Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:mail.mididoc.com
I ran this command:certbot renew --force-renewal
It produced this output:
acme.messages.Error: urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Error creating new order
2019-04-01 02:00:24,908:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2019-04-01 02:00:24,909:ERROR:certbot.renewal: /etc/letsencrypt/live/mail.mididoc.com/fullchain.pem (failure)
2019-04-01 02:00:24,909:DEBUG:certbot.log:Exiting abnormally:
My web server is (include version):Apache version 2.4.25
The operating system my web server runs on is (include version):Debian Linux 9
My hosting provider, if applicable, is:contabo
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Webmin
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.28.0
thanks for your answer.
I have been able to automaticly renew my certificate all the last months.
The problem occured the first time, now.
If i use the command:
certbot renew --dry-run
get the output:
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.mididoc.com
Waiting for verification…
Cleaning up challenges
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mail.mididoc.com/fullchain.pem
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/mail.mididoc.com/fullchain.pem (success)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
Nevertheless i got this error message in certbot log file.
If i look in webmin for the certificate it dispays valid till 30th.may.
so the renewal seems to be happened although i got the error message.
mail.mididoc is only accessible for directory:
/.well-known/acme-challenge/
this always worked file
this is because mail.mididoc does not content a website.
it’s a vps server with several sites.
mail.mididoc is only the main vps root.
BTW
as said it always worked.
but some days ago there was a certbot update on my debian9.
it seems that there has something changed till then.
When you see a serverInternal error, there's normally nothing that you can do to fix it. You should try again in a little while, and if there's still a problem, we can ask Let's Encrypt staff to take a look to try to identify the reason.
You’re using a cron job or timer that’s renewing right after 01:00 UTC on the first day of every month.
Did you set it up yourself? Does it specify custom options? Did you have a specific need to set it up that way?
This is speculation, but it might just be that Let’s Encrypt was overloaded for a few minutes and some requests failed.
The Certbot Debian package should have installed a cron job and/or systemd timer that runs twice a day, at completely random times, to ensure better load distribution. And, like I said before, the default behavior is to renew about every 60 days, not every month.
If you verify that the normal cron job/timer is active and everything is configured appropriately and disable this other one, you might not have any future problems.
i tried your command;
certbot renew --webroot certonly --force-renewal
and get the output:
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: certonly
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.mididoc.com
Waiting for verification…
Cleaning up challenges
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mail.mididoc.com/fullchain.pem
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/mail.mididoc.com/fullchain.pem (success)
strange though.
will have a look, if other shedule was installed with the update.
do you have a tip, where this could be?