Help updating from ACME TLS-SNI-01 domain validation


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://stegrainer.com

I ran this command: sudo certbot renew --dry-run (after updating certbot)

It produced this output:


Processing /etc/letsencrypt/renewal/stegrainer.com-0001.conf


Cert not due for renewal, but simulating renewal for dry run

Plugins selected: Authenticator apache, Installer apache

Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org

Renewing an existing certificate

Attempting to renew cert (stegrainer.com-0001) from /etc/letsencrypt/renewal/stegrainer.com.conf produced an unexpected error: Deserialization error: Could not decode ‘status’ (‘ready’): Deserialization error: Status not recognized. Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/stegrainer.com/fullchain.pem (failure)

My web server is (include version): Apache/2.4.18

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I ran a certbot dry-run before updating (because I have LE certs on multiple domains across a couple different servers and the email I got warning me about ACME TLS didn’t specify which domain(s) it was. When I ran the dry-run originally, I didn’t get any errors.

I found instructions in another thread to update certbot from the EFF site and ran through those. All the updates seemed to work properly, but when I ran the dry-run again, I got the above error. Any thoughts? I set up Let’s Encrypt on this domain several years ago so I honestly don’t remember how I set it up at the time.


#2

Hi @stegrainer

the status “ready” is from summer 2018:

So if your certbot doesn’t understand this status, your certbot is too old.

What says

certbot --version

#3

The version said 0.22.2. I followed the instructions on this site:

Those instructions only specified installing python-certbot-apache. Once I installed certbot itself, everything ran fine.


#4

Are your packages up-to-date?

sudo apt-get update
sudo apt-get upgrade

If necessary:

sudo apt-get dist-upgrade

closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.