Modified certificate errors - for windows exchange server


#1

I have previously isseud a lets encrypt certificate for a windows exchange server. I have made a few changes to the server and wanted to reissue a new certificate.
I used the exchance certificate request function to generate a request ‘ExchangeCert.csr’.
However when running certbot to generate te new certificate I get the error bellow.

Thanks for any help provided. Dave

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:wookie.me.uk

I ran this command:certbot --manual --csr /mnt/c/temp/ExchangeCert.csr --preferred-challenges dns certonly -m myE@mail.co.uk

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
acme.errors.UnexpectedUpdate: AuthorizationResource(uri=‘https://acme-v01.api.letsencrypt.org/acme/authz/iL4AyejZSdHYawRzkh4EYj2528OFqaUFB7-KtVUkzKw’, body=Authorization(challenges=(ChallengeBody(chall=HTTP01(token=b’\xce\x95\x11\x91@\xe3\rC\x93\x8a~\xb9j\x94\xa1t$\xbb\x926\n\xdfy1\l\xac\x82\xbc\xe0\z’), status=Status(pending), error=None, uri=‘https://acme-v01.api.letsencrypt.org/acme/challenge/iL4AyejZSdHYawRzkh4EYj2528OFqaUFB7-KtVUkzKw/4008714214’, _url=None, validated=None), ChallengeBody(chall=DNS01(token=b’\xaap(\xc1\xe3t\xf6\x02\x9e\x98\x97\xa4\xea\x192=]J\xb4\x15\x08K,\xd3\xa7>\x17\x84\x8c\x18\xfbQ’), status=Status(valid), error=None, uri=‘https://acme-v01.api.letsencrypt.org/acme/challenge/iL4AyejZSdHYawRzkh4EYj2528OFqaUFB7-KtVUkzKw/4008714215’, _url=None, validated=None)), status=Status(valid), combinations=((0,), (1,)), identifier=Identifier(typ=IdentifierType(dns), value=‘autodiscover.wookie.me.uk’), expires=datetime.datetime(2018, 4, 28, 15, 29, 7, tzinfo=)), new_cert_uri=None)
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version):

The operating system my web server runs on is (include version):
Windows server 2016

My hosting provider, if applicable, is:
namecheap.com

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Hi,

Can you please share the log file in
/var/log/letsencrypt (the recent one you have trouble to)

Thank you


#3

2018-04-11 16:02:54,459:DEBUG:certbot.main:certbot version: 0.22.2
2018-04-11 16:02:54,460:DEBUG:certbot.main:Arguments: [’–manual’, ‘–csr’, ‘/mnt/c/temp/ExchangeCert.csr’, ‘–preferred-challenges’, ‘dns’, ‘-m’, ‘meE@mail.co.uk’]
2018-04-11 16:02:54,461:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-04-11 16:02:54,475:DEBUG:certbot.log:Root logging level set at 20
2018-04-11 16:02:54,476:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-04-11 16:02:54,480:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer None
2018-04-11 16:02:54,481:DEBUG:certbot.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot.plugins.manual:Authenticator
Initialized: <certbot.plugins.manual.Authenticator object at 0x7f108690e5f8>
Prep: True
2018-04-11 16:02:54,483:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.manual.Authenticator object at 0x7f108690e5f8> and installer None
2018-04-11 16:02:54,483:INFO:certbot.plugins.selection:Plugins selected: Authenticator manual, Installer None
2018-04-11 16:02:54,518:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(uri=‘https://acme-v01.api.letsencrypt.org/acme/reg/32078823’, new_authzr_uri=‘https://acme-v01.api.letsencrypt.org/acme/new-authz’, body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f108690d898>)>), agreement=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’, terms_of_service_agreed=None, contact=(‘mailto:mtE@mail.co.uk’,), status=‘valid’), terms_of_service=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’), 024adfcede8a4a79e4a8bfd24a7e4cf7, Meta(creation_dt=datetime.datetime(2018, 3, 29, 14, 55, 1, tzinfo=), creation_host=‘Wookies.Wookies-Domain.local’))>
2018-04-11 16:02:54,520:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2018-04-11 16:02:54,523:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2018-04-11 16:02:54,851:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 658
2018-04-11 16:02:54,853:DEBUG:acme.client:Received response:
HTTP 200
Expires: Wed, 11 Apr 2018 16:02:54 GMT
Date: Wed, 11 Apr 2018 16:02:54 GMT
Content-Length: 658
Pragma: no-cache
Replay-Nonce: bO_8HeeAeP_W77sTSK89C4XBVRQAiQkq1q-strZ7R6k
Cache-Control: max-age=0, no-cache, no-store
Strict-Transport-Security: max-age=604800
Server: nginx
X-Frame-Options: DENY
Content-Type: application/json
Connection: keep-alive

b’{\n “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,\n “meta”: {\n “caaIdentities”: [\n “letsencrypt.org”\n ],\n “terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,\n “website”: “https://letsencrypt.org”\n },\n “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,\n “new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,\n “new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,\n “revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert”,\n “svLOQn6oy1k”: “Adding random entries to the directory”\n}’
2018-04-11 16:02:54,854:DEBUG:certbot.client:CSR: CSR(file=’/mnt/c/temp/ExchangeCert.csr’, data=b’-----BEGIN CERTIFICATE REQUEST-----\nMIIEazCCA1MCAQAwfTEaMBgGA1UEAwwRbWFpbC53b29raWUubWUudWsxEjAQBgNV\nBAsMCU1haWwgUm9vbTEZMBcGA1UECgwQV29va2llcyBFeGNoYW5nZTERMA8GA1UE\nBwwISG9yZmllbGQxEDAOBgNVBAgMB0JyaXN0b2wxCzAJBgNVBAYTAkdCMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLJTy5M5nl/VCzINaQEnAkv0JLCd\ncMmeDZhgEAH+a25KZV7FR4ukoFdKcacinqzy9XMWpuxYbD44g7WPRy/mqPPL+VRs\nR6qfBpvUEBwQaNLnUPoPzKa0vz9fKZG1tl3INmX4glksLoee+AsFZg6aEezGeM5T\netDCTboWQCYiL1xJa9HsUQTCz6dc4BrwulboNZ2GAMJP95YOLwdTn0nEa2kVdRs6\noVE4V7x5MWc6GGcDgEBSGqFVLslp0MGmr4sybUCd48W/f+Km59QAU7xq3hzi+kDx\nMb7uLJwfPac6h9zr/7qj6byQlgOubL01tePjZOGvGbUTz9nOxQiVwxPXvQIDAQAB\noIIBpzAaBgorBgEEAYI3DQIDMQwWCjYuMi45MjAwLjIwcgYKKwYBBAGCNw0CAjFk\nMGICAQEeWgBNAGkAYwByAG8AcwBvAGYAdAAgAFIAUwBBACAAUwBDAGgAYQBuAG4A\nZQBsACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUA\ncgMBADB9BgkrBgEEAYI3FRQxcDBuAgEFDCRFeGNoYW5nZS1TZXJ2ZXIuV29va2ll\ncy1Eb21haW4ubG9jYWwMH1dvb2tpZXMtRG9tYWluXEVYQ0hBTkdFLVNFUlZFUiQM\nIk1pY3Jvc29mdC5FeGNoYW5nZS5TZXJ2aWNlSG9zdC5leGUwgZUGCSqGSIb3DQEJ\nDjGBhzCBhDAOBgNVHQ8BAf8EBAMCBaAwRQYDVR0RBD4wPIIRbWFpbC53b29raWUu\nbWUudWuCGUF1dG9EaXNjb3Zlci53b29raWUubWUudWuCDHdvb2tpZS5tZS51azAM\nBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRMcr0nGwNWfTgoNZYUffqBuc+FcjANBgkq\nhkiG9w0BAQUFAAOCAQEASpDvl5QCPdbX+XFBFATZl0/vJpJbw5Wmx/Ri08SS2hfZ\nKN5MyerlpuCkeMPWFxPK0PJkjp+QLD2Ifw6qk7yIchVyIV/CEC5SqZkFZMzkSRMm\nK7sq8Pgx4S6+mkVYLQjRJlU7tINStvfkTWzXCkZtVzFr/b+vKLUgRTivQ7uLrkzc\niAl4O/5yjvIhwEEtm+6FJfdVoLl/t6L90jRXKX3YXvpFNf+HQLrXf6HmxZB1qvf/\nCCeBoMnlgf6oxP3K4W5YumEtVXIuAqHkcWpFeQAdpcD1iRK+nNaOIruyVSg7rgGK\nFJ9EiROBUW83JbByoDexxahl4trxyvBKEqa+U2xIWg==\n


#4

-----END CERTIFICATE REQUEST-----\n’, form=‘pem’)
2018-04-11 16:02:54,856:DEBUG:acme.client:Requesting fresh nonce
2018-04-11 16:02:54,856:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2018-04-11 16:02:55,066:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-authz HTTP/1.1” 405 0
2018-04-11 16:02:55,068:DEBUG:acme.client:Received response:
HTTP 405
Expires: Wed, 11 Apr 2018 16:02:55 GMT
Date: Wed, 11 Apr 2018 16:02:55 GMT
Content-Length: 91
Pragma: no-cache
Replay-Nonce: tSLUFQIK2wYuaRa2ar83Ji3oK6_dBLoPmWGES8XLqnA
Cache-Control: max-age=0, no-cache, no-store
Server: nginx
Allow: POST
Content-Type: application/problem+json
Connection: keep-alive

b’’
2018-04-11 16:02:55,068:DEBUG:acme.client:Storing nonce: tSLUFQIK2wYuaRa2ar83Ji3oK6_dBLoPmWGES8XLqnA
2018-04-11 16:02:55,070:DEBUG:acme.client:JWS payload:
b’{\n “resource”: “new-authz”,\n “identifier”: {\n “value”: “mail.wookie.me.uk”,\n “type”: “dns”\n }\n}’
2018-04-11 16:02:55,076:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
“signature”: “g-d6iRdtBlakzS5H03l13nkNtd13QCFM_646DvvlD0fJ40XNXjhhxqPCg3cuidzpo-j9qWvIsLqpc7Ec6wMaqb2bJ6DxbFicHKBAS3UPyzWREUdk27qxQbuxzvcW2a5IeF1wSmKSY5J74KFGXYCt36LCMzagzzIX3J4IsJCmzz_niuD90TP5hjZ0JwBish95eIOEvNvA6OmLvGL8X42qnr0zNONrpu0B_QxKWvnfS0YbISQb8U2FIloJvrMiDRbhLsWSK6uPhRk-80IZAl4-mbyGFiaIk3Lqni3nEY7gTyllU9-qKKII1mKMNfyRVsb-179C_RoAVU6FTBMfEtLNjg”,
“protected”: “eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAibiI6ICI2UHJ3dm9ReTBIQ1pqUU52Y0JuaEkyUVpRLWd1aEVRb0ctOEpJWGtFRl84RmRmTF84T0hkazBHQVZjME55cndDc2hZMjdvMjlibXZHQkdFYU13WFpobUVwY3JmRDRxX3Z5ZTk5N2lvRWJqc05OWnlhcE5wM3FaMHJvUDNsdTlBTVB6cWZXbElvXzZpVk5ZNGJzSTNBUmhrQ09lVVl5cE9KakFxZE5ld0FBLUVHNi1qZE51OTlENkpfeVBCMlVuUThPVHVjUnYwbzI3b3JhYXVnQm5WX2JXbDJFNDNmR1pRUmZSU3B2UHNBck5neUM1YzdleFZSOUsxWHZFeWczT3VNU0dqOWl6WW1ENnJrV05fYnI0N1pCMzNZZmZYMEY5UncyaDhiWHVCbFVrYnRLcktzZFQ0cVd4ZjUzWHl1b1FQMmQ4WkdRWVRvLXp5RDM1MlA3MDVjQlEiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAidFNMVUZRSUsyd1l1YVJhMmFyODNKaTNvSzZfZEJMb1BtV0dFUzhYTHFuQSJ9”,
“payload”: “ewogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLAogICJpZGVudGlmaWVyIjogewogICAgInZhbHVlIjogIm1haWwud29va2llLm1lLnVrIiwKICAgICJ0eXBlIjogImRucyIKICB9Cn0”
}
2018-04-11 16:02:55,296:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 201 934
2018-04-11 16:02:55,297:DEBUG:acme.client:Received response:
HTTP 201
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”
Expires: Wed, 11 Apr 2018 16:02:55 GMT
Pragma: no-cache
Boulder-Requester: 32078823
Date: Wed, 11 Apr 2018 16:02:55 GMT
Strict-Transport-Security: max-age=604800
Content-Type: application/json
Content-Length: 934
Cache-Control: max-age=0, no-cache, no-store
Server: nginx
Location: https://acme-v01.api.letsencrypt.org/acme/authz/1umRMkpWSFO4JZtUWvDV9bMv1WOTnVdgEPYV5Qc702Y
X-Frame-Options: DENY
Replay-Nonce: YEI7ksBhEW0E2DSOh5biMKhWLELV9CdnCmtrikxG-zQ
Connection: keep-alive

b’{\n “identifier”: {\n “type”: “dns”,\n “value”: “mail.wookie.me.uk”\n },\n “status”: “valid”,\n “expires”: “2018-04-28T15:17:11Z”,\n “challenges”: [\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/1umRMkpWSFO4JZtUWvDV9bMv1WOTnVdgEPYV5Qc702Y/4008635069”,\n “token”: “X2sr7OyHW0o6f_Ye21p9uaQd9FnbY-A0Ntwchjybn7M”\n },\n {\n “type”: “dns-01”,\n “status”: “valid”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/1umRMkpWSFO4JZtUWvDV9bMv1WOTnVdgEPYV5Qc702Y/4008635070”,\n “token”: “COlYNAhnyiDi7NoirLTsoMWD6p3U8NOqp4kePLBuUT0”,\n “keyAuthorization”: “COlYNAhnyiDi7NoirLTsoMWD6p3U8NOqp4kePLBuUT0.pU_yr3Ww9dOp2t4Fmd-WMmzd7DBQrgjaFv0vHb61q2w”,\n “validationRecord”: [\n {\n “hostname”: “mail.wookie.me.uk”\n }\n ]\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 1\n ]\n ]\n}’
2018-04-11 16:02:55,298:DEBUG:acme.client:Storing nonce: YEI7ksBhEW0E2DSOh5biMKhWLELV9CdnCmtrikxG-zQ
2018-04-11 16:02:55,299:DEBUG:acme.client:JWS payload:
b’{\n “resource”: “new-authz”,\n “identifier”: {\n “value”: “AutoDiscover.wookie.me.uk”,\n “type”: “dns”\n }\n}’
2018-04-11 16:02:55,304:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
“signature”: “XbEza9rvpGV8GfBLYZ6Ge6DKB3Jea4KOU9IxWqGyBEECUmw1oiWmv4AYwx-KgEr3Gegl2JF5J2hS6pEuwtGEsXs6HwlzTIyn2VMQc9pWBzIgnIhuoiBuq9OiPs-BQwr7PPc5wlpTeTJUhVua5L9cFfb5ftsn3bJObJQS4UNY7tQErGKV-ty8NvWV6HJKjfbNSTEhajrVziFELywi3FdcehnQZhkajcZbUkX-P046LpngyyGd3cGtG-Dt9zGtTyOJbC9HGdWUZCzhQgoGv8EniEG0fBAMjFegBNJoeNhMLn_MuCRr4onJi78mN1PXeREBGvfRMubK3cdJpDukIOFlfw”,
“protected”: “eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAibiI6ICI2UHJ3dm9ReTBIQ1pqUU52Y0JuaEkyUVpRLWd1aEVRb0ctOEpJWGtFRl84RmRmTF84T0hkazBHQVZjME55cndDc2hZMjdvMjlibXZHQkdFYU13WFpobUVwY3JmRDRxX3Z5ZTk5N2lvRWJqc05OWnlhcE5wM3FaMHJvUDNsdTlBTVB6cWZXbElvXzZpVk5ZNGJzSTNBUmhrQ09lVVl5cE9KakFxZE5ld0FBLUVHNi1qZE51OTlENkpfeVBCMlVuUThPVHVjUnYwbzI3b3JhYXVnQm5WX2JXbDJFNDNmR1pRUmZSU3B2UHNBck5neUM1YzdleFZSOUsxWHZFeWczT3VNU0dqOWl6WW1ENnJrV05fYnI0N1pCMzNZZmZYMEY5UncyaDhiWHVCbFVrYnRLcktzZFQ0cVd4ZjUzWHl1b1FQMmQ4WkdRWVRvLXp5RDM1MlA3MDVjQlEiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiWUVJN2tzQmhFVzBFMkRTT2g1YmlNS2hXTEVMVjlDZG5DbXRyaWt4Ry16USJ9”,
“payload”: “ewogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLAogICJpZGVudGlmaWVyIjogewogICAgInZhbHVlIjogIkF1dG9EaXNjb3Zlci53b29raWUubWUudWsiLAogICAgInR5cGUiOiAiZG5zIgogIH0KfQ”
}
2018-04-11 16:02:55,585:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 201 950
2018-04-11 16:02:55,586:DEBUG:acme.client:Received response:
HTTP 201
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”
Expires: Wed, 11 Apr 2018 16:02:55 GMT
Pragma: no-cache
Boulder-Requester: 32078823
Date: Wed, 11 Apr 2018 16:02:55 GMT
Strict-Transport-Security: max-age=604800
Content-Type: application/json
Content-Length: 950
Cache-Control: max-age=0, no-cache, no-store
Server: nginx
Location: https://acme-v01.api.letsencrypt.org/acme/authz/iL4AyejZSdHYawRzkh4EYj2528OFqaUFB7-KtVUkzKw
X-Frame-Options: DENY
Replay-Nonce: WIYNJI5xYB2O5N7B11xThpzuvkMqqiezMqOvG2jTTsY
Connection: keep-alive

b’{\n “identifier”: {\n “type”: “dns”,\n “value”: “autodiscover.wookie.me.uk”\n },\n “status”: “valid”,\n “expires”: “2018-04-28T15:29:07Z”,\n “challenges”: [\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/iL4AyejZSdHYawRzkh4EYj2528OFqaUFB7-KtVUkzKw/4008714214”,\n “token”: “zpURkUDjDUOTin65apShdCS7kjYK33kxXGysgrzgXHo”\n },\n {\n “type”: “dns-01”,\n “status”: “valid”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/iL4AyejZSdHYawRzkh4EYj2528OFqaUFB7-KtVUkzKw/4008714215”,\n “token”: “qnAoweN09gKemJek6hkyPV1KtBUISyzTpz4XhIwY-1E”,\n “keyAuthorization”: “qnAoweN09gKemJek6hkyPV1KtBUISyzTpz4XhIwY-1E.pU_yr3Ww9dOp2t4Fmd-WMmzd7DBQrgjaFv0vHb61q2w”,\n “validationRecord”: [\n {\n “hostname”: “autodiscover.wookie.me.uk”\n }\n ]\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 1\n ]\n ]\n}’
2018-04-11 16:02:55,586:DEBUG:acme.client:Storing nonce: WIYNJI5xYB2O5N7B11xThpzuvkMqqiezMqOvG2jTTsY
2018-04-11 16:02:55,587:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.22.2’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1266, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1144, in certonly
cert_path, fullchain_path = _csr_get_and_save_cert(config, le_client)


#5

File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1066, in _csr_get_and_save_cert
cert, chain = le_client.obtain_certificate_from_csr(csr)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 262, in obtain_certificate_from_csr
orderr = self._get_order_and_authorizations(csr.data, best_effort=False)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 326, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 776, in new_order
authorizations.append(self.client.request_domain_challenges(domain))
File “/usr/lib/python3/dist-packages/acme/client.py”, line 348, in request_domain_challenges
typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 328, in request_challenges
return self._authzr_from_response(response, identifier)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 135, in _authzr_from_response
raise errors.UnexpectedUpdate(authzr)
acme.errors.UnexpectedUpdate: AuthorizationResource(uri=‘https://acme-v01.api.letsencrypt.org/acme/authz/iL4AyejZSdHYawRzkh4EYj2528OFqaUFB7-KtVUkzKw’, body=Authorization(expires=datetime.datetime(2018, 4, 28, 15, 29, 7, tzinfo=), challenges=(ChallengeBody(chall=HTTP01(token=b’\xce\x95\x11\x91@\xe3\rC\x93\x8a~\xb9j\x94\xa1t$\xbb\x926\n\xdfy1\l\xac\x82\xbc\xe0\z’), uri=‘https://acme-v01.api.letsencrypt.org/acme/challenge/iL4AyejZSdHYawRzkh4EYj2528OFqaUFB7-KtVUkzKw/4008714214’, validated=None, _url=None, error=None, status=Status(pending)), ChallengeBody(chall=DNS01(token=b’\xaap(\xc1\xe3t\xf6\x02\x9e\x98\x97\xa4\xea\x192=]J\xb4\x15\x08K,\xd3\xa7>\x17\x84\x8c\x18\xfbQ’), uri=‘https://acme-v01.api.letsencrypt.org/acme/challenge/iL4AyejZSdHYawRzkh4EYj2528OFqaUFB7-KtVUkzKw/4008714215’, validated=None, _url=None, error=None, status=Status(valid))), identifier=Identifier(value=‘autodiscover.wookie.me.uk’, typ=IdentifierType(dns)), status=Status(valid), combinations=((0,), (1,))), new_cert_uri=None)
2018-04-11 16:02:55,592:ERROR:certbot.log:An unexpected error occurred:


#6

Here you go. Had to break it up as it wouldn’t let a new user post more than 20 links.

Thanks for looking at this for me much appreciated.


#7

@joohoi @bmw I’ve never seen this before—an UnexpectedUpdate error from inside the ACME client library. Do you happen to know how this could come about? Could it be a server-side ACME protocol bug?


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.