Error receiving certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
workplace.ertelecom.ru bpm-pcenter.cc-voronezh.ertelecom.ru bpms-workplace.ertelecom.ru
I ran this command:
certbot certonly
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?


1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): workplace.ertelecom.ru bpm-pcenter.cc-voronezh.ertelecom.ru bpms-workplace.ertelecom.ru
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bpm-pcenter.cc-voronezh.ertelecom.ru
http-01 challenge for bpms-workplace.ertelecom.ru
http-01 challenge for workplace.ertelecom.ru
An unexpected error occurred:
AttributeError: ‘module’ object has no attribute ‘TLSSNI01’
Please see the logfiles in /var/log/letsencrypt for more details.
My web server is (include version):
IBM HTTP SERVER version 8.5
The operating system my web server runs on is (include version):
OracleLinux 7.6
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no or if you can call it WebSphereApplicationServer admin console
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.39.0

log
2020-04-15 14:19:55,884:INFO:certbot.auth_handler:Performing the following challenges:
2020-04-15 14:19:55,885:INFO:certbot.auth_handler:http-01 challenge for bpm-pcenter.cc-voronezh.ertelecom.ru
2020-04-15 14:19:55,885:INFO:certbot.auth_handler:http-01 challenge for bpms-workplace.ertelecom.ru
2020-04-15 14:19:55,885:INFO:certbot.auth_handler:http-01 challenge for workplace.ertelecom.ru
2020-04-15 14:19:55,885:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.39.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1378, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 405, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 384, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 61, in handle_authorizations
achalls = self._choose_challenges(authzrs)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 185, in _choose_challenges
if any(isinstance(achall.chall, challenges.TLSSNI01) for achall in achalls):
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 185, in
if any(isinstance(achall.chall, challenges.TLSSNI01) for achall in achalls):
AttributeError: ‘module’ object has no attribute ‘TLSSNI01’

I looks like you might have multiple copies of cerbot installed.
which certbot
find / -name certbot

Were there any certificates previously issued?
see/show: certbot certificates

Is there anything in the renewal folder?
ls -l /etc/letsencrypt/renewal/

No this is first install
find / -name certbot
/etc/sysconfig/certbot
/usr/lib/python2.7/site-packages/certbot
/usr/bin/certbot

certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


No certs found.


ls -l /etc/letsencrypt/renewal/
total 0

I am concerned about the message related to TLS-SNI-01
according to this page https://letsencrypt.org/en/docs/challenge-types/ this check is not supported

Yes, me too.
I don’t understand why that is happening and I can’t see anything obviously wrong from your outputs.
hmm…
I would try uninstalling and reinstalling certbot.
[And be sure to follow LE recommended steps.].

See: https://certbot.eff.org/

Unfortunately I have already tried the option with reinstalling,
my research now comes down to the fact that the ibm http server is built on the basis of the apache server but with improvements in the direction of Java, so I can not use the plug-in for apache directly
and this is because the python dependencies for certbot are somehow related to anaconda, although no environments were created, the system should be clean.
Now I see the best option for myself to obtain a certificate and install it in the server in manual mode, by analogy with this guide, but I can’t get the certificate = (
I will be happy to help and thanks anyway

You should try the --webroot option.

Are you absolutely sure all of your packages are up-to-date?

It looks like you might have a newer version of Certbot’s acme module (challenges in the traceback is acme.challenges, I think) while you have an older version of the certbot module (likely 0.39.0, since that’s what /bin/certbot is).

Certbot recently removed support for the TLS-SNI-01 challenge type (which Let’s Encrypt disabled long ago), so if you’re mixing older components that still recognize it with newer ones that don’t, you’ll run into problems.

There could be a packaging error – or some other problem – but just upgrading your packages might fix the issue.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.