Error when renewing certificate

Help
1

hi how are you?

3 certificates are expiring and when I want to renew them the way I always did, I get the following error:

Processing /etc/letsencrypt/renewal/www.grupovcl.com.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Attempting to renew cert (www.grupovcl.com) from /etc/letsencrypt/renewal/www.grupovcl.com.conf produced an unexpected error: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",). Skipping.

Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.integracapital.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.gendaireiki.net.ar/fullchain.pem (failure)
/etc/letsencrypt/live/andinaplc.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.andinaplc.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.grupovcl.com/fullchain.pem (failure)

1 Like
2

Could you please paste the verbose log or run the command with the -vv option?

1 Like
3

sorry, what command do you want me to run?

1 Like
4

The same command you've used earlier, but with the option -vv added to the other options. Or just paste the most recent log which probably is in /var/log/letsencrypt/

1 Like
5

2021-05-24 11:39:55,636:DEBUG:certbot.main:certbot version: 0.28.0
2021-05-24 11:39:55,636:DEBUG:certbot.main:Arguments:
2021-05-24 11:39:55,636:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-05-24 11:39:55,642:DEBUG:certbot.log:Root logging level set at 20
2021-05-24 11:39:55,642:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-05-24 11:39:55,647:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0xb61e754c> and installer <certbot.cli._Default object at 0xb61e754c>
2021-05-24 11:39:55,651:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2020-09-17 19:51:46 UTC.
2021-05-24 11:39:55,651:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-05-24 11:39:55,651:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-24 11:39:55,704:DEBUG:certbot_apache.configurator:Apache version is 2.4.25
2021-05-24 11:39:56,130:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb61cf98c>
Prep: True
2021-05-24 11:39:56,130:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb61cf98c>
Prep: True
2021-05-24 11:39:56,131:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0xb61cf98c> and installer <certbot_apache.override_debian.DebianConfigurator object at 0xb61cf98c>
2021-05-24 11:39:56,131:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-05-24 11:39:56,133:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(terms_of_service=None, body=Registration(contact=(), key=None, terms_of_service_agreed=None, only_return_existing=None, status=None, agreement=None), new_authzr_uri=None, uri='https://acme-v02.api.letsencrypt.org/acme/acct/85866066'), a90e6d14a248497b01cece9b568cae3d, Meta(creation_host='websrv01.grupovcl.com', creation_dt=datetime.datetime(2020, 5, 11, 17, 17, 8, tzinfo=)))>
2021-05-24 11:39:56,134:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-05-24 11:39:56,136:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-05-24 11:40:06,004:WARNING:certbot.renewal:Attempting to renew cert (www.integracapital.com) from /etc/letsencrypt/renewal/www.integracapital.com.conf produced an unexpected error: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",). Skipping.
2021-05-24 11:40:06,030:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 417, in wrap_socket
cnx.do_handshake()
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1426, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1167, in _raise_ssl_error
raise SysCallError(-1, "Unexpected EOF")
OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 350, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 837, in validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 323, in connect
ssl_context=context)
File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 324, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 424, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 423, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 624, in urlopen
raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 443, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1166, in renew_cert
le_client = _init_le_client(config, auth, installer)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 611, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 248, in init
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "/usr/lib/python3/dist-packages/acme/client.py", line 825, in init
directory = messages.Directory.from_json(net.get(server).json())
File "/usr/lib/python3/dist-packages/acme/client.py", line 1154, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1103, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 497, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

2021-05-24 11:40:06,061:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-06-15 05:44:39 UTC.
2021-05-24 11:40:06,074:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-05-24 11:40:06,095:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-24 11:40:06,175:DEBUG:certbot_apache.configurator:Apache version is 2.4.25
2021-05-24 11:40:06,571:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb6a9282c>
Prep: True
2021-05-24 11:40:06,579:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb6a9282c>
Prep: True
2021-05-24 11:40:06,586:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0xb6a9282c> and installer <certbot_apache.override_debian.DebianConfigurator object at 0xb6a9282c>
2021-05-24 11:40:06,594:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-05-24 11:40:06,604:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(terms_of_service=None, body=Registration(contact=(), key=None, terms_of_service_agreed=None, only_return_existing=None, status=None, agreement=None), new_authzr_uri=None, uri='https://acme-v02.api.letsencrypt.org/acme/acct/85866066'), a90e6d14a248497b01cece9b568cae3d, Meta(creation_host='websrv01.grupovcl.com', creation_dt=datetime.datetime(2020, 5, 11, 17, 17, 8, tzinfo=)))>
2021-05-24 11:40:06,627:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-05-24 11:40:06,639:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-05-24 11:40:06,690:WARNING:certbot.renewal:Attempting to renew cert (www.gendaireiki.net.ar) from /etc/letsencrypt/renewal/www.gendaireiki.net.ar.conf produced an unexpected error: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",). Skipping.
2021-05-24 11:40:06,694:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 417, in wrap_socket
cnx.do_handshake()
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1426, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1167, in _raise_ssl_error
raise SysCallError(-1, "Unexpected EOF")
OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 350, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 837, in validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 323, in connect
ssl_context=context)
File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 324, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 424, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 423, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 624, in urlopen
raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 443, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1166, in renew_cert
le_client = _init_le_client(config, auth, installer)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 611, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 248, in init
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "/usr/lib/python3/dist-packages/acme/client.py", line 825, in init
directory = messages.Directory.from_json(net.get(server).json())
File "/usr/lib/python3/dist-packages/acme/client.py", line 1154, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1103, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 497, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

2021-05-24 11:40:06,714:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-06-12 23:57:18 UTC.
2021-05-24 11:40:06,718:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-05-24 11:40:06,726:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-24 11:40:06,817:DEBUG:certbot_apache.configurator:Apache version is 2.4.25
2021-05-24 11:40:07,279:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb3d1372c>
Prep: True
2021-05-24 11:40:07,291:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb3d1372c>
Prep: True
2021-05-24 11:40:07,302:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0xb3d1372c> and installer <certbot_apache.override_debian.DebianConfigurator object at 0xb3d1372c>
2021-05-24 11:40:07,302:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-05-24 11:40:07,305:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(terms_of_service=None, body=Registration(contact=(), key=None, terms_of_service_agreed=None, only_return_existing=None, status=None, agreement=None), new_authzr_uri=None, uri='https://acme-v02.api.letsencrypt.org/acme/acct/85866066'), a90e6d14a248497b01cece9b568cae3d, Meta(creation_host='websrv01.grupovcl.com', creation_dt=datetime.datetime(2020, 5, 11, 17, 17, 8, tzinfo=)))>
2021-05-24 11:40:07,305:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-05-24 11:40:07,306:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-05-24 11:40:07,340:WARNING:certbot.renewal:Attempting to renew cert (andinaplc.com) from /etc/letsencrypt/renewal/andinaplc.com.conf produced an unexpected error: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",). Skipping.
2021-05-24 11:40:07,340:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 417, in wrap_socket
cnx.do_handshake()
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1426, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1167, in _raise_ssl_error
raise SysCallError(-1, "Unexpected EOF")
OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 350, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 837, in validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 323, in connect
ssl_context=context)
File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 324, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 424, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 423, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 624, in urlopen
raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 443, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1166, in renew_cert
le_client = _init_le_client(config, auth, installer)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 611, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 248, in init
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "/usr/lib/python3/dist-packages/acme/client.py", line 825, in init
directory = messages.Directory.from_json(net.get(server).json())
File "/usr/lib/python3/dist-packages/acme/client.py", line 1154, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1103, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 497, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

2021-05-24 11:40:07,344:INFO:certbot.renewal:Cert not yet due for renewal
2021-05-24 11:40:07,344:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-24 11:40:07,344:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb3c153ac>
2021-05-24 11:40:07,345:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-05-24 11:40:07,347:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-06-12 23:57:39 UTC.
2021-05-24 11:40:07,347:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-05-24 11:40:07,347:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-24 11:40:07,398:DEBUG:certbot_apache.configurator:Apache version is 2.4.25
2021-05-24 11:40:07,845:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb3c2012c>
Prep: True
2021-05-24 11:40:07,845:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb3c2012c>
Prep: True
2021-05-24 11:40:07,845:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0xb3c2012c> and installer <certbot_apache.override_debian.DebianConfigurator object at 0xb3c2012c>
2021-05-24 11:40:07,846:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-05-24 11:40:07,848:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(terms_of_service=None, body=Registration(contact=(), key=None, terms_of_service_agreed=None, only_return_existing=None, status=None, agreement=None), new_authzr_uri=None, uri='https://acme-v02.api.letsencrypt.org/acme/acct/85866066'), a90e6d14a248497b01cece9b568cae3d, Meta(creation_host='websrv01.grupovcl.com', creation_dt=datetime.datetime(2020, 5, 11, 17, 17, 8, tzinfo=)))>
2021-05-24 11:40:07,848:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-05-24 11:40:07,849:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-05-24 11:40:07,881:WARNING:certbot.renewal:Attempting to renew cert (www.andinaplc.com) from /etc/letsencrypt/renewal/www.andinaplc.com.conf produced an unexpected error: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",). Skipping.
2021-05-24 11:40:07,882:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 417, in wrap_socket
cnx.do_handshake()
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1426, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1167, in _raise_ssl_error
raise SysCallError(-1, "Unexpected EOF")
OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 350, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 837, in validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 323, in connect
ssl_context=context)
File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 324, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 424, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 423, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 624, in urlopen
raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 443, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1166, in renew_cert
le_client = _init_le_client(config, auth, installer)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 611, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 248, in init
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "/usr/lib/python3/dist-packages/acme/client.py", line 825, in init
directory = messages.Directory.from_json(net.get(server).json())
File "/usr/lib/python3/dist-packages/acme/client.py", line 1154, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1103, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 497, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

2021-05-24 11:40:07,884:INFO:certbot.renewal:Cert not yet due for renewal
2021-05-24 11:40:07,885:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-24 11:40:07,885:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb3c20c6c>
2021-05-24 11:40:07,885:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-05-24 11:40:07,887:INFO:certbot.renewal:Cert not yet due for renewal
2021-05-24 11:40:07,888:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-24 11:40:07,888:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb3c1a94c>
2021-05-24 11:40:07,888:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-05-24 11:40:07,890:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2021-06-16 09:26:20 UTC.
2021-05-24 11:40:07,890:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-05-24 11:40:07,890:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-24 11:40:07,940:DEBUG:certbot_apache.configurator:Apache version is 2.4.25
2021-05-24 11:40:08,338:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb3c153ac>
Prep: True
2021-05-24 11:40:08,338:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb3c153ac>
Prep: True
2021-05-24 11:40:08,338:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0xb3c153ac> and installer <certbot_apache.override_debian.DebianConfigurator object at 0xb3c153ac>
2021-05-24 11:40:08,338:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-05-24 11:40:08,340:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(terms_of_service=None, body=Registration(contact=(), key=None, terms_of_service_agreed=None, only_return_existing=None, status=None, agreement=None), new_authzr_uri=None, uri='https://acme-v02.api.letsencrypt.org/acme/acct/85866066'), a90e6d14a248497b01cece9b568cae3d, Meta(creation_host='websrv01.grupovcl.com', creation_dt=datetime.datetime(2020, 5, 11, 17, 17, 8, tzinfo=)))>
2021-05-24 11:40:08,341:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-05-24 11:40:08,341:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-05-24 11:40:08,399:WARNING:certbot.renewal:Attempting to renew cert (www.grupovcl.com) from /etc/letsencrypt/renewal/www.grupovcl.com.conf produced an unexpected error: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",). Skipping.
2021-05-24 11:40:08,400:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 417, in wrap_socket
cnx.do_handshake()
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1426, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1167, in _raise_ssl_error
raise SysCallError(-1, "Unexpected EOF")
OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 350, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 837, in validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 323, in connect
ssl_context=context)
File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 324, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 424, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 423, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 624, in urlopen
raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 443, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1166, in renew_cert
le_client = _init_le_client(config, auth, installer)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 611, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 248, in init
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 51, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "/usr/lib/python3/dist-packages/acme/client.py", line 825, in init
directory = messages.Directory.from_json(net.get(server).json())
File "/usr/lib/python3/dist-packages/acme/client.py", line 1154, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1103, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 497, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)

2021-05-24 11:40:08,408:INFO:certbot.renewal:Cert not yet due for renewal
2021-05-24 11:40:08,409:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-24 11:40:08,410:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb3c15acc>
2021-05-24 11:40:08,410:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-05-24 11:40:08,414:INFO:certbot.renewal:Cert not yet due for renewal
2021-05-24 11:40:08,414:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2021-05-24 11:40:08,415:DEBUG:certbot.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0xb3c2c04c>
2021-05-24 11:40:08,415:DEBUG:certbot.plugins.storage:Plugin storage file /etc/letsencrypt/.pluginstorage.json was empty, no values loaded
2021-05-24 11:40:08,415:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-05-24 11:40:08,415:ERROR:certbot.renewal: /etc/letsencrypt/live/www.integracapital.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.gendaireiki.net.ar/fullchain.pem (failure)
/etc/letsencrypt/live/andinaplc.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.andinaplc.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.grupovcl.com/fullchain.pem (failure)
2021-05-24 11:40:08,416:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1340, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1247, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 468, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 5 renew failure(s), 0 parse failure(s)

1 Like
6

AFAIK this is due to restrictions set to some IP addresses or IP ranges due to a recent DDoS attack. I think it requires the help of @lestaff

1 Like
7

Yup, it looks like this to me:

2 Likes
8

it doesn't let me install new certificates either

The server is behind a fortigate

1 Like
9

No, your entire communication with the Let's Encrypt API has been blocked due to the DDoS mitigations referenced by @petercooperjr above.

The only thing you can do now is wait for the LE staff (which I already tagged above) to investigate and, if applicable, remove the block for your IP address.

1 Like
10

thats weird! good in what can help I will. I have a static IP

1 Like
11

Not sure if there's anything for you to do than wait. I'm pretty sure that today isn't a business day for the LE staff due to Pentecost.

1 Like
12

We are in the office so to speak, granted the office is the porch because it's nice out today :sun_behind_small_cloud: . I'll take a look in the CDN and unblock @JuanPabloPWR.

Edit: The IPv4/v6 address was not blocked in our CDN or on our loadbalancers.

3 Likes
13

Thank you very much, in case you need it I have 2 classes of static ip

200.42.102.0/24

And

190.2.58.189

1 Like
14

Do you have any IPv6 ranges? I'm not showing those networks as blocked.

1 Like
15

no, only IPv4 address

2 Likes
16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.