Issue running Certbot on openSuSE 15.1

I ran this command:
sudo certbot --apache

It produced this output:
2020-08-17 12:48:11,257:DEBUG:certbot._internal.main:certbot version: 1.0.0
2020-08-17 12:48:11,260:DEBUG:certbot._internal.main:Arguments: [’–apache’]
2020-08-17 12:48:11,262:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-08-17 12:48:11,295:DEBUG:certbot._internal.log:Root logging level set at 20
2020-08-17 12:48:11,298:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-08-17 12:48:11,299:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2020-08-17 12:48:11,438:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.33
2020-08-17 12:48:12,548:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_suse.OpenSUSEConfigurator object at 0x7f31e714e6d8>
Prep: True
2020-08-17 12:48:12,551:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_suse.OpenSUSEConfigurator object at 0x7f31e714e6d8> and installer <certbot_apache._internal.override_suse.OpenSUSEConfigurator object at 0x7f31e714e6d8>
2020-08-17 12:48:12,551:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2020-08-17 12:48:22,490:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-08-17 12:48:22,496:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-08-17 12:48:22,529:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==1.0.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3.6/site-packages/certbot/main.py”, line 14, in main
return internal_main.main(cli_args)
File “/usr/lib/python3.6/site-packages/certbot/_internal/main.py”, line 1350, in main
return config.func(config, plugins)
File “/usr/lib/python3.6/site-packages/certbot/_internal/main.py”, line 1097, in run
le_client = _init_le_client(config, authenticator, installer)
File “/usr/lib/python3.6/site-packages/certbot/_internal/main.py”, line 607, in _init_le_client
acc, acme = _determine_account(config)
File “/usr/lib/python3.6/site-packages/certbot/_internal/main.py”, line 523, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File “/usr/lib/python3.6/site-packages/certbot/_internal/client.py”, line 175, in register
acme = acme_from_config_key(config, key)
File “/usr/lib/python3.6/site-packages/certbot/_internal/client.py”, line 45, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File “/usr/lib/python3.6/site-packages/acme/client.py”, line 827, in init
directory = messages.Directory.from_json(net.get(server).json())
File “/usr/lib/python3.6/site-packages/acme/client.py”, line 1158, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python3.6/site-packages/acme/client.py”, line 1107, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python3.6/site-packages/requests/sessions.py”, line 533, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python3.6/site-packages/requests/sessions.py”, line 646, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python3.6/site-packages/requests/adapters.py”, line 449, in send
timeout=timeout
File “/usr/lib/python3.6/site-packages/urllib3/connectionpool.py”, line 600, in urlopen
chunked=chunked)
File “/usr/lib/python3.6/site-packages/urllib3/connectionpool.py”, line 343, in _make_request
self._validate_conn(conn)
File “/usr/lib/python3.6/site-packages/urllib3/connectionpool.py”, line 839, in validate_conn
conn.connect()
File “/usr/lib/python3.6/site-packages/urllib3/connection.py”, line 344, in connect
ssl_context=context)
File "/usr/lib/python3.6/site-packages/urllib3/util/ssl
.py", line 319, in ssl_wrap_socket
context.load_verify_locations(ca_certs, ca_cert_dir)
File “/usr/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py”, line 428, in load_verify_locations
self._ctx.load_verify_locations(cafile, capath)
File “/usr/lib/python3.6/site-packages/OpenSSL/SSL.py”, line 775, in load_verify_locations
_raise_current_error()
File “/usr/lib/python3.6/site-packages/OpenSSL/_util.py”, line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error:
2020-08-17 12:48:22,544:ERROR:certbot._internal.log:An unexpected error occurred:

My web server is (include version):
apache2 -2.4.33

The operating system my web server runs on is (include version):
openSuSE 15.1

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.0.0

Thanks

Is that really how the error appears in /var/log/letsencrypt/letsencrypt.log?

Seems that the error has something to do with OpenSSL loading your trusted CA certificates off the filesystem, but the cause of the error is obscured.

Certbot seems to work fine on a fresh 15.1 system, so I think we need help from your logs.

Also, does this work on your system?

curl -I https://acme-v02.api.letsencrypt.org/directory

Thanks for the reply.

That is how the error appears… I’ve copied it straight out.

curl -I https://acme-v02.api.letsencrypt.org/directory

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I hope that helps…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.