HELP - error while installing SSL certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail.thesourceb2b.com

I ran this command: certbot certonly --webroot --dry-run -w /var/www/html -d mail.thesourceb2b.com

It produced this output:

root@mail:~# apt install certbot
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
python3-acme python3-certbot python3-configargparse python3-configobj python3-future python3-icu
python3-josepy python3-mock python3-openssl python3-parsedatetime python3-pbr
python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event
python3-zope.hookable python3-zope.interface
Suggested packages:
python3-certbot-apache python3-certbot-nginx python-certbot-doc python-acme-doc
python-configobj-doc python-future-doc python-mock-doc python-openssl-doc python3-openssl-dbg
The following NEW packages will be installed:
certbot python3-acme python3-certbot python3-configargparse python3-configobj python3-future
python3-icu python3-josepy python3-mock python3-openssl python3-parsedatetime python3-pbr
python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event
python3-zope.hookable python3-zope.interface
0 upgraded, 19 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,315 kB of archives.
Preparing to unpack .../17-python3-icu_2.4.2-0ubuntu3_amd64.deb ...
Unpacking python3-icu (2.4.2-0ubuntu3) ...
Selecting previously unselected package certbot.
Preparing to unpack .../18-certbot_0.40.0-1ubuntu0.1_all.deb ...
Unpacking certbot (0.40.0-1ubuntu0.1) ...
Setting up python3-configargparse (0.13.0-2) ...
Setting up python3-requests-toolbelt (0.8.0-1.1) ...
Setting up python3-icu (2.4.2-0ubuntu3) ...
Setting up python3-zope.event (4.4-2build1) ...
Setting up python3-zope.interface (4.7.1-1) ...
Setting up python3-pbr (5.4.5-0ubuntu1) ...
update-alternatives: using /usr/bin/python3-pbr to provide /usr/bin/pbr (pbr) in auto mode
Setting up python3-openssl (19.0.0-1build1) ...
Setting up python3-tz (2019.3-1) ...
Setting up python3-mock (3.0.5-1build1) ...
Setting up python3-zope.hookable (5.0.0-1build1) ...
Setting up python3-configobj (5.0.6-4) ...
Setting up python3-josepy (1.2.0-2) ...
Setting up python3-future (0.18.2-2) ...
update-alternatives: using /usr/bin/python3-futurize to provide /usr/bin/futurize (futurize) in auto mode
update-alternatives: using /usr/bin/python3-pasteurize to provide /usr/bin/pasteurize (pasteurize) in auto mode
Setting up python3-rfc3339 (1.1-2) ...
Setting up python3-parsedatetime (2.4-5) ...
Setting up python3-zope.component (4.3.0-3) ...
Setting up python3-acme (1.1.0-1) ...
Setting up python3-certbot (0.40.0-1ubuntu0.1) ...
Setting up certbot (0.40.0-1ubuntu0.1) ...
Created symlink /etc/systemd/system/timers.target.wants/certbot.timer → /lib/systemd/system/certbot.timer.
Processing triggers for man-db (2.9.1-1) ...
root@mail:~# certbot certonly --webroot --dry-run -w /var/www/html -d mail.thesourceb2b.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): serveradmin@thesourceb2b.com

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-staging-v02.api.letsencrypt.org/directory

(A)gree/(C)ancel: A
Obtaining a new certificate
An unexpected error occurred:
The server experienced an internal error :: Error creating new order
Please see the logfiles in /var/log/letsencrypt for more details.
IMPORTANT NOTES:

• Your account credentials have been saved in your Certbot
  configuration directory at /etc/letsencrypt. You should make a
  secure backup of this folder now. This configuration directory will
  also contain certificates and private keys obtained by Certbot so
  making regular backups of this folder is ideal.
  root@mail:~# An unexpected error occurred:
  An: command not found

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: Contabo VPS Server

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

find the log details below:

2021-04-26 13:03:18,674:DEBUG:certbot.main:certbot version: 0.40.0
2021-04-26 13:03:18,674:DEBUG:certbot.main:certbot version: 0.40.0
2021-04-26 13:03:18,674:DEBUG:certbot.main:Arguments: ['--webroot', '--dry-run', '-w', '/var/www/html', '-d', 'mail.thesourceb2b.com']
2021-04-26 13:03:18,674:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-04-26 13:03:18,681:DEBUG:certbot.log:Root logging level set at 20
2021-04-26 13:03:18,682:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-04-26 13:03:18,683:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2021-04-26 13:03:18,683:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f2e42a896a0>
Prep: True
2021-04-26 13:03:18,683:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f2e42a896a0> and installer None
2021-04-26 13:03:18,683:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-04-26 13:07:03,206:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2021-04-26 13:07:03,212:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2021-04-26 13:07:03,423:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
2021-04-26 13:07:03,424:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 26 Apr 2021 18:07:03 GMT
Content-Type: application/json
Content-Length: 724
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY

Hi @ugendar nd welcome to the LE community forum

Please include some more detail to better understand the problem.
Please show the output of the following (some may require the use of sudo):
find / -name certbot
which certbot
netstat -pant | grep -i listen
curl -4 ifconfig.co

Hi @rg305

Thanks for your help. Please find below logs per command:

1----------------------------
Welcome!

This server is hosted by Contabo. If you have any questions or need help,
please don't hesitate to contact us at support@contabo.com.

Last login: Mon Apr 26 13:24:48 2021 from 103.105.224.158
root@mail:~# find / -name certbot
/etc/cron.d/certbot
/etc/logrotate.d/certbot
/usr/bin/certbot
/usr/share/doc/certbot
/usr/lib/python3/dist-packages/certbot
root@mail:~#

2----------------------
root@mail:~# which certbot
/usr/bin/certbot
root@mail:~#

3-------------------
root@mail:~# netstat -pant | grep -i listen
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 482/nginx: master p
tcp 0 0 127.0.0.1:8125 0.0.0.0:* LISTEN 2161/netdata
tcp 0 0 127.0.0.1:4190 0.0.0.0:* LISTEN 704/dovecot
tcp 0 0 127.0.0.1:19999 0.0.0.0:* LISTEN 2161/netdata
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 704/dovecot
tcp 0 0 127.0.0.1:7777 0.0.0.0:* LISTEN 608/python3
tcp 0 0 127.0.0.1:7778 0.0.0.0:* LISTEN 608/python3
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 704/dovecot
tcp 0 0 127.0.0.1:7779 0.0.0.0:* LISTEN 608/python3
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 765/slapd
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 1337/amavisd-new (m
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 2135/master
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 1337/amavisd-new (m
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 526/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 2135/master
tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 1337/amavisd-new (m
tcp 0 0 127.0.0.1:10028 0.0.0.0:* LISTEN 2135/master
tcp 0 0 127.0.0.1:9998 0.0.0.0:* LISTEN 1337/amavisd-new (m
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 704/dovecot
tcp 0 0 127.0.0.1:7790 0.0.0.0:* LISTEN 461/uwsgi
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 704/dovecot
tcp 0 0 127.0.0.1:9999 0.0.0.0:* LISTEN 438/php-fpm: master
tcp 0 0 127.0.0.1:7791 0.0.0.0:* LISTEN 460/uwsgi
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 482/nginx: master p
tcp 0 0 127.0.0.1:24242 0.0.0.0:* LISTEN 704/dovecot
tcp 0 0 127.0.0.1:12340 0.0.0.0:* LISTEN 704/dovecot
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 387/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 492/sshd: /usr/sbin
tcp 0 0 127.0.0.1:24 0.0.0.0:* LISTEN 704/dovecot
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2135/master
tcp6 0 0 :::389 :::* LISTEN 765/slapd
tcp6 0 0 :::22 :::* LISTEN 492/sshd: /usr/sbin
root@mail:~#

4------------------------------

root@mail:~# curl -4 ifconfig.co
207.244.250.30

It would seem that you have properly installed only one certbot and are on the correct IP with nginx listening to ports 80 and 443:

/usr/bin/certbot
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 482/nginx: master p
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 482/nginx: master p
207.244.250.30

So... I can't yet explain why you wrote:

As it is not seen in the logs provided.
Perhaps we should rerun the command with added detail:
certbot certonly --webroot --dry-run -w /var/www/html -d mail.thesourceb2b.com -vv
[then you can repost the log file]

Hi @rg305

Thanks for your reply. I got the below result.

Dry run: Skipping creating new lineage for mail.thesourceb2b.com
Reporting to user: The dry run was successful.

IMPORTANT NOTES:

• The dry run was successful.
  root@mail:~#

i think it ran successfully. Maybe the reason was "-vv" at the end which i had missed

not likely, "-vv" doesn't affect the command in that way.
But I'm glad to see that the test run completed sucessfully

If you are ready, I would now run it without "--dry-run" to obtain a cert.

Thanks a lot @rg305 for your time to help me out.

No problem
Report back once you have tried to get a real cert.

Thanks @rg305 . I have successfully installed SSL certificate on my email server.

Thanks once again for your help

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.