Please post your output of python --version
@schoen any ideas here ??
Python 2.6 upgrade python 2.7.5
Can I completely uninstall an existing certificate? What should I do?
Can you post the output of cat /var/log/letsencrypt/letsencrypt.log Only the last 20-30 lines or so.
2017-09-21 07:19:30,976:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: m.zooliv.com
Type: tls
Detail: remote error: tls: handshake failure
Domain: static.zooliv.com
Type: tls
Detail: remote error: tls: handshake failure
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that you have an up-to-date TLS configuration that allows the server to communicate with the Certbot client.
2017-09-21 07:19:30,977:INFO:certbot.auth_handler:Cleaning up challenges
2017-09-21 07:19:30,977:DEBUG:certbot.plugins.standalone:Stopping server at :::443…
2017-09-21 07:19:31,424:WARNING:certbot.renewal:Attempting to renew cert (zooliv.com) from /etc/letsencrypt/renewal/zooliv.com.conf produced an unexpected error: Failed authorization procedure. m.zooliv.com (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure, static.zooliv.com (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure. Skipping.
2017-09-21 07:19:31,426:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/renewal.py”, line 425, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py”, line 651, in renew_cert
_get_and_save_cert(le_client, config, lineage=lineage)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py”, line 77, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/renewal.py”, line 297, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py”, line 318, in obtain_certificate
self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py”, line 81, in get_authorizations
self._respond(resp, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py”, line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py”, line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. m.zooliv.com (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure, static.zooliv.com (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure
2017-09-21 07:19:31,426:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2017-09-21 07:19:31,426:ERROR:certbot.renewal: /etc/letsencrypt/live/zooliv.com/fullchain.pem (failure)
2017-09-21 07:19:31,426:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py”, line 755, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py”, line 705, in renew
renewal.handle_renewal_request(config)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/renewal.py”, line 443, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
Okay one last thing to check please post your output of the following commands
ls -la /etc/letsencrypt/live/
ls -la /etc/letsencrypt/renewal/
This looks like a problem too, you should upgrade your python to the latest version.
[root@10-13-54-22 ~]# ls -la /etc/letsencrypt/live/
total 12
drwx------ 3 root root 4096 Jul 6 17:17 .
drwxr-xr-x 8 root root 4096 Sep 21 15:19 …
drwxr-xr-x 2 root root 4096 Jul 6 17:17 zooliv.com
[root@10-13-54-22 ~]# ls -la /etc/letsencrypt/renewal/
total 12
drwxr-xr-x 2 root root 4096 Jul 6 17:17 .
drwxr-xr-x 8 root root 4096 Sep 21 15:19 …
-rw-r–r-- 1 root root 858 Sep 21 14:45 zooliv.com.conf
[root@10-13-54-22 ~]#
Try upgrading your python to 2.7.x
Python?
It has been upgraded to 2.7.5
[root@10-13-54-22 ~]# python -V
Python 2.7.5
[root@10-13-54-22 ~]#
Can you try this ?
sudo mkdir /opt/certbot/
cd /opt
sudo git clone https://github.com/certbot/certbot.git
cd /certbot
sudo service nginx stop
sudo ./cerbot-auto renew
sudo service nginx start[root@10-13-54-22 certbot]# sudo ./cerbot-auto renew
sudo: ./cerbot-auto: command not found
[root@10-13-54-22 certbot]# sudo ./certbot-auto renew
Upgrading certbot-auto 0.18.1 to 0.18.2…
Replacing certbot-auto…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/zooliv.com.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for zooliv.com
tls-sni-01 challenge for en.zooliv.com
tls-sni-01 challenge for m.zooliv.com
tls-sni-01 challenge for static.zooliv.com
tls-sni-01 challenge for www.zooliv.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (zooliv.com) from /etc/letsencrypt/renewal/zooliv.com.conf produced an unexpected error: Failed authorization procedure. m.zooliv.com (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure, static.zooliv.com (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/zooliv.com/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/zooliv.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: m.zooliv.com
Type: tls
Detail: remote error: tls: handshake failureDomain: static.zooliv.com
Type: tls
Detail: remote error: tls: handshake failureTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
you have an up-to-date TLS configuration that allows the server to
communicate with the Certbot client.
You have DNS problems, all your nslookups should return 106.75.157.57
nslookup zooliv.com
Non-authoritative answer:
Name: zooliv.com
Address: 106.75.157.57
nslookup en.zooliv.com
Non-authoritative answer:
Name: en.zooliv.com
Address: 106.75.157.57
nslookup m.zooliv.com
Non-authoritative answer:
m.zooliv.com canonical name = iduzvr1.qiniudns.com.
iduzvr1.qiniudns.com canonical name = large122.china.line.qiniudns.com.
large122.china.line.qiniudns.com canonical name = chinacdndownload.qiniu.com.w.kunlunea.com.
Name: chinacdndownload.qiniu.com.w.kunlunea.com
Address: 122.225.34.182
Name: chinacdndownload.qiniu.com.w.kunlunea.com
Address: 122.225.34.217
Name: chinacdndownload.qiniu.com.w.kunlunea.com
Address: 122.225.34.179
Name: chinacdndownload.qiniu.com.w.kunlunea.com
Address: 122.225.34.178
Name: chinacdndownload.qiniu.com.w.kunlunea.com
Address: 122.225.34.181
Name: chinacdndownload.qiniu.com.w.kunlunea.com
Address: 122.225.34.216
Name: chinacdndownload.qiniu.com.w.kunlunea.com
Address: 122.225.34.177
Name: chinacdndownload.qiniu.com.w.kunlunea.com
Address: 122.225.34.180
nslookup static.zooliv.com
Non-authoritative answer:
static.zooliv.com canonical name = iduzvof.qiniudns.com.
iduzvof.qiniudns.com canonical name = dt002.china.line.qiniudns.com.
dt002.china.line.qiniudns.com canonical name = tinychinacdnweb.qiniu.com.w.kunlunno.com.
Name: tinychinacdnweb.qiniu.com.w.kunlunno.com
Address: 121.207.229.166
nslookup www.zooliv.com
Non-authoritative answer:
Name: www.zooliv.com
Address: 106.75.157.57
How do I delete existing certificates and certbot-auto?
Why would you want to do that ?? the problem is with your DNS. Nothing is wrong with certbot.
The errors clearly indicate a problem with the A records for static.zooliv.com and m.zooliv.com … fix your DNS errors and your certificate will renew.
Your DNS A Records should be as follows:
; Define IPv4 Addresses
* IN A 106.75.157.57
@ IN A 106.75.157.57
www IN A 106.75.157.57
en IN A 106.75.157.57
m IN A 106.75.157.57
static IN A 106.75.157.57
1 Like
Your DNS is actually quite a mess.
http://dnscheck.pingdom.com/?domain=zooliv.com×tamp=1505977415&view=1
1 Like