LE renewal error apache2, ubuntu 16.04 LTS

poliman · August 22, 2018, 10:23am

My web server is (include version): apache2 2.4.34

The operating system my web server runs on is (include version): Ubuntu 16.04.5 LTS, 4.4.0-131-generic

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ISPConfig3 3.1.13

I try enable le cert for domain but in logs I get:
2018-08-22 08:51:03,726:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/letsencrypt”, line 9, in
load_entry_point(‘letsencrypt==0.4.1’, ‘console_scripts’, ‘letsencrypt’)()
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 1986, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 689, in obtain_cert
le_client = _init_le_client(config, authenticator, installer)
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 206, in _init_le_client
acc, acme = _determine_account(config)
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 191, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File “/usr/lib/python2.7/dist-packages/letsencrypt/client.py”, line 116, in register
acme = acme_from_config_key(config, key)
File “/usr/lib/python2.7/dist-packages/letsencrypt/client.py”, line 41, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 63, in init
self.net.get(directory).json())
File “/usr/lib/python2.7/dist-packages/acme/messages.py”, line 169, in from_json
raise jose.DeserializationError(str(error))
DeserializationError: Deserialization error: Wrong directory fields

I have find topic Let’s Encrypt Renewal error in Apache2 Ubuntu 16.0.4 but doing “sudo apt-get install python-letsencrypt-apache” gives:
root@s1:# apt-get install python-letsencrypt-apache
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
augeas-lenses libaugeas0 python-augeas
Suggested packages:
augeas-doc augeas-tools
The following NEW packages will be installed:
augeas-lenses libaugeas0 python-augeas python-letsencrypt-apache
0 upgraded, 4 newly installed, 0 to remove and 1 not upgraded.
Need to get 471 kB of archives.
After this operation, 2,300 kB of additional disk space will be used.
Do you want to continue? [Y/n]

I tried check certbot version but without success using command from docs: certbot --version.

rg305 · August 22, 2018, 10:50am

Try this:

(https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache.html)

poliman · August 22, 2018, 11:30am

I have checked earlier these commands but as I posted earlier, executing “sudo apt-get install python-letsencrypt-apache” gives:
root@s1:# apt-get install python-letsencrypt-apache
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
augeas-lenses libaugeas0 python-augeas
Suggested packages:
augeas-doc augeas-tools
The following NEW packages will be installed:
augeas-lenses libaugeas0 python-augeas python-letsencrypt-apache
0 upgraded, 4 newly installed, 0 to remove and 1 not upgraded.
Need to get 471 kB of archives.
After this operation, 2,300 kB of additional disk space will be used.
Do you want to continue? [Y/n]

I have letsencrypt and it worked until last days.

mnordhoff · August 22, 2018, 5:12pm

I’m confused. Is letsencrypt 0.4.1 really expected to fail?

In any case, if you want to upgrade, try “apt full-upgrade”.

rg305 · August 22, 2018, 10:05pm

The instructions show:
python-certbot-apache
among other things...

poliman · August 23, 2018, 5:18am

Yes, it looks like something broken with letsencrypt. I wasn’t able to check version etc. BUT I resolved the problem basing on the informations from Upgrading older letsencrypt to certbot. I just do:
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache

Letsencrypt client wasn’t removed but updated and in /usr/bin was created certbot file and symlink letsencrypt --> certbot (earlier was just letsencrypt as file). Now, when I do “certbot --version”, I have nice output: certbot 0.26.1.
And the most important thing - ISP is not broken after this update. I still can issue LE certs using this panel, each cert already issued is in this same place /etc/letsencrypt.

PS
@rg305 you have right that there is difference but in other thread I saw somebody get advice to use “apt-get install python-letsencrypt-apache” to check version of letsencrypt client. In my case output was like in my first post.

system · September 22, 2018, 5:18am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.