Certificate renewal is failing for all of my domains:
- aarontoponce.org
- ae7.st
- ciphermonkey.rocks
- crack3d.pw
- icanhaz.pw
- pthree.org
Running certbot renew
or certbot certonly -d aarontopocne.org
produces the following stacktrace:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1234, in certonly
le_client = _init_le_client(config, auth, installer)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 612, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 266, in __init__
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "/usr/lib/python3/dist-packages/acme/client.py", line 833, in __init__
directory = messages.Directory.from_json(net.get(server).json())
File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1120, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 841, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 344, in connect
ssl_context=context)
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 321, in ssl_wrap_socket
context.load_verify_locations(ca_certs, ca_cert_dir)
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 428, in load_verify_locations
self._ctx.load_verify_locations(cafile, capath)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 776, in load_verify_locations
_raise_current_error()
File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('PEM routines', 'get_header_and_data', 'short header'), ('x509 certificate routines', 'X509_load_cert_crl_file', 'PEM lib')]
This is on a personally administered and fully updated Debian 10 stable server running Apache 2.4.38 with certbot 0.31.0. Everything is being managed via the CLI.