Migrating from old letsencrypt to new certbot at UBUNTU

ppKrauss · March 15, 2017, 11:12am

My decision was to abandon (the old and problematic) letsencript and adopt the new certbot (see use of PPA below)… It is a kind of migration. At this moment my old letsencrypt DNS CAA certificates expired (=no) and rest (trusted=yes) will expire in few days.

In this context, ideal is to maintain certificates, only renew it. The simplest standard procedure sudo certbot renew fails,

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/xxxxx.org.conf
-------------------------------------------------------------------------------
Renewal configuration file /etc/letsencrypt/renewal/xxxxx.org.conf 
 produced an unexpected error: 
 'Namespace' object has no attribute 'apache_enmod'. Skipping.

No renewals were attempted.

Additionally, the following renewal configuration files were invalid: 
  /etc/letsencrypt/renewal/xxxxx.org.conf (parsefail)
0 renew failure(s), 1 parse failure(s)

What the correct procedure?

As I say, “ideal is to maintain certificates”… if impossible, other solution (?) is completely-reinstall-lets-encrypt-delete, but the context here is different and I can’t wayt more than 1 day to renew.

History

There are some problems with certbot at standard UBUNTU, but finally I am using “all standard and secure” with certbot,

supposing Certbot PPA (semi-official) will be official.
supposing “could be used with some caution” is today “no problem”, so using this endorsement.

----yellowtown.org.conf.txt (2.5 KB)

schoen · March 15, 2017, 6:57pm

Can you post the contents of the .conf file that failed to parse? It might be possible to edit that and remove some of the extraneous information; then it will probably work correctly.

ppKrauss · March 15, 2017, 8:01pm

Hi @schoen, thanks the help. Ok, I posted the contents, see yellowtown.org.conf.txt.

schoen · March 15, 2017, 9:20pm

Cool. This does seem to be a problem of a renewal configuration file created with one version and used with another. Could you try replacing it with this version? I tried to remove the items that would be unnecessary.

yellowtown.org.conf.txt (383 Bytes)

Nos últimos dias apareceram várias pessoas no fórum pedindo ajuda com seus sites hospedados no Brasil. Tem alguma idéia porque a índice de problemas (e, imagino, de uso) de Let’s Encrypt surgiu ultimamente? Aconteceu algo importante em relação ao HTTPS no Brasil?

ppKrauss · March 16, 2017, 11:28am

Thanks @schoen! You simpliyed a lot the .conf file, this is a good tip for others that need to migrate. Now is running. Migration complete!

About Brazilians using (good!), is interesting to check statistics of new domains, and history of average prices of traditional HTTPS services… Only a guess… If new domains, current recession enforced unemployed people to be freelance, so they buy a domain, that is the cheapest way to build a brand… By other hand, “corruption perception” in our telecommunications-industry (scandals in the current recession) also make migration from payed to HTTPS free services, not make sense use “secure services” from corrupt big-companies

We can help all new Brazilians, by a Fast Guide, and I can translate it to portuguese (pt-BR).

system · April 15, 2017, 11:28am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.