Error extending certificate

I got an error sice 26-12 for extending the certificate

My domain is: polmai.nl

I ran this command: certbot renew --dry-run

It produced this output: produced an unexpected error: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

My web server is (include version): Apache 2.4.38

The operating system my web server runs on is (include version): Debian 10

My hosting provider, if applicable, is:

I can login to a root shell on my machine Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): ISpConfig 3.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.31.0

Hi

Could ypu please check of my IP is blocked, i see that as suggestion on the forum.
IP is 145.131.29.155

Many Thnx

Herman

While that indeed is sometimes the issue with handshake issues during the connecting phase, in your error message the details show "certificate verify failed", which is, as far as I know, not the error message when an IP is being blocked.

This looks more like an issue with your system not being able to validate the certificate chain. Could you perhaps try:

openssl s_client -connect acme-staging-v02.api.letsencrypt.org:443 -hostname acme-staging-v02.api.letsencrypt.org
openssl s_client -connect valid-isrgrootx1.letsencrypt.org:443 -hostname valid-isrgrootx1.letsencrypt.org
openssl s_client -connect letsdebug.net:443 -hostname letsdebug.net
3 Likes

Hi

Thnx for the quick reply

I tried that and i can connect to all 3

1 Like

With or without warnings? OpenSSL lets you connect even when errors are present. Please post the output of the commands.

3 Likes

openssl s_client -connect acme-staging-v02.api.letsencrypt.org:443 -host acme-staging-v02.api.letsencrypt.org

CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = acme-staging.api.letsencrypt.org
verify return:1

Certificate chain
0 s:CN = acme-staging.api.letsencrypt.org
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1

Server certificate
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISA12fX+Z2dyYcntHiMIY1RfjQMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMTYwNDQ5NTVaFw0yMjAzMTYwNDQ5NTRaMCsxKTAnBgNVBAMT
IGFjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAtLW4vJMcBAmdiXl6g+e6zej8FWO65itj+y6RgYUW
WuhYjXLoak90v3N3Yocs9e++O4JE864X5xqR1fozqoSexBu00zSLpv+/OqysB4PO
HKIZikoIs5565fut0wqps+kpWN0Ko7TDXLSqPKm2PEjz7rfxZLdQCBBodANj+ExX
/qw5nDOWA/5PhPFzYfdCTE+SfDRq5eZycJ70wy02HzgJWzog6qshnTTKZXlx0u97
dIysH1PLsKI3KMx2bmyh52IiYJ0yafMN844YJlyY+n496WJtDy2+r4A0yMApGuvG
eiUIpODIqw3BUpdtwBgEb1/1I2uuyqSccG7zLOaII6OeKQIDAQABo4ICgjCCAn4w
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSRsh5+NzqL0+a8aDuQocE8b2PTdTAfBgNV
HSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYI
KwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0
cDovL3IzLmkubGVuY3Iub3JnLzBRBgNVHREESjBIgiRhY21lLXN0YWdpbmctdjAy
LmFwaS5sZXRzZW5jcnlwdC5vcmeCIGFjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5
cHQub3JnMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHW
eQIEAgSB9gSB8wDxAHYA36Veq2iCTx9sre64X04+WurNohKkal6OOxLAIERcKnMA
AAF9wco7FgAABAMARzBFAiEAtHBtR125kbB5JqBXH6OJWdawO6SrgofItXM0zUKE
GaUCIHf85EHXZtVUoMjottbiIiShHMPPDGrXIVhXIGzfcgEeAHcARqVV63X6kSAw
taKJafTzfREsQXS+/Um4havy/HD+bUcAAAF9wco7UQAABAMASDBGAiEAjFRx4j8x
B/dxPVJC7PKCRe/B9ijdpLBiL7kIAbMYwoICIQDqBGC8Wf0ChpKS97ixw5+S3et7
+is4elsUuS/3Ii9YNjANBgkqhkiG9w0BAQsFAAOCAQEAcuPOBNHrPPyvXDsCh3n/
MifjBjcObT8uPg9IIL3Sjb5TUI5TFGHQeCnT1vmbztuNwsmM4kb5qQp9J8ddDVwX
lTshShyykGmprVN0qWFhGEw0AdP5k/wAXKVh+8B5cVcKWcWcKVQxUPsuiokhHTBj
1R67ix5UhUR2Xv4TAnwzYf9wUmTNhEDcphJTCoNfQ1jADcIjwWlDXtlDtb67OrdS
FvzXnJKOQq5zzp0mX7mErnHMb2FRfI+w+L5flKchf8eSzhuscptYwoaIPtX4/xeA
fZtJ1FIB9TD7FtSIRlWNttqMShvl3Xq8OLzkKtZAhJ0zg57roslOt6tNIcMXQ9VI
KA==
-----END CERTIFICATE-----
subject=CN = acme-staging.api.letsencrypt.org

issuer=C = US, O = Let's Encrypt, CN = R3


No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits

SSL handshake has read 3264 bytes and written 418 bytes
Verification: OK

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)


Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 616A8D63E2AE55B0E1F03DAAF3FC37FC0934C77D727BDEC00CE6647A2DD73697
Session-ID-ctx:
Resumption PSK: 75CF97A313C7C2BB170FF6F4D8138D7FB4C9841944A0DA3902101C27786769DD4521D4A5399D0A81B4A94B0BBD4E79E7
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 2a 09 c9 92 e8 d4 d2 f2-5f b3 03 37 aa 7f 6f 3a *......._..7..o:
0010 - cb 13 1d 28 e9 8c 28 df-23 8e 7e 57 9f 9a 45 19 ...(..(.#.~W..E.

Start Time: 1640945025
Timeout   : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0

read R BLOCK

Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: DF504C4BE6A1039492A96B16CE0153F742EFC0BCCE4A50CE3699AA14CB1A797B
Session-ID-ctx:
Resumption PSK: A885D4F25463F8AD50BD7B757166A09C135D4537C9CCBC38AA642E6F3A595B65762697B7E7B31CC975BB7B7006FC7E48
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 0a 6c fb 62 42 e3 46 ec-9c 87 0d 15 84 82 3e aa .l.bB.F.......>.
0010 - 97 a6 b2 ba b6 05 9a 2d-f5 ba 5c ed 28 bd ab cc .......-...(...

Start Time: 1640945025
Timeout   : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0

read R BLOCK

openssl s_client -connect valid-isrgrootx1.letsencrypt.org:443 -host valid-isrgrootx1.letsencrypt.org
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = valid-isrgrootx1.letsencrypt.org
verify return:1

Certificate chain
0 s:CN = valid-isrgrootx1.letsencrypt.org
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1

Server certificate
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISBAaszZ0PnwjQIHO8Rv3AiVOMMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMDgxNTAwMjBaFw0yMjAzMDgxNTAwMTlaMCsxKTAnBgNVBAMT
IHZhbGlkLWlzcmdyb290eDEubGV0c2VuY3J5cHQub3JnMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA5Ht9ZHwDzNuARuVm2HoVlSISbkPZQiaRs9jy/ZiR
10xCrvvT239pAy2+vDhnu2S9EkCu6e7v3JwXhuDeNdxWfDtgAkYXOswv1tfKJ2fK
hHZEQ+Sfnv+98zMHk5kq5QRJaH695jGs/HxKn9HsD+KDzW+i06gql0wj0ulLJXg8
QZ4a2ycfWM/uktECGsnOJe+XNvHl/CwwHVGcs69vihINptTCC0HKfcDTByxlHSDJ
F/ZWDn7YLH50gq7sKgGrnNT2y8WrDIqqmpBzd1h99xwzoxVaBoEWQ3vnIqwV52y0
a6q/qYCf7xXI1L2GahfJiuQumC39B71ijsGW7Ix3Rj9kmQIDAQABo4ICWjCCAlYw
DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRmAcd9NcViCgOAbZtr5yIZyy3WQTAfBgNV
HSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYI
KwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0
cDovL3IzLmkubGVuY3Iub3JnLzArBgNVHREEJDAigiB2YWxpZC1pc3Jncm9vdHgx
LmxldHNlbmNyeXB0Lm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf
EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC
AQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vr
S8do8JBilgb2AAABfZrGNncAAAQDAEcwRQIhAM21Drq2jeu8yXpHskGH8NbfXCb0
RGWUwHOYMOlfyS0EAiAGh4XgP8GUI4d9sQcSE6UcGJ3kDjPYysfgRcH9BEqeOwB1
AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAABfZrGNm8AAAQDAEYw
RAIgIvg+iasLBv6xIzMF5X27LQ96A8Yj8319ygC+eMjhW10CIHApsSN21AtTgwpu
i1chVwVjy2WAlPITs1t24WdVOo09MA0GCSqGSIb3DQEBCwUAA4IBAQBO+0gfQhni
kTWUk2Q+qG5y0Eut73x8/LVhctwQxVYzVCO/r8iUP3QePzQeRSakIWTNdyOAeLeV
iNqXUb3FJVx7dlz8/RfnjnYCheXYYxKsQcDBqwg56fTrjfSyYiNP5UoYhSzi0w5P
y7+GqrINMGHDgHDHwu93fRpFW4hs92QZgHPhfJyGiNvKzhxrZSWUvUTE/WFMBxNp
Uv3RwOV0lrLRyCuvGfBSHGEG+BPojAjlik7Diqu99cCxF37xfjf1CbWcBuq9jIcH
VcCTJjyE3T28gzGyC9uxWL2eUiYBvXxiXiULpY58eMzNCBamgPunZFvi3D30DN4X
H+Vsv0i7Mrz2
-----END CERTIFICATE-----
subject=CN = valid-isrgrootx1.letsencrypt.org

issuer=C = US, O = Let's Encrypt, CN = R3


No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 3368 bytes and written 460 bytes
Verification: OK

New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: A5BAD40ECB25A65838CDB5221E5FDEF7ECFCA15F38EE75AEA564B88EA5ED7A59
Session-ID-ctx:
Master-Key: 02C24D80B0851F2D339705AE0270A1F549CF0A43AEB3CE95CF2DF257368ACA76E78AC16BD7A55F6DE788AE2D900E46A8
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - bc d3 7e 87 1c 82 93 93-a3 f6 1d d4 5a 3b 16 bd ..~.........Z;..
0010 - ef 00 e7 a7 fb d1 27 1b-af 63 3d 42 b7 bc 87 3c ......'..c=B...<
0020 - e0 88 14 de dd 5e ff f3-4f 87 bd 85 cf 50 fd 1a .....^..O....P..
0030 - 77 68 07 ff 51 dc 26 ce-8e f1 90 9f df ab d8 63 wh..Q.&........c
0040 - d5 5a 6f c7 81 45 70 41-ab 7e 6f 9d b8 19 ee f9 .Zo..EpA.~o.....
0050 - bc a3 0d 68 22 06 7c 86-09 2a 48 73 06 4c f6 f6 ...h".|..*Hs.L..
0060 - 2e 3a 42 64 9e ab 06 66-65 f4 c7 2d c9 e4 f1 ff .:Bd...fe..-....
0070 - 7c 5e b6 c7 78 11 87 a8-5c f0 9c 01 99 87 6d 04 |^..x........m.
0080 - fd 3e 7f ad 1d 4a b2 5d-e0 ed dd 6b c3 05 78 cd .>...J.]...k..x.
0090 - 9d df 09 fb 39 11 bf 5d-c2 1c 95 46 6e 5c 4b da ....9..]...Fn\K.
00a0 - ae 3a ff d7 74 bf 28 f6-f1 26 83 f2 0f ab 87 98 .:..t.(..&......
00b0 - e7 e5 a9 a9 ad d1 3d 7e-8f 48 18 15 92 5f ed 01 ......=~.H..._..
00c0 - 56 eb 68 3c 04 b2 3e cf-ac ad 72 d4 3e 65 50 f7 V.h<..>...r.>eP.

Start Time: 1640945161
Timeout   : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no

root@server3:~# openssl s_client -connect letsdebug.net:443 -host letsdebug.net
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = letsdebug.net
verify return:1

Certificate chain
0 s:CN = letsdebug.net
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3

Server certificate
-----BEGIN CERTIFICATE-----
MIIEVjCCAz6gAwIBAgISBBFTW9blx6vqycUnr37UIoEJMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMjYyMzI4MDdaFw0yMjAzMjYyMzI4MDZaMBgxFjAUBgNVBAMT
DWxldHNkZWJ1Zy5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASR5DWDDpZG
vSBgwT5Zt8nUc0nPvIH4mVsVKEg8yE7sq8KuMvkHB6Wg2kYWU0vcsab+yV+C7AlE
n8LPlmUmrLPlo4ICSTCCAkUwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQi86iUzozL
pTasuLpFeGHktVYxEzAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBV
BggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9y
ZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAYBgNVHREEETAP
gg1sZXRzZGVidWcubmV0MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8T
AQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIB
BQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5
TV0mXCVdx4QAAAF9+UmSIwAABAMARzBFAiEAtvCpFmVNitRszsnDvEi0YpovXsNG
lE4wBdFR+0cZsU4CICki0QRHXo1s4n7IAqov1T4sYolcL1XhaSDZblJE7jcEAHcA
b1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAF9+UmS5QAABAMASDBG
AiEAum2SuMdHE+zzLV7xJNX3UkiXD3ZvrZcs/j3W6PmrvroCIQCMAf/qp9OqTddw
Q7koOT+RPwmZUsMF+D9LAdWED/RtJzANBgkqhkiG9w0BAQsFAAOCAQEAovMcVCG7
qHgh1Yw+phQfIKQ7VuVbnOhV9yZBqCajkSHQNpS0+swwqvhzR09rs8D+LXrCT4Ad
g1axX2YZML63wCmUQnwF7POsUrfqVqku8ah3aBnaBERVkibxV2kI9DhYEi4uXUWA
s7C0KlefE+dnhWZdt1LoWAn//izJd+27U8w+3FwxBiasMtbPnV7NSCDSISYviZjv
kGlNRwZOVuFJPAcMQzbW7s9Ilc0EGnBbnrSRp4Inya7xzsQrXgktVaEt/nA+WPdB
b5J5D/EXlJrjChYcBiewuGk6Gqt4lgy61VuCwjNKqWRo9REJNtAr2J3BBytOfO1w
gCFmtitM8jgdoQ==
-----END CERTIFICATE-----
subject=CN = letsdebug.net

issuer=C = US, O = Let's Encrypt, CN = R3


No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits

SSL handshake has read 4184 bytes and written 395 bytes
Verification: OK

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)


Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 0350DC8F55B94FF0CA0C0EDB9F4C0C819C61DB7C1D6CC13E72C6A25BA378B92D
Session-ID-ctx:
Resumption PSK: C9EE5391D92C64A22B8F97FE726F358A3B9D3AFC6418DBC7A8D274BCF3EC07417F4C96EFF4DA443C4727996B1C2FEE15
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 37 9e c0 3a 7e b8 ff b2-ee 6a 30 04 a7 a5 18 56 7..:~....j0....V
0010 - 54 f0 c1 eb a8 63 ca 0a-53 88 3d 2c f5 2c 04 45 T....c..S.=,.,.E

Start Time: 1640945191
Timeout   : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0

read R BLOCK

Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: F43FDED785E3FD4806644194208AE1B614B5F132B94D7FD51FBAC36C575C8DDC
Session-ID-ctx:
Resumption PSK: E390368C61D13D39B72EC4A4DAE108CB76108DF541F13DFFFFF2BA3F127F4AF5D3E71A3CC03BECA55E2AF33682FEA2A5
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - b0 7d d8 60 cb fa cf ab-7c 06 c5 ab 02 c5 e8 41 .}.....|......A 0010 - d1 c4 f2 04 1d 86 47 7f-8e 36 60 7b f4 2e 19 af ......G..6{....

Start Time: 1640945191
Timeout   : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0

read R BLOCK

That indeed looks fine.

Could you perhaps check the Debian packages python-requests and python-certifi for their current versions and see if they can be upgraded to something more recent?

3 Likes

Hi

I got it working by removing the excisting certbot installation and follow the instructions on Certbot Instructions | Certbot to install the latest version

I have extended my certificate now.

Thnx for the help

3 Likes

The snap installation probably has the most up to date versions of the required Python packages indeed, so that's a good solution! This way you also benefit from having the most up to date version of certbot too!

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.