), agreement=None, status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/6166982', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 92aeda817969f0eb496f65da6a27ff64, Meta(creation_dt=datetime.datetime(2018, 5, 28, 12, 25, 8, tzinfo=<UTC>), creation_host='odoo.tigrainvestments.nl'))>
2021-05-25 11:21:00,328:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2021-05-25 11:21:00,333:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
2021-05-25 11:21:00,931:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
2021-05-25 11:21:00,995:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2021-05-25 11:21:01,135:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
2021-05-25 11:21:01,138:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
2021-05-25 11:21:01,624:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 354
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/6166982/62169618
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/52648960"
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/6166982/62169618"
2021-05-25 11:21:01,627:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/52648960:
2021-05-25 11:21:01,784:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/52648960 HTTP/1.1" 200 1123
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/52648960/TIbg1w",
2021-05-25 11:21:01,790:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/52648960/TIbg1w:
2021-05-25 11:21:02,124:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/52648960/TIbg1w HTTP/1.1" 200 848
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/52648960>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/52648960/TIbg1w
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/52648960/TIbg1w",
2021-05-25 11:21:05,131:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/52648960:
2021-05-25 11:21:05,273:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/52648960 HTTP/1.1" 200 1123
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/52648960/TIbg1w",
2021-05-25 11:21:05,278:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/finalize/6166982/62169618:
2021-05-25 11:21:08,404:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/finalize/6166982/62169618 HTTP/1.1" 200 466
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/6166982/62169618
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/52648960"
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/6166982/62169618",
  "certificate": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa8a2c55aaaf2178b7a7619fc143036a4fce"
2021-05-25 11:21:09,407:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/order/6166982/62169618:
2021-05-25 11:21:09,842:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/order/6166982/62169618 HTTP/1.1" 200 466
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/52648960"
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/6166982/62169618",
  "certificate": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa8a2c55aaaf2178b7a7619fc143036a4fce"
2021-05-25 11:21:09,844:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa8a2c55aaaf2178b7a7619fc143036a4fce:
2021-05-25 11:21:10,192:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/cert/fa8a2c55aaaf2178b7a7619fc143036a4fce HTTP/1.1" 200 5763
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa8a2c55aaaf2178b7a7619fc143036a4fce/1>;rel="alternate"
1 Like
6

I see a lot of "v02" in there.

1 Like
7

No, it is not.
[You might be missing out on some newer/cooler features, but you can still use it]

2 Likes
8

Thank you for explaining rg305.
Hereby is my question answered.

2 Likes
9

Welcome to the Let's Encrypt Community :slightly_smiling_face:

FWIW, when assisting someone the other day with webserver configurations for several self-hosted websites, I installed certbot 0.27.0 on the webserver then acquired and installed several certificates without any troubles, so I concur with @rg305. Unless you need the latest and greatest gadgetry, you're likely fine for now with that version.

2 Likes
10

Thank you for your confirmation griffin.
We only use 1 certificate and no other new tools or gadgetry :slight_smile:

2 Likes
11

Today i came across a message from Magento "The response parameter is invalid or malformed."
This is when you log in. After i searched the web its points out to issues with https i think.
Could the update cause this or might there be something with the configuration file?

12

It is highly unlikely that error is caused by the installation of a certificate.

13

It was another plugin that was updated that showed the notification.
Sorry for the inconvenience.

1 Like
14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.