Error trying to renew the certificate


#1

Hi.
When trying to update the certificate using certbot renew it gives me the following error:

What could be the problem?? I’m in a CentOs 7 on apache

Thank you.
regards


#2

Hi @SysTmas

please answer the following questions. This is the template of #help

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


#3

My domain is: aerolineaslasa.com

I ran this command: certbot renew

It produced this output:(´Conection aborted´), gaierror(-2, ´Name or service no Know´), Skipping

My web server is (include version): Apache/2.4.6 CentOS OpenSSL/1.0.2k-fips PHP/5.6.36

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Claro.Cloud.Com

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot --version certbot 0.27.1

Thank you for helping


#4

Never seen such an error. Looks like your installation is corrupt. You may check

/var/log/letsencrypt/letsencrypt.log

and update your certbot.


#5

The Log File say:

2019-02-04 14:58:50,634:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2019-02-04 14:58:50,635:ERROR:certbot.renewal: /etc/letsencrypt/live/aerolineaslasa.com/fullchain.pem (failure)
2019-02-04 14:58:50,636:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.27.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1364, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1276, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 455, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)


#6

From your server, can you:
curl acme-v02.api.letsencrypt.org


#7

Run the command again and add

certbot renew -vvv

so much more informations are logged.


#8

When trying to run acme-v02.api.letsencrypt.org throws error (6) Unknown error


#9

2019-02-04 19:55:54,095:DEBUG:certbot.main:certbot version: 0.27.1
2019-02-04 19:55:54,095:DEBUG:certbot.main:Arguments: [’-vvv’]
2019-02-04 19:55:54,095:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-02-04 19:55:54,116:DEBUG:certbot.log:Root logging level set at -10
2019-02-04 19:55:54,116:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-02-04 19:55:54,132:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x7fee5a005490> and installer <certbot.cli._Default object at 0x7fee5a005490>
2019-02-04 19:55:54,146:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2019-02-14 00:15:44 UTC.
2019-02-04 19:55:54,146:INFO:certbot.renewal:Cert is due for renewal, auto-renewing…
2019-02-04 19:55:54,147:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-02-04 19:55:54,421:DEBUG:certbot_apache.configurator:Apache version is 2.4.6
2019-02-04 19:55:55,149:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7fee5a04aad0>
Prep: True
2019-02-04 19:55:55,150:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7fee5a04aad0>
Prep: True
2019-02-04 19:55:55,151:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_centos.CentOSConfigurator object at 0x7fee5a04aad0> and installer <certbot_apache.override_centos.CentOSConfigurator object at 0x7fee5a04aad0>
2019-02-04 19:55:55,151:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2019-02-04 19:55:55,210:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None), uri=u’https://acme-v02.api.letsencrypt.org/acme/acct/45875926’, new_authzr_uri=None, terms_of_service=None), 4d99e86d4d5b5c01de1cf302a783255b, Meta(creation_host=u’localhost.localdomain’, creation_dt=datetime.datetime(2018, 11, 16, 1, 13, 35, tzinfo=)))>
2019-02-04 19:55:55,222:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-02-04 19:55:55,230:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2019-02-04 19:55:55,233:WARNING:certbot.renewal:Attempting to renew cert (aerolineaslasa.com) from /etc/letsencrypt/renewal/aerolineaslasa.com.conf produced an unexpected error: (‘Connection aborted.’, gaierror(-2, ‘Name or service not known’)). Skipping.
2019-02-04 19:55:55,235:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 430, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1195, in renew_cert
le_client = _init_le_client(config, auth, installer)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 648, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 247, in init
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 50, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 761, in init
directory = messages.Directory.from_json(net.get(server).json())
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 1095, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 1044, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python2.7/site-packages/requests/sessions.py”, line 464, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python2.7/site-packages/requests/sessions.py”, line 576, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python2.7/site-packages/requests/adapters.py”, line 415, in send
raise ConnectionError(err, request=request)
ConnectionError: (‘Connection aborted.’, gaierror(-2, ‘Name or service not known’))

2019-02-04 19:55:55,297:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2019-02-04 19:55:55,299:ERROR:certbot.renewal: /etc/letsencrypt/live/aerolineaslasa.com/fullchain.pem (failure)
2019-02-04 19:55:55,311:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.27.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1364, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1276, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 455, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)


#10

Checked, that means getaddrinfo - error.

So it looks that your server can’t talk with Letsencrypt.


#11

The gaierror is apparently an abbreviation for getaddrinfoerror, referring to the attempt to do a DNS lookup, Is there some kind of firewall limiting the ability of this server to make DNS queries? What kind of DNS server is your server using?


#12

Seeing the contents of this file may be helpful:


closed #13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.