Letsencrypt-auto revoke returns "AssertionError" without details

qwerted · July 18, 2017, 8:07pm

Please fill out the fields below so we can help you better.

My domain is:
myfixes.ru
www.myfixes.ru
I ran this command:
./letsencrypt-auto revoke -d myfixes.ru -d www.myfixes.ru --cert-path /etc/letsencrypt.backup/live/myfixes.ru/cert.pem --key-path /home//.ssh/id_rsa
It produced this output:
An unexpected error occurred:
AssertionError
Please see the logfiles in /var/log/letsencrypt for more details.

last lines of /var/log/letsencrypt/letsencrypt.log:
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 743, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 573, in revoke
acme.revoke(jose.ComparableX509(cert), config.reason)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 498, in revoke
content_type=None)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 682, in post
return self._post_once(*args, **kwargs)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 691, in _post_once
data = self._wrap_in_jws(obj, self._get_nonce(url))
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 543, in _wrap_in_jws
nonce=nonce).json_dumps(indent=2)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jws.py”, line 54, in sign
include_jwk=include_jwk)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/jws.py”, line 272, in sign
cls.signature_cls.sign(payload=payload, **kwargs),))
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/jws.py”, line 213, in sign
assert isinstance(key, alg.kty)
AssertionError

My web server is (include version):
apache 2.4.18-2ubuntu3.1
The operating system my web server runs on is (include version):
Ubuntu 16.04.1 LTS
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

mnordhoff · July 19, 2017, 4:24am

For what it’s worth, i get a different error when running a similar command. (I get a reasonable error message, rather than a weird traceback.)

I don’t know what’s going on with your assertion failure, but…

When was the certificate issued? What site is it for? myfixes.ru? According to crt.sh, which may have data couple hours old, the last certificate for myfixes.ru has already expired, meaning that revoking it is unnecessary (it’s already invalid) and probably not possible. And no certificates have been issued for www.myfixes.ru.

Does that SSH private key really match the certificate? The certificate should have a unique private key, stored at /etc/letsencrypt.backup/live/myfixes.ru/privkey.pem. A different one won’t work. (Though you can revoke without the private key.)

Also, certbot revoke probably ignores -d arguments. It revokes whole certificates, not specific names, so it doesn’t need them.

Are you sure Certbot is up-to-date?

What’s in /var/log/letsencrypt/letsencrypt.log?

What are you trying to do? Why do you want to revoke that certificate?

Edit: Typo.

ahaw021 · July 20, 2017, 11:24am

hi @qwerted

I would suggest review the revoke syntax: https://certbot.eff.org/docs/using.html#revoking-certificates

Specifically what parameters need to be passed.

Andrei

system · August 19, 2017, 11:24am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.