Fullchain.pem (failure)

Ejust · February 25, 2023, 1:21pm

My domain is:utcl.co.ug

I ran this command: sudo certbot renew

It produced this output:

Attempting to renew cert (mail.utcl.co.ug) from /etc/letsencrypt/renewal/mail.utcl.co.ug.conf produced an unexpected error: '<' not supported between instances of 'int' and 'NoneType'. Skipping.
All renewal attempts failed. The following certs could not be renewed:
** /etc/letsencrypt/live/mail.utcl.co.ug/fullchain.pem (failure)**

My web server is (include version): Zentyal 6.2

The operating system my web server runs on is (include version): Ubuntu 18.04.6 LTS

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

MikeMcQ · February 25, 2023, 2:55pm

Welcome @Ejust

That is a very unusual error. Would you show the contents of this file

/etc/letsencrypt/renewal/mail.utcl.co.ug.conf

Also, certbot 0.31.0 is very old. Ubuntu 18 supports a much newer snap version. See:

Ejust · February 25, 2023, 3:13pm

# renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/mail.utcl.co.ug
cert = /etc/letsencrypt/live/mail.utcl.co.ug/cert.pem
privkey = /etc/letsencrypt/live/mail.utcl.co.ug/privkey.pem
chain = /etc/letsencrypt/live/mail.utcl.co.ug/chain.pem
fullchain = /etc/letsencrypt/live/mail.utcl.co.ug/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = bcedb0b640641e17c6bf8427386b5204
authenticator = apache
installer = apache
server = https://acme-v02.api.letsencrypt.org/directory

MikeMcQ · February 25, 2023, 3:28pm

There is an unusual python error. Upgrading your certbot version might fix it. Otherwise, can you upload the /var/log/letsencrypt/letsencrypt.log file?

You will need to copy it to a .txt to upload

If you can only copy/paste it, please add 3 backticks before and after the contents (which will be very long) like this

```
pasted log contents
```

Ejust · February 25, 2023, 3:57pm

letsencrypt.txt (3.7 KB)

MikeMcQ · February 25, 2023, 4:00pm

Thanks. We'll need to wait for different expert like @Osiris or @_az

Osiris · February 25, 2023, 4:21pm

I suspect the corresponding /archive/ is in a non-standard configuration.

Could you please show the output of:

ls -l /etc/letsencrypt/archive/mail.utcl.co.ug

Although I fully agree upgrading to an up to date version of Certbot instead of one that was released 4 years ago is a very good idea too.

linkp · February 25, 2023, 7:27pm

With Ubuntu 18.04 reaching the end of hardware and maintenance updates in 2 months, it might be worth upgrading the Zentyal 6.2 to Zentyal 7.0 as it is based on Ubuntu 20.04 LTS.

_az · February 25, 2023, 8:13pm

I think that one or more of the files out of the archive directory was deleted by hand. Answering Osiris' question should show what's going on.

Ejust · February 27, 2023, 9:41am

Thank you for the continous support

rg305 · February 27, 2023, 2:44pm

The cert.pem file is missing the number "1" - as seen on the remaining files.
Based on the matching timestamp, it had the "1" when created.
That means... something has altered that file name.

Ejust · February 28, 2023, 5:44am

Hi,

could it be okay if we, renamed the cert.pem file to cert1.pem an try the renewal.

rg305 · February 28, 2023, 5:54am

Possibly.
I would try that.

system · March 30, 2023, 5:54am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/fullchain.pem (failure) Help	7	23676	March 3, 2019
Fullchain.pem (failure) Help	7	9323	January 1, 2019
Cant renew certbot Help	7	6808	April 7, 2019
Sudo Certbot renew failed Help	4	742	August 19, 2020
Fullchain does not match cert and chain Help	11	3293	February 15, 2020

Fullchain.pem (failure)

Related topics