"Error checking key quality" 500 error

NeuronButter · July 28, 2023, 12:28am

crt.sh | neeron.me for what it's worth, but I'm not sure how useful that is since it's not renewing. I can't renew my certificate (Failed to renew certificate neeron.me with error: urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: error checking key quality). Found some information on the urn:ietf:params:acme:error:serverInternal error, but I have no idea what the 'key quality' issue is. (The renewals have been working for months, so I'm not sure if I need to make a new original key?)

My domain is: neeron.me

I ran this command: certbot renew -v / cat /var/log/letsencrypt/letsencrypt.log

It produced this output:

HTTP 500
Server: nginx
Date: Fri, 28 Jul 2023 00:11:29 GMT
Content-Type: application/problem+json
Content-Length: 116
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 88B8dT9PMQfMeutMWN1mws6ThNOVfR7rXmbKmglOPYJ1G6M

{
  "type": "urn:ietf:params:acme:error:serverInternal",
  "detail": "error checking key quality",
  "status": 500
}

(server response in log)

The operating system my web server runs on is (include version): Ubuntu 22.04.2 LTS

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

MrRoyce · July 28, 2023, 12:31am

Same here. Tried 2x. Hopefully they get it sorted soon!

rg305 · July 28, 2023, 12:35am

Hi @MrRoyce, and welcome to the LE community forum

It might have something to do with the trouble message that was being displayed earlier:
Always check:
Let's Encrypt Status

rg305 · July 28, 2023, 12:38am

Hi @NeuronButter, and welcome to the LE community forum

These two things don't add up:

certbot renew -v
https://acme-staging-v02.api.letsencrypt.org/directory

[unless you are only using staging cert(s)]

mcpherrinm · July 28, 2023, 6:12am

Staging was briefly unhappy due to a hardware failure (we don’t have a lot of redundancy in staging, as it’s only a test environment).

These errors occurred because it failed to check the database to see if they were known-bad keys.

This should have resolved once we repaired the server.

NeuronButter · July 30, 2023, 2:00am

I assumed they would've been production, and since they've been working for ages, I assumed it was like that from the beginning. The issue only occurred at the original post, but the renewals have worked today. I'm wondering if something in my configuration isn't set correctly to use the production server?

mcpherrinm · July 30, 2023, 2:19am

Your output clearly shows staging:

Link: <https://acme-staging-v02.api.…

If you’re using the —dry-run flag for certbot, I think it defaults to using staging for that.

MikeMcQ · July 30, 2023, 2:32am

Another possibility ... could you have created a cli.ini file for testing and forgot about it?

https://eff-certbot.readthedocs.io/en/stable/using.html#configuration-file

NeuronButter · July 30, 2023, 12:44pm

Thanks everyone for your replies. I think the confusion came out of the —dry-run flag, the log I grabbed was when I tried that one. It works as expected without the flag. Thanks again!

system · August 29, 2023, 12:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.