Need help updating acme

Is it possible to shutdown Apache just long enough to get a cert?
If so... try:

apachectl -k stop
certbot certonly --standalone -d your.mail.domain -m your.email.address
apachectl -k start

If that works, then we can get it scripted.

1 Like

In general, I got to the domain management resource, but in order to register a dns record, you have to pay a premium and it will not be known when, the certificate expires in 22 hours, maybe there are other ideas how to try to update php? a work colleague suggested updating certbot, but I doubt that it will help, because he swears on acme

I would concern myself with obtaining a new cert before looking for:

Have you read my previous post?

I started updating in a week, but all week I was trying to eliminate obstacles preventing the renewal of the certificate, I saw the previous post, the Apache was not running, so the method did not work

Please show the failure.
Including log entries.

I still see Apache running:

curl -Iki mail.ivanovoobl.ru
HTTP/1.1 403 Forbidden
Date: Fri, 30 Jul 2021 18:04:26 GMT
Server: Apache/2.4.10 (Debian)
Content-Type: text/html; charset=iso-8859-1

certbot certonly --standalone -d mail.ivanovoobl.ru -m it@ivanovoobl.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
The server experienced an internal error :: ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so. Visit End of Life Plan for ACMEv1 - #27 by jillian for more information.
Please see the logfiles in /var/log/letsencrypt for more details.

Ok I see the problem now:

Have you tried using any other ACME client?

a colleague tried to install getssl, but there were also errors, unfortunately there are no logs, it was a couple of days ago, the best option would be to update php, but always writes a 404 error when executing the apt update command after adding the repository

That is the agreed LONG-TERM solution.
You need a very quick short-term solution (NOW).
I propose that you try: acme.sh
OR any other ACME client.
[at least to just get a valid cert quickly]

can you throw off the simplest manual? experience is not enough

I would start by installing acme.sh
See: Home · acmesh-official/acme.sh Wiki · GitHub
If that works, then we can proceed quickly from there.

what do you think about updating certbot won't help?

How would you update certbot?
Compile the source code?

It doesn't seem like anyone tried to install certbot with pip. that should work.

pypi still has python2 compatible certbot versions. i don't remember when certbot went py3 only, but it was long after acme v2 support.

edit: pypi uses the trove classifiers to respond to pip installs. when invoked under python2, pip should install the latest certbot that claimed to be python2 compatible.

1 Like

I'm trying to put acme.sh asked to put socat after I issued
Â

mail.ivanovoobl.ru:Timeout
[Пт июл 30 23:20:09 MSK 2021] Please add '--debug' or '--log' to check more details.
[Пт июл 30 23:20:09 MSK 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

I only asked for you to install acme.sh.
ONLY INSTALL
Is it installed?
Please show:
sudo /root/.acme.sh/acme.sh version

/root/.acme.sh/acme.sh version

v3.0.0

Perfect, now you have an ACMEv2 compatible client installed.
Now lets try to use it to get the cert you need...

We will replace this certbot plan with acme.sh

Try:

apachectl -k stop
/root/.acme.sh/acme.sh --issue --standalone -d your.mail.domain -m your.email.address
apachectl -k start

apachectl -k stop
httpd (no pid file) not running
/root/.acme.sh/acme.sh --issue --standalone -d mail.ivanovoobl.ru -m it@ivanovoobl.ru
[Сб июл 31 00:11:25 MSK 2021] Using CA: https://acme.zerossl.com/v2/DV90
[Сб июл 31 00:11:25 MSK 2021] Standalone mode.
[Сб июл 31 00:11:25 MSK 2021] Single domain='mail.ivanovoobl.ru'
[Сб июл 31 00:11:25 MSK 2021] Getting domain auth token for each domain
[Сб июл 31 00:11:28 MSK 2021] Getting webroot for domain='mail.ivanovoobl.ru'
[Сб июл 31 00:11:28 MSK 2021] Verifying: mail.ivanovoobl.ru
[Сб июл 31 00:11:28 MSK 2021] Standalone mode server
[Сб июл 31 00:11:29 MSK 2021] Processing, The CA is processing your order, please just wait. (1/30)
[Сб июл 31 00:11:32 MSK 2021] Processing, The CA is processing your order, please just wait. (2/30)
[Сб июл 31 00:11:35 MSK 2021] Processing, The CA is processing your order, please just wait. (3/30)
[Сб июл 31 00:11:38 MSK 2021] Processing, The CA is processing your order, please just wait. (4/30)
[Сб июл 31 00:11:41 MSK 2021] Processing, The CA is processing your order, please just wait. (5/30)
[Сб июл 31 00:11:43 MSK 2021] Processing, The CA is processing your order, please just wait. (6/30)
[Сб июл 31 00:11:46 MSK 2021] Processing, The CA is processing your order, please just wait. (7/30)
[Сб июл 31 00:11:49 MSK 2021] Processing, The CA is processing your order, please just wait. (8/30)
[Сб июл 31 00:11:52 MSK 2021] Processing, The CA is processing your order, please just wait. (9/30)
[Сб июл 31 00:11:55 MSK 2021] Processing, The CA is processing your order, please just wait. (10/30)
[Сб июл 31 00:11:58 MSK 2021] Processing, The CA is processing your order, please just wait. (11/30)
[Сб июл 31 00:12:01 MSK 2021] Processing, The CA is processing your order, please just wait. (12/30)
[Сб июл 31 00:12:03 MSK 2021] Processing, The CA is processing your order, please just wait. (13/30)
[Сб июл 31 00:12:06 MSK 2021] Processing, The CA is processing your order, please just wait. (14/30)
[Сб июл 31 00:12:09 MSK 2021] Processing, The CA is processing your order, please just wait. (15/30)
[Сб июл 31 00:12:12 MSK 2021] Processing, The CA is processing your order, please just wait. (16/30)
[Сб июл 31 00:12:14 MSK 2021] Processing, The CA is processing your order, please just wait. (17/30)
[Сб июл 31 00:12:17 MSK 2021] Processing, The CA is processing your order, please just wait. (18/30)
[Сб июл 31 00:12:20 MSK 2021] Processing, The CA is processing your order, please just wait. (19/30)
[Сб июл 31 00:12:23 MSK 2021] Processing, The CA is processing your order, please just wait. (20/30)
[Сб июл 31 00:12:26 MSK 2021] Processing, The CA is processing your order, please just wait. (21/30)
[Сб июл 31 00:12:29 MSK 2021] Processing, The CA is processing your order, please just wait. (22/30)
[Сб июл 31 00:12:31 MSK 2021] Processing, The CA is processing your order, please just wait. (23/30)
[Сб июл 31 00:12:34 MSK 2021] Processing, The CA is processing your order, please just wait. (24/30)
[Сб июл 31 00:12:37 MSK 2021] Processing, The CA is processing your order, please just wait. (25/30)
[Сб июл 31 00:12:40 MSK 2021] Processing, The CA is processing your order, please just wait. (26/30)
[Сб июл 31 00:12:42 MSK 2021] Processing, The CA is processing your order, please just wait. (27/30)
[Сб июл 31 00:12:45 MSK 2021] Processing, The CA is processing your order, please just wait. (28/30)
[Сб июл 31 00:12:48 MSK 2021] Processing, The CA is processing your order, please just wait. (29/30)
[Сб июл 31 00:12:51 MSK 2021] mail.ivanovoobl.ru:Timeout
[Сб июл 31 00:12:51 MSK 2021] Please add '--debug' or '--log' to check more details.
[Сб июл 31 00:12:51 MSK 2021] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

Apache did not stop?
[it must first stop]
How do you stop Apache?