Deserialization error: Could not decode 'status' ('ready')


#1

My domain is:
https://groomgy.com

I ran this command:
sudo certbot renew --dry-run --preferred-challenges http --webroot -w mywebroot

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/groomgy.com.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer nginx
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Attempting to renew cert (groomgy.com) from /etc/letsencrypt/renewal/groomgy.com.conf produced an unexpected error: Deserialization error: Could not decode ‘status’ (‘ready’): Deserialization error: Status not recognized. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/groomgy.com/fullchain.pem (failure)


DRY RUN: simulating ‘certbot renew’ close to cert expiry
(The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/groomgy.com/fullchain.pem (failure)
DRY RUN: simulating ‘certbot renew’ close to cert expiry
(The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

The operating system my web server runs on is (include version):
Ubuntu xenial

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

Certbot version:
certbot 0.22.2


I ran the same command without --dry-run yesterday and it renewed one time properly, subsequent --dry-run keeps failing.


#2

Hi @Kimserey,

update your Certbot. The ready - state

is live - 2018-07-05. So if you have this error, your Certbot-version is too old.


#3

The “ready” status is only enabled on the ACME v2 API servers, so your older Certbot can still interact with acme-v01 and acme-staging. That’s probably why some commands work.

If you weren’t able to upgrade quickly, you could take advantage of that. But you’re on Ubuntu 16.04, and it only takes a few seconds to upgrade to the newest version in the PPA.


#4

Thanks a lot @JuergenAuer,

I upgrade certbot to the latest 0.26.1 and it now does http challenge by default and does not need to have the root specified. The following now works fine:

certbot --dry-run renew

Thank you so much.