Deserialization error: Status not recognized

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: n64088.org

I ran this command:
sudo certbot certonly
–apache
–cert-name n64088.org
-d n64088.org -d neely.n64088.org -d taxes.n64088.org
-d webqs.n64088.org -d smtp.n64088.org -d imap.n64088.org -d webmail.n64088.org
–dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

-------------------------------------------------------------------------------
You are updating certificate n64088.org to include new domain(s):
+ webqs.n64088.org

You are also removing previously included domain(s):
-

Did you intend to make this change?
-------------------------------------------------------------------------------
(U)pdate cert/(C)ancel: U
Renewing an existing certificate
An unexpected error occurred:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/josepy/json_util.py", line 280, in fields_from_json
    fields[slot] = field.decode(value)
  File "/usr/lib/python3/dist-packages/josepy/json_util.py", line 88, in decode
    return self.fdec(value)
  File "/usr/lib/python3/dist-packages/acme/messages.py", line 123, in from_json
    '{0} not recognized'.format(cls.__name__))
josepy.errors.DeserializationError: Deserialization error: Status not recognized

During handling of the above exception, another exception occurred:

josepy.errors.DeserializationError: Deserialization error: Could not decode 'status' ('ready'): Deserialization error: Status not recognized
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

From the log file:
2018-07-08 15:14:11,965:DEBUG:certbot.main:certbot version: 0.22.2
2018-07-08 15:14:11,967:DEBUG:certbot.main:Arguments: [’–apache’, ‘–cert-name’, ‘n64088.org’, ‘-d’, ‘n64088.org’, ‘-d’, ‘neely.n64088.org’, ‘-d’, ‘taxes.n64088.org’, ‘-d’, ‘webqs.n64088.org’, ‘-d’, ‘smtp.n64088.org’, ‘-d’, ‘imap.n64088.org’, ‘-d’, ‘webmail.n64088.org’, ‘–dry-run’]
2018-07-08 15:14:11,969:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-07-08 15:14:11,987:DEBUG:certbot.log:Root logging level set at 20
2018-07-08 15:14:11,988:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-07-08 15:14:11,990:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2018-07-08 15:14:12,117:DEBUG:certbot_apache.configurator:Apache version is 2.4.18
2018-07-08 15:14:13,205:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7fe5429a2908>
Prep: True
2018-07-08 15:14:13,207:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7fe5429a2908>
Prep: True
2018-07-08 15:14:13,208:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7fe5429a2908> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7fe5429a2908>
2018-07-08 15:14:13,208:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2018-07-08 15:14:13,216:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(contact=(), agreement=None, status=‘valid’, terms_of_service_agreed=None, key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fe53d0a67f0>)>)), new_authzr_uri=None, uri=‘https://acme-staging-v02.api.letsencrypt.org/acme/acct/6138421’, terms_of_service=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’), 64aa9e90b1f244391d71be744be1888a, Meta(creation_dt=datetime.datetime(2018, 5, 23, 14, 3, 5, tzinfo=), creation_host=‘neely.n64088.org’))>
2018-07-08 15:14:13,218:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2018-07-08 15:14:13,222:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
2018-07-08 15:14:13,434:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 724
2018-07-08 15:14:13,435:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 724
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 08 Jul 2018 15:14:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 08 Jul 2018 15:14:13 GMT
Connection: keep-alive

b'{\n  "TCwVZ7-aIjs": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",\n  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",\n  "meta": {\n    "caaIdentities": [\n      "letsencrypt.org"\n    ],\n    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",\n    "website": "https://letsencrypt.org/docs/staging-environment/"\n  },\n  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",\n  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",\n  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",\n  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"\n}'
2018-07-08 15:14:23,866:INFO:certbot.main:Renewing an existing certificate
2018-07-08 15:14:24,100:DEBUG:acme.client:Requesting fresh nonce
2018-07-08 15:14:24,101:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order.
2018-07-08 15:14:24,285:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-order HTTP/1.1" 405 0
2018-07-08 15:14:24,285:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 103
Allow: POST
Replay-Nonce: Gtx7SLsQOe1m2e88BJgizEmqW7aNT-QPZexLkaPlOo4
Expires: Sun, 08 Jul 2018 15:14:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 08 Jul 2018 15:14:24 GMT
Connection: keep-alive

b''
2018-07-08 15:14:24,286:DEBUG:acme.client:Storing nonce: Gtx7SLsQOe1m2e88BJgizEmqW7aNT-QPZexLkaPlOo4
2018-07-08 15:14:24,286:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "value": "n64088.org",\n      "type": "dns"\n    },\n    {\n      "value": "neely.n64088.org",\n      "type": "dns"\n    },\n    {\n      "value": "taxes.n64088.org",\n      "type": "dns"\n    },\n    {\n      "value": "webqs.n64088.org",\n      "type": "dns"\n    },\n    {\n      "value": "smtp.n64088.org",\n      "type": "dns"\n    },\n    {\n      "value": "imap.n64088.org",\n      "type": "dns"\n    },\n    {\n      "value": "webmail.n64088.org",\n      "type": "dns"\n    }\n  ],\n  "resource": "new-order",\n  "status": "pending"\n}'
2018-07-08 15:14:24,291:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzYxMzg0MjEiLCAiYWxnIjogIlJTMjU2IiwgIm5vbmNlIjogIkd0eDdTTHNRT2UxbTJlODhCSmdpekVtcVc3YU5ULVFQWmV4TGthUGxPbzQiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInZhbHVlIjogIm42NDA4OC5vcmciLAogICAgICAidHlwZSI6ICJkbnMiCiAgICB9LAogICAgewogICAgICAidmFsdWUiOiAibmVlbHkubjY0MDg4Lm9yZyIsCiAgICAgICJ0eXBlIjogImRucyIKICAgIH0sCiAgICB7CiAgICAgICJ2YWx1ZSI6ICJ0YXhlcy5uNjQwODgub3JnIiwKICAgICAgInR5cGUiOiAiZG5zIgogICAgfSwKICAgIHsKICAgICAgInZhbHVlIjogIndlYnFzLm42NDA4OC5vcmciLAogICAgICAidHlwZSI6ICJkbnMiCiAgICB9LAogICAgewogICAgICAidmFsdWUiOiAic210cC5uNjQwODgub3JnIiwKICAgICAgInR5cGUiOiAiZG5zIgogICAgfSwKICAgIHsKICAgICAgInZhbHVlIjogImltYXAubjY0MDg4Lm9yZyIsCiAgICAgICJ0eXBlIjogImRucyIKICAgIH0sCiAgICB7CiAgICAgICJ2YWx1ZSI6ICJ3ZWJtYWlsLm42NDA4OC5vcmciLAogICAgICAidHlwZSI6ICJkbnMiCiAgICB9CiAgXSwKICAicmVzb3VyY2UiOiAibmV3LW9yZGVyIiwKICAic3RhdHVzIjogInBlbmRpbmciCn0",
  "signature": "Erin-vc047hPw0rzZ5Z_9-i_OEisrT0FGpyPasjgCG9HfWHp7hPTgsYQblqhN9JNHUU_HuGpu1Jlmu7Q7j4GN47A1a4XKc69nep6sWWTiCBegJRBNcIT1b8R-7j5AuvRuv25LoNE3Vc2mfcxCZvZxwC9HJQMfFUJUAHuT7BsM2c30ck9DJHqTrHgdxgmDa8sL_qtxctUomf8Vu2FLwcGcrq2O3Pnv3oEAVG7MwBv0S9ZHy_aOV2zXx7t0DlofFHYgSu_gZFfmMbZFXzgdR9e1KhoBJjWdZQXNZdctzoWgrZa98Y05aMOvq6ERuaFtLynpagpN5JefsDrOFPirdj3WQ"
}
2018-07-08 15:14:24,490:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 1420
2018-07-08 15:14:24,491:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1420
Boulder-Requester: 6138421
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/6138421/3460088
Replay-Nonce: t_khlmA6Z72XX-AX7hmFvb78Y1Nv5bAFVS3-JT2_cE0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 08 Jul 2018 15:14:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 08 Jul 2018 15:14:24 GMT
Connection: keep-alive

b'{\n  "status": "ready",\n  "expires": "2018-07-10T15:46:42Z",\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "imap.n64088.org"\n    },\n    {\n      "type": "dns",\n      "value": "n64088.org"\n    },\n    {\n      "type": "dns",\n      "value": "neely.n64088.org"\n    },\n    {\n      "type": "dns",\n      "value": "smtp.n64088.org"\n    },\n    {\n      "type": "dns",\n      "value": "taxes.n64088.org"\n    },\n    {\n      "type": "dns",\n      "value": "webmail.n64088.org"\n    },\n    {\n      "type": "dns",\n      "value": "webqs.n64088.org"\n    }\n  ],\n  "authorizations": [\n    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/B_6J8-JL1F3IO3k9Ee1J1FvZi-BNi-nXwbEpCysZgJ0",\n    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/3YkblgD88jr-BLIL9s_5IDBsD9bv73z4sjnEy1Wvawk",\n    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/_r728yQQyVJ4GPKEgv-13Osoel470QvMMMm0BFrvC9E",\n    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/YTp9rUdswVRsoSNWwZkLP8XP0zNEZZv727OvpxIxcJA",\n    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/90yHNyN9aR0eDO5Gq3SYCec5LEzWWJLZC_tnfUCIZzE",\n    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/82r4QL2FJfyXZs2zrshNk5ixXYejQBeHQxmEmu5vnNY",\n    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/3eO923JCGlYBmB3cVhuKwa6ApVYFPE1vwg0YN0-q460"\n  ],\n  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/6138421/3460088"\n}'
2018-07-08 15:14:24,491:DEBUG:acme.client:Storing nonce: t_khlmA6Z72XX-AX7hmFvb78Y1Nv5bAFVS3-JT2_cE0
2018-07-08 15:14:24,492:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/josepy/json_util.py", line 280, in fields_from_json
    fields[slot] = field.decode(value)
  File "/usr/lib/python3/dist-packages/josepy/json_util.py", line 88, in decode
    return self.fdec(value)
  File "/usr/lib/python3/dist-packages/acme/messages.py", line 123, in from_json
    '{0} not recognized'.format(cls.__name__))
josepy.errors.DeserializationError: Deserialization error: Status not recognized

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.22.2', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1266, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1157, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 113, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 297, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 294, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 326, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 779, in new_order
    return self.client.new_order(csr_pem)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 606, in new_order
    body = messages.Order.from_json(response.json())
  File "/usr/lib/python3/dist-packages/josepy/json_util.py", line 289, in from_json
    return cls(**cls.fields_from_json(jobj))
  File "/usr/lib/python3/dist-packages/josepy/json_util.py", line 284, in fields_from_json
    slot, value, error))
josepy.errors.DeserializationError: Deserialization error: Could not decode 'status' ('ready'): Deserialization error: Status not recognized
2018-07-08 15:14:24,495:ERROR:certbot.log:An unexpected error occurred:

It may be that problem:

What version of Certbot are you using? I believe the required fix is in version 0.25.0
You can find out with certbot --version

Using 0.22.2 But that seems to be the latest level from the PPA that I’m using (with Ubuntu 16.04). Is there a PPA with a later version?

Hi @flymikeG

if you use an older Certbot-version: Can you try to use the v1-system?

I think the older v1-system isn't updated to use the ready - state.

See the versions

Edit: Yep, ready is only used with v2

2 Likes

Yes! Ran it with

--server https://acme-v01.api.letsencrypt.org/directory

and it worked.
Thanks!

The Certbot PPA has version 0.25.0.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.