Command previously working with Bitnami lego client no longer does

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
*.tma.life and tma.life

I ran this command:
sudo /opt/bitnami/letsencrypt/lego --dns manual --tls --http.webroot="/eu_dash_laravel_dev/laravel/public" --email="robert@themissionassistant.com" --domains="*.tma.life" --domains="tma.life" --path="/opt/bitnami/letsencrypt" run

NOTE: This is the same command run several times to successfully renew this certificate over the last year. But today when attempting to run it I'm getting the "No key found for account" message before and eventual failure message. In the past I never recived the "No key found for account" message or the message "Domain name contains an invalid character, url:"

It produced this output:
2021/01/04 18:26:58 No key found for account robert@themissionassistant.com. Generating a P384 key.
2021/01/04 18:26:58 Saved key to /var/log/letsencrypt/.lego/accounts/acme-v02.api.letsencrypt.org/robert@themissionassistant.com/keys/robert@themissionassistant.com.key
2021/01/04 18:26:58 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you accept the TOS? Y/n
Y
2021/01/04 18:27:08 [INFO] acme: Registering account for robert@themissionassistant.com
!!!! HEADS UP !!!!

	Your account credentials have been saved in your Let's Encrypt
	configuration directory at "/var/log/letsencrypt/.lego/accounts".
	You should make a secure backup	of this folder now. This
	configuration directory will also contain certificates and
	private keys obtained from Let's Encrypt so making regular
	backups of this folder is ideal.2021/01/04 18:27:08 [INFO] [*.tma.life, tma.xn--life--path=/opt/bitnami/letsencrypt-b7aa] acme: Obtaining bundled SAN certificate

2021/01/04 18:27:08 Could not obtain certificates:
acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for "tma.xn--life--path=/opt/bitnami/letsencrypt-b7aa": Domain name contains an invalid character, url:

My web server is (include version):
nginx/1.16.1

The operating system my web server runs on is (include version):
Ubuntu 16.04.6 LTS

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
lego version 3.2.0 linux/amd64

1 Like

The error from the Let's Encrypt servers mention a part of your command line options. That's obviously not supposed to happen. It also suddenly has a Punycode internationalized domain name label. I think things go wrong between the second --domains option and the --path option. Please make sure your command line is 200 % correct.

2 Likes

This same command line has worked multiple times in the past. I have it saved in a file and then run it every 3 months when the certificate is about to expire. That's what's maddening, if this command worked in the past, why does it no longer work?

1 Like

I have no idea, bit rot?

Fact is, a whole part of the command line options is send as part of a hostname in a request for a certificate.

2 Likes

Welcome to the Let's Encrypt Community, Robert :slightly_smiling_face:

Did you accidentally use a single quote instead of a double quote somehow? I concur with @Osiris. This smells like typo.

1 Like

I found the issue. There was an extra space before the --path option. I'm not sure how that space got in the command. I keep the command saved in a note in Evernote and copy and paste into the terminal when needed.

Griffin, thanks for setting me on the right track by stating that "This smells like typo."

Many Thanks!

2 Likes

:wink:
   

2 Likes

Ah yes, you were right. I just couldn't find the issue. Thanks for your help!

4 Likes